Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payload 94.75 (4).225.exe

Overview

General Information

Sample name:Payload 94.75 (4).225.exe
Analysis ID:1547868
MD5:987a79c800f109491dcbfbc589f940f2
SHA1:d0a7eedc6b908ffc728f287036696fd0688436f7
SHA256:07457423012b530efe135d313c7c3d509c0ec8f13dacd5751ddfce7c311182c7
Tags:94-75-225-81exeuser-JAMESWT_MHT
Infos:

Detection

Kronos, Strela Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected Kronos e-Banking malware
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Kronos
Yara detected Strela Stealer
AI detected suspicious sample
Contains functionality to detect sleep reduction / modifications
Contains functionality to register a low level keyboard hook
Found API chain indicative of debugger detection
Found Tor onion address
Found evasive API chain (may execute only if attached device has certain properties)
Found evasive API chain (may stop execution after checking system information)
Installs a global keyboard hook
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries disk information (often used to detect virtual machines)
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • Payload 94.75 (4).225.exe (PID: 7288 cmdline: "C:\Users\user\Desktop\Payload 94.75 (4).225.exe" MD5: 987A79C800F109491DCBFBC589F940F2)
    • GetX64BTIT.exe (PID: 7708 cmdline: "C:\Users\user~1\AppData\Local\Temp\GetX64BTIT.exe" MD5: B4CD27F2B37665F51EB9FE685EC1D373)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
KronosKronos malware is a sophisticated banking Trojan that first emerged in 2014. It is designed to target financial institutions and steal sensitive banking information. The malware is primarily spread through phishing campaigns and exploit kits. Once installed on a victim's computer, Kronos can capture login credentials, credit card details, and other personal information by keylogging and form grabbing techniques. It can also bypass security measures such as two-factor authentication. Kronos employs advanced evasion techniques to avoid detection by antivirus software and actively updates itself to evade security patches. It has been known to target a wide range of banking systems and has affected numerous organizations worldwide. The malware continues to evolve, making it a significant threat to online banking security.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.kronos
No configs have been found
SourceRuleDescriptionAuthorStrings
00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Kronos_cdd2e2c5Strings used by the Kronos banking trojan and variants.unknown
  • 0x1ca8:$a1: data_inject
  • 0x422e8:$a1: data_inject
  • 0x1c78:$a2: set_filter
  • 0x42318:$a2: set_filter
  • 0x1c70:$a3: set_url
  • 0x42324:$a3: set_url
  • 0x1d0c:$a4: %ws\%ws.cfg
  • 0x29a0:$a5: D7T1H5F0F5A4C6S3
  • 0x1d50:$a6: [DELETE]
  • 0x3bc8:$a7: Kronos
00000000.00000002.2509245363.0000000005340000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Kronos_cdd2e2c5Strings used by the Kronos banking trojan and variants.unknown
  • 0x47c38:$a1: data_inject
  • 0x88278:$a1: data_inject
  • 0x47c08:$a2: set_filter
  • 0x882a8:$a2: set_filter
  • 0x47c00:$a3: set_url
  • 0x882b4:$a3: set_url
  • 0x47c9c:$a4: %ws\%ws.cfg
  • 0x48930:$a5: D7T1H5F0F5A4C6S3
  • 0x47ce0:$a6: [DELETE]
  • 0x49b58:$a7: Kronos
00000000.00000002.2509423119.00000000053E9000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x11f8:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
Process Memory Space: Payload 94.75 (4).225.exe PID: 7288JoeSecurity_StrelaStealerYara detected Strela StealerJoe Security
    Click to see the 2 entries
    SourceRuleDescriptionAuthorStrings
    0.2.Payload 94.75 (4).225.exe.5830000.3.unpackWindows_Trojan_Kronos_cdd2e2c5Strings used by the Kronos banking trojan and variants.unknown
    • 0x46a38:$a1: data_inject
    • 0x87078:$a1: data_inject
    • 0x46a08:$a2: set_filter
    • 0x870a8:$a2: set_filter
    • 0x46a00:$a3: set_url
    • 0x870b4:$a3: set_url
    • 0x46a9c:$a4: %ws\%ws.cfg
    • 0x47730:$a5: D7T1H5F0F5A4C6S3
    • 0x46ae0:$a6: [DELETE]
    • 0x48958:$a7: Kronos
    0.2.Payload 94.75 (4).225.exe.5830000.3.raw.unpackWindows_Trojan_Kronos_cdd2e2c5Strings used by the Kronos banking trojan and variants.unknown
    • 0x47c38:$a1: data_inject
    • 0x88278:$a1: data_inject
    • 0x47c08:$a2: set_filter
    • 0x882a8:$a2: set_filter
    • 0x47c00:$a3: set_url
    • 0x882b4:$a3: set_url
    • 0x47c9c:$a4: %ws\%ws.cfg
    • 0x48930:$a5: D7T1H5F0F5A4C6S3
    • 0x47ce0:$a6: [DELETE]
    • 0x49b58:$a7: Kronos

    System Summary

    barindex
    Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\GetX64BTIT.exe", CommandLine: "C:\Users\user~1\AppData\Local\Temp\GetX64BTIT.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\GetX64BTIT.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\GetX64BTIT.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\GetX64BTIT.exe, ParentCommandLine: "C:\Users\user\Desktop\Payload 94.75 (4).225.exe", ParentImage: C:\Users\user\Desktop\Payload 94.75 (4).225.exe, ParentProcessId: 7288, ParentProcessName: Payload 94.75 (4).225.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\GetX64BTIT.exe", ProcessId: 7708, ProcessName: GetX64BTIT.exe
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-03T09:36:21.698063+010020229301A Network Trojan was detected20.12.23.50443192.168.2.749758TCP
    2024-11-03T09:36:55.887071+010020229301A Network Trojan was detected20.12.23.50443192.168.2.761161TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.749701216.218.219.4180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.761245193.23.244.24480TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.76121645.66.35.1180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.761248216.218.219.4180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.76126045.66.35.1180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.74979245.66.35.1180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.74972945.66.35.1180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.76124645.66.35.1180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.761262193.23.244.24480TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.761148193.23.244.24480TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.761253216.218.219.4180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.761243193.23.244.24480TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.749704193.23.244.24480TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.76108845.66.35.1180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.761242193.23.244.24480TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.761261193.23.244.24480TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.761241193.23.244.24480TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.74971745.66.35.1180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.749723216.218.219.4180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.761258193.23.244.24480TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.76124445.66.35.1180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.74970245.66.35.1180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.749711193.23.244.24480TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.749705193.23.244.24480TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.76115545.66.35.1180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.76125945.66.35.1180TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.761247193.23.244.24480TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.749699131.188.40.18980TCP
    2024-11-03T09:35:57.678292+010028033053Unknown Traffic192.168.2.761263216.218.219.4180TCP
    2024-11-03T09:36:06.777667+010028033053Unknown Traffic192.168.2.749700104.26.12.205443TCP

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: Payload 94.75 (4).225.exeAvira: detected
    Source: C:\Users\user\AppData\Local\Temp\GetX64BTIT.exeReversingLabs: Detection: 57%
    Source: Payload 94.75 (4).225.exeVirustotal: Detection: 76%Perma Link
    Source: Payload 94.75 (4).225.exeReversingLabs: Detection: 89%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Source: Payload 94.75 (4).225.exeJoe Sandbox ML: detected
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0586FB3A CryptAcquireContextA,CryptAcquireContextA,0_2_0586FB3A
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058715A9 CryptSetKeyParam,0_2_058715A9
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05871554 CryptDecodeObject,0_2_05871554
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058714C9 CryptEncrypt,0_2_058714C9
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058644D3 __fprintf_l,__fprintf_l,__fprintf_l,__fprintf_l,CryptUnprotectData,memcpy,LocalFree,0_2_058644D3
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058724F5 CryptDuplicateHash,0_2_058724F5
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05857418 lstrlenW,CryptUnprotectData,memcpy,memcpy,memcpy,memcpy,LocalFree,0_2_05857418
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0586E7F4 CryptHashData,0_2_0586E7F4
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0586D70C CryptDestroyKey,0_2_0586D70C
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058726D1 CryptExportKey,0_2_058726D1
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058726F9 CryptImportKey,0_2_058726F9
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05871004 CryptImportKey,0_2_05871004
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05871032 CryptImportKey,0_2_05871032
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0587338C CryptGetHashParam,0_2_0587338C
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058733DA CryptImportKey,CryptCreateHash,CryptSetHashParam,0_2_058733DA
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05871317 CryptDestroyKey,CryptDestroyKey,CryptDestroyKey,0_2_05871317
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05857317 CryptAcquireContextW,CryptCreateHash,wcslen,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,lstrcmpW,0_2_05857317
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0585631E CryptUnprotectData,LocalFree,memcpy,0_2_0585631E
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0587129C CryptEncrypt,0_2_0587129C
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058722AE CryptDestroyKey,CryptDestroyKey,0_2_058722AE
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05873249 CryptDestroyHash,0_2_05873249
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0587325E CryptDestroyKey,0_2_0587325E
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05872D0A CryptDestroyKey,0_2_05872D0A
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0586DF9B CryptCreateHash,0_2_0586DF9B
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05871EB3 CryptStringToBinaryA,0_2_05871EB3
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0586BED3 CryptGenRandom,0_2_0586BED3
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05871ED9 CryptBinaryToStringA,0_2_05871ED9
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05864995 __fprintf_l,__fprintf_l,CryptUnprotectData,memcpy,LocalFree,__fprintf_l,__fprintf_l,strlen,strlen,strlen,strlen,strcpy,strcpy,strcpy,strcpy,0_2_05864995
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05872BE4 CryptDestroyKey,0_2_05872BE4
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0586FB10 CryptReleaseContext,CryptReleaseContext,0_2_0586FB10
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0586DABA CryptGetHashParam,0_2_0586DABA
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.2374784042.0000000008CC3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN RSA PUBLIC KEY-----memstr_356989e1-0
    Source: Payload 94.75 (4).225.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.7:49700 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.247.74.27:443 -> 192.168.2.7:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.129.64.145:443 -> 192.168.2.7:49798 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 94.143.137.213:443 -> 192.168.2.7:61094 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 51.15.96.2:443 -> 192.168.2.7:61162 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 129.150.56.220:443 -> 192.168.2.7:61223 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.225.226.182:443 -> 192.168.2.7:61249 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 45.94.31.29:443 -> 192.168.2.7:61254 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 158.69.205.247:443 -> 192.168.2.7:61264 version: TLS 1.2
    Source: Binary string: wininet.pdb source: Payload 94.75 (4).225.exe, 00000000.00000003.1270589700.00000000072D5000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2510431983.0000000007731000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: C:\Users\yvanhom\Desktop\Summary\mini-tor\mini-tor\bin\Release\x64\GetX64BTIT.pdb source: GetX64BTIT.exe, 00000007.00000002.1278249107.00007FF688412000.00000002.00000001.01000000.00000005.sdmp, GetX64BTIT.exe, 00000007.00000000.1276168039.00007FF688412000.00000002.00000001.01000000.00000005.sdmp, GetX64BTIT.exe.0.dr
    Source: Binary string: wntdll.pdbUGP source: Payload 94.75 (4).225.exe, 00000000.00000003.1262903572.0000000007480000.00000040.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1262721780.00000000072D5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wntdll.pdb source: Payload 94.75 (4).225.exe, 00000000.00000003.1262903572.0000000007480000.00000040.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1262721780.00000000072D5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wininet.pdbUGP source: Payload 94.75 (4).225.exe, 00000000.00000003.1270589700.00000000072D5000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2510431983.0000000007731000.00000040.00001000.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058625CF lstrcatA,memset,lstrcpyA,lstrcpyA,lstrcatA,lstrcatA,GetLastError,FindFirstFileA,memset,lstrcpyA,lstrcatA,lstrcatA,memset,lstrcpyA,lstrcatA,lstrcatA,lstrcmpA,lstrcmpA,GetLastError,CopyFileA,FindNextFileA,0_2_058625CF
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05858093 FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,DeleteFileW,GetLastError,memcpy,CreateThread,CloseHandle,FindNextFileW,FindClose,0_2_05858093
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058582BA memset,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,FindNextFileW,CloseHandle,0_2_058582BA
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05858225 memset,FindFirstFileW,FindNextFileW,CloseHandle,0_2_05858225
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05853C41 lstrcpyW,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcatW,lstrcatW,FindNextFileW,DeleteFileW,FindClose,0_2_05853C41

    Networking

    barindex
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1323338580.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1323338580.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: BOThttp://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000002.2509490680.00000000054A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m3r7ifpzkdix4rf5.onion/kpanel/connect.php?a=29
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1301378539.0000000005999000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1301378539.0000000005999000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: BOThttp://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000002.2510062995.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000002.2510062995.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: BOThttp://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1274637887.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1274637887.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: BOThttp://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.2374639449.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.2374639449.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: BOThttp://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1297953284.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1297953284.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: BOThttp://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1774404586.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1774404586.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: BOThttp://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: global trafficTCP traffic: 192.168.2.7:49780 -> 129.6.15.28:13
    Source: global trafficTCP traffic: 192.168.2.7:49790 -> 132.163.96.1:13
    Source: global trafficTCP traffic: 192.168.2.7:61252 -> 132.163.97.2:13
    Source: global trafficHTTP traffic detected: GET / HTTP/1.0Host: api.ipify.org
    Source: global trafficHTTP traffic detected: GET /tor/status-vote/current/consensus HTTP/1.0Host: 131.188.40.189Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/39c2201ae58f7ef3f6bf2c8a1bb5630abf06fbf9 HTTP/1.0Host: 216.218.219.41Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/39c2201ae58f7ef3f6bf2c8a1bb5630abf06fbf9 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/39c2201ae58f7ef3f6bf2c8a1bb5630abf06fbf9 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/e2f67eec1c8cd17d17d309b63986ea6cbd18ea20 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/e2f67eec1c8cd17d17d309b63986ea6cbd18ea20 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/e2f67eec1c8cd17d17d309b63986ea6cbd18ea20 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/4bfc9c631a93ff4ba3aa84bc6931b4310c38a263 HTTP/1.0Host: 216.218.219.41Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/6c143720fff8469ef6a5c5b4066366340cf6c0d1 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/bc97dbf322e999ee1ff0fa1ff433dc1432757415 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4d HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/56344dee34d3343090d00ad88ce2d58b50712c81 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/56344dee34d3343090d00ad88ce2d58b50712c81 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/1934cd4c10d261285a7ec042468d521f82c282c3 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/d902fc5803124514d6812910ca0ebc833c86c1b2 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/d902fc5803124514d6812910ca0ebc833c86c1b2 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/d902fc5803124514d6812910ca0ebc833c86c1b2 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/6b0be2e6cddaf3521c2c02c42bac1d2397271d4b HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/6b0be2e6cddaf3521c2c02c42bac1d2397271d4b HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/6b0be2e6cddaf3521c2c02c42bac1d2397271d4b HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/e9ce2bf105b852f9cac70fa2793e7f3cb22aeffb HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/e9ce2bf105b852f9cac70fa2793e7f3cb22aeffb HTTP/1.0Host: 216.218.219.41Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/144449bb1eca24bea5d332ce8bf43ef4b642af55 HTTP/1.0Host: 216.218.219.41Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/d6ebf64a4335f44f975eca23c6d89a795b78daff HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/d6ebf64a4335f44f975eca23c6d89a795b78daff HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/7502c6382100a6ff1d40dc3546733116ffd66576 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/7502c6382100a6ff1d40dc3546733116ffd66576 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/7502c6382100a6ff1d40dc3546733116ffd66576 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/d7316bf7fd633dd7474b18c33e1d5fdeb04d26a7 HTTP/1.0Host: 216.218.219.41Data Raw: 00 Data Ascii:
    Source: Joe Sandbox ViewIP Address: 45.66.35.11 45.66.35.11
    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
    Source: Joe Sandbox ViewJA3 fingerprint: c12f54a3f91dc7bafd92cb59fe009a35
    Source: unknownDNS query: name: api.ipify.org
    Source: unknownDNS query: name: api.ipify.org
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49701 -> 216.218.219.41:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61245 -> 193.23.244.244:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61216 -> 45.66.35.11:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61248 -> 216.218.219.41:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61260 -> 45.66.35.11:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49792 -> 45.66.35.11:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49729 -> 45.66.35.11:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61246 -> 45.66.35.11:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61262 -> 193.23.244.244:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61148 -> 193.23.244.244:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61253 -> 216.218.219.41:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61243 -> 193.23.244.244:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49704 -> 193.23.244.244:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61088 -> 45.66.35.11:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61242 -> 193.23.244.244:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61261 -> 193.23.244.244:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61241 -> 193.23.244.244:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49717 -> 45.66.35.11:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49723 -> 216.218.219.41:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61258 -> 193.23.244.244:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61244 -> 45.66.35.11:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49702 -> 45.66.35.11:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49711 -> 193.23.244.244:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49705 -> 193.23.244.244:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61155 -> 45.66.35.11:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61259 -> 45.66.35.11:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61247 -> 193.23.244.244:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49699 -> 131.188.40.189:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:61263 -> 216.218.219.41:80
    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49700 -> 104.26.12.205:443
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.7:49758
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.7:61161
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: unknownTCP traffic detected without corresponding DNS query: 131.188.40.189
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05871F46 memset,getaddrinfo,socket,connect,closesocket,freeaddrinfo,freeaddrinfo,recv,closesocket,_mkgmtime,0_2_05871F46
    Source: global trafficHTTP traffic detected: GET / HTTP/1.0Host: api.ipify.org
    Source: global trafficHTTP traffic detected: GET /tor/status-vote/current/consensus HTTP/1.0Host: 131.188.40.189Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/39c2201ae58f7ef3f6bf2c8a1bb5630abf06fbf9 HTTP/1.0Host: 216.218.219.41Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/39c2201ae58f7ef3f6bf2c8a1bb5630abf06fbf9 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/39c2201ae58f7ef3f6bf2c8a1bb5630abf06fbf9 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/e2f67eec1c8cd17d17d309b63986ea6cbd18ea20 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/e2f67eec1c8cd17d17d309b63986ea6cbd18ea20 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/e2f67eec1c8cd17d17d309b63986ea6cbd18ea20 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/4bfc9c631a93ff4ba3aa84bc6931b4310c38a263 HTTP/1.0Host: 216.218.219.41Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/6c143720fff8469ef6a5c5b4066366340cf6c0d1 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/bc97dbf322e999ee1ff0fa1ff433dc1432757415 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4d HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/56344dee34d3343090d00ad88ce2d58b50712c81 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/56344dee34d3343090d00ad88ce2d58b50712c81 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/1934cd4c10d261285a7ec042468d521f82c282c3 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/d902fc5803124514d6812910ca0ebc833c86c1b2 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/d902fc5803124514d6812910ca0ebc833c86c1b2 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/d902fc5803124514d6812910ca0ebc833c86c1b2 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/6b0be2e6cddaf3521c2c02c42bac1d2397271d4b HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/6b0be2e6cddaf3521c2c02c42bac1d2397271d4b HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/6b0be2e6cddaf3521c2c02c42bac1d2397271d4b HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/e9ce2bf105b852f9cac70fa2793e7f3cb22aeffb HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/e9ce2bf105b852f9cac70fa2793e7f3cb22aeffb HTTP/1.0Host: 216.218.219.41Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/144449bb1eca24bea5d332ce8bf43ef4b642af55 HTTP/1.0Host: 216.218.219.41Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/d6ebf64a4335f44f975eca23c6d89a795b78daff HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/d6ebf64a4335f44f975eca23c6d89a795b78daff HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/7502c6382100a6ff1d40dc3546733116ffd66576 HTTP/1.0Host: 45.66.35.11Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/7502c6382100a6ff1d40dc3546733116ffd66576 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/7502c6382100a6ff1d40dc3546733116ffd66576 HTTP/1.0Host: 193.23.244.244Data Raw: 00 Data Ascii:
    Source: global trafficHTTP traffic detected: GET /tor/server/fp/d7316bf7fd633dd7474b18c33e1d5fdeb04d26a7 HTTP/1.0Host: 216.218.219.41Data Raw: 00 Data Ascii:
    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
    Source: global trafficDNS traffic detected: DNS query: time-a.nist.gov
    Source: global trafficDNS traffic detected: DNS query: time-a-g.nist.gov
    Source: global trafficDNS traffic detected: DNS query: time.nist.gov
    Source: global trafficDNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1270589700.00000000072D5000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2510431983.0000000007731000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
    Source: Payload 94.75 (4).225.exe, Payload 94.75 (4).225.exe, 00000000.00000003.1270589700.00000000072D5000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2510431983.0000000007731000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
    Source: Payload 94.75 (4).225.exe, Payload 94.75 (4).225.exe, 00000000.00000003.1270589700.00000000072D5000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2510431983.0000000007731000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
    Source: Payload 94.75 (4).225.exe, 00000000.00000002.2509755258.0000000005800000.00000004.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2512428734.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1274637887.0000000005945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://https://hostHTTP/1.1HTTP/1.0GET
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1774404586.00000000059AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m3r7ifpzkdix4rf5.onion/kpanel/connect.php
    Source: Payload 94.75 (4).225.exe, 00000000.00000002.2509490680.00000000054A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m3r7ifpzkdix4rf5.onion/kpanel/connect.php?a=29
    Source: Payload 94.75 (4).225.exe, Payload 94.75 (4).225.exe, 00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
    Source: Payload 94.75 (4).225.exe, 00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/&z=%d?a=29/UNKNOWN/UNKNOWN
    Source: Payload 94.75 (4).225.exe, 00000000.00000002.2510062995.0000000005996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://digitalcourage.social/
    Source: Payload 94.75 (4).225.exe, 00000000.00000002.2510062995.0000000005996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://emeraldonion.org/donate/
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.2374744112.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rdp.sh
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1305847262.0000000008647000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1297403956.000000000835C000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1299057021.00000000086B7000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1297652565.00000000084B4000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1300083610.00000000081D9000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1294359575.00000000081D3000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1292883437.0000000007FD1000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1299328973.00000000081D8000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1295819990.0000000008271000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sabotage.net
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
    Source: unknownNetwork traffic detected: HTTP traffic on port 61223 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61094
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61162
    Source: unknownNetwork traffic detected: HTTP traffic on port 61264 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 61249 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61249
    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 61094 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61264
    Source: unknownNetwork traffic detected: HTTP traffic on port 61254 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61254
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61223
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 61162 -> 443
    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.7:49700 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 162.247.74.27:443 -> 192.168.2.7:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.129.64.145:443 -> 192.168.2.7:49798 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 94.143.137.213:443 -> 192.168.2.7:61094 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 51.15.96.2:443 -> 192.168.2.7:61162 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 129.150.56.220:443 -> 192.168.2.7:61223 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.225.226.182:443 -> 192.168.2.7:61249 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 45.94.31.29:443 -> 192.168.2.7:61254 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 158.69.205.247:443 -> 192.168.2.7:61264 version: TLS 1.2

    Key, Mouse, Clipboard, Microphone and Screen Capturing

    barindex
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0585C41D SetWindowsHookExA 0000000D,0585C27E,000000000_2_0585C41D
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\Payload 94.75 (4).225.exeJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0585A6DA SetThreadDesktop,CreateThread,GetDesktopWindow,OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,lstrlenA,lstrcpyA,GlobalUnlock,CloseClipboard,GetDesktopWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,WindowFromPoint,WindowFromPoint,SendMessageA,SendMessageA,PostMessageA,GetWindowPlacement,GetWindowLongA,SetWindowLongA,SendMessageA,FindWindowA,GetWindowRect,PtInRect,memset,RealGetWindowClassA,lstrcmpA,SendMessageA,MenuItemFromPoint,GetMenuItemID,PostMessageA,PostMessageA,PostMessageA,SendMessageA,GetWindowRect,MoveWindow,ScreenToClient,ScreenToClient,ChildWindowFromPoint,ScreenToClient,ChildWindowFromPoint,PostMessageA,closesocket,0_2_0585A6DA
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0585A6DA SetThreadDesktop,CreateThread,GetDesktopWindow,OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,lstrlenA,lstrcpyA,GlobalUnlock,CloseClipboard,GetDesktopWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,WindowFromPoint,WindowFromPoint,SendMessageA,SendMessageA,PostMessageA,GetWindowPlacement,GetWindowLongA,SetWindowLongA,SendMessageA,FindWindowA,GetWindowRect,PtInRect,memset,RealGetWindowClassA,lstrcmpA,SendMessageA,MenuItemFromPoint,GetMenuItemID,PostMessageA,PostMessageA,PostMessageA,SendMessageA,GetWindowRect,MoveWindow,ScreenToClient,ScreenToClient,ChildWindowFromPoint,ScreenToClient,ChildWindowFromPoint,PostMessageA,closesocket,0_2_0585A6DA
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05867DD3 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,0_2_05867DD3
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0585A6DA SetThreadDesktop,CreateThread,GetDesktopWindow,OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,lstrlenA,lstrcpyA,GlobalUnlock,CloseClipboard,GetDesktopWindow,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,CloseClipboard,WindowFromPoint,WindowFromPoint,SendMessageA,SendMessageA,PostMessageA,GetWindowPlacement,GetWindowLongA,SetWindowLongA,SendMessageA,FindWindowA,GetWindowRect,PtInRect,memset,RealGetWindowClassA,lstrcmpA,SendMessageA,MenuItemFromPoint,GetMenuItemID,PostMessageA,PostMessageA,PostMessageA,SendMessageA,GetWindowRect,MoveWindow,ScreenToClient,ScreenToClient,ChildWindowFromPoint,ScreenToClient,ChildWindowFromPoint,PostMessageA,closesocket,0_2_0585A6DA
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05858FED GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,CreateCompatibleBitmap,SelectObject,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,SetStretchBltMode,StretchBlt,DeleteObject,DeleteDC,GetDIBits,DeleteObject,ReleaseDC,DeleteDC,memcpy,memcpy,0_2_05858FED

    E-Banking Fraud

    barindex
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05865C550_2_05865C55
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058726F9 CryptImportKey,0_2_058726F9
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05871004 CryptImportKey,0_2_05871004
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05871032 CryptImportKey,0_2_05871032
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058733DA CryptImportKey,CryptCreateHash,CryptSetHashParam,0_2_058733DA
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0585AD39 memset,strcpy,memset,OpenDesktopA,OpenDesktopA,OpenDesktopA,CreateDesktopA,SetThreadDesktop,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,0_2_0585AD39

    System Summary

    barindex
    Source: 0.2.Payload 94.75 (4).225.exe.5830000.3.unpack, type: UNPACKEDPEMatched rule: Strings used by the Kronos banking trojan and variants. Author: unknown
    Source: 0.2.Payload 94.75 (4).225.exe.5830000.3.raw.unpack, type: UNPACKEDPEMatched rule: Strings used by the Kronos banking trojan and variants. Author: unknown
    Source: 00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Strings used by the Kronos banking trojan and variants. Author: unknown
    Source: 00000000.00000002.2509245363.0000000005340000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
    Source: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Strings used by the Kronos banking trojan and variants. Author: unknown
    Source: 00000000.00000002.2509423119.00000000053E9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
    Source: Process Memory Space: Payload 94.75 (4).225.exe PID: 7288, type: MEMORYSTRMatched rule: Strings used by the Kronos banking trojan and variants. Author: unknown
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05855294 NtQuerySystemInformation,NtQuerySystemInformation,0_2_05855294
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05865DD8 RtlInitUnicodeString,NtQueryValueKey,0_2_05865DD8
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05865D58 NtClose,0_2_05865D58
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05865D6A NtCreateKey,0_2_05865D6A
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05845950 QueryPerformanceCounter,CreateEventA,GetModuleHandleA,GetProcAddress,NtQuerySystemInformation,GetProcessHeap,CreateEventA,GetProcessHeap,RtlReAllocateHeap,Sleep,GetProcessHeap,HeapReAlloc,CreateEventA,GetProcessHeap,HeapAlloc,Sleep,CreateEventA,GetProcessHeap,HeapAlloc,CreateEventA,GetModuleHandleA,GetProcAddress,NtQuerySystemInformation,0_2_05845950
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0583EA50 GetModuleHandleA,GetProcAddress,OpenProcess,NtQueryInformationProcess,0_2_0583EA50
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0585B47F memset,memset,CreateProcessW,NtResumeThread,CloseHandle,0_2_0585B47F
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0586203A strcmp,strcmp,memset,memset,ExpandEnvironmentStringsW,DeleteFileW,CreateFileW,CloseHandle,CloseHandle,strcmp,strcmp,CreateProcessW,NtResumeThread,CreateProcessW,ResumeThread,CloseHandle,CloseHandle,ExitProcess,CreateProcessW,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DeleteFileW,0_2_0586203A
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0586606C RtlInitUnicodeString,NtDeleteValueKey,0_2_0586606C
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05862CC6 NtQueryInformationProcess,NtQueryInformationProcess,0_2_05862CC6
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05864CE8 memset,memset,CreateProcessA,NtResumeThread,WaitForSingleObject,TerminateProcess,strlen,DeleteFileW,DeleteFileA,0_2_05864CE8
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05856F12 memset,memset,CreateProcessA,NtResumeThread,WaitForSingleObject,TerminateProcess,DeleteFileA,0_2_05856F12
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05866F6F GetCurrentDirectoryW,ExpandEnvironmentStringsW,memset,memset,DeleteFileW,CreateProcessW,NtResumeThread,memset,memset,DeleteFileW,CreateProcessW,NtResumeThread,Sleep,Sleep,SetCurrentDirectoryW,0_2_05866F6F
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05865E87 NtEnumerateKey,lstrcpyW,0_2_05865E87
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05865EE3 NtEnumerateValueKey,lstrcpyW,0_2_05865EE3
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05863E56 NtFreeVirtualMemory,0_2_05863E56
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05862B50 NtQueryInformationThread,0_2_05862B50
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05863AC2 ReadProcessMemory,ReadProcessMemory,ReadProcessMemory,NtCreateSection,NtCreateSection,GetCurrentProcess,GetCurrentProcess,NtMapViewOfSection,GetCurrentProcess,NtMapViewOfSection,NtMapViewOfSection,ReadProcessMemory,NtUnmapViewOfSection,NtMapViewOfSection,CloseHandle,GetCurrentProcess,NtUnmapViewOfSection,CloseHandle,GetCurrentProcess,NtUnmapViewOfSection,CloseHandle,0_2_05863AC2
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05865765: CreateFileA,memset,memset,DeviceIoControl,DeviceIoControl,DeviceIoControl,strlen,strlen,CloseHandle,0_2_05865765
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_004014F70_2_004014F7
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058665B50_2_058665B5
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058505000_2_05850500
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0585D5370_2_0585D537
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058384400_2_05838440
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058397A00_2_058397A0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0584A7A00_2_0584A7A0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0584B7200_2_0584B720
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0585F7340_2_0585F734
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0584E1DF0_2_0584E1DF
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058541E00_2_058541E0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0584A1F00_2_0584A1F0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058500C00_2_058500C0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0584E3F30_2_0584E3F3
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058602AC0_2_058602AC
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0584C2300_2_0584C230
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0584D2410_2_0584D241
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05854D760_2_05854D76
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05854C9A0_2_05854C9A
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0584ACF00_2_0584ACF0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05848C000_2_05848C00
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05850C400_2_05850C40
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05838FD00_2_05838FD0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0585EF470_2_0585EF47
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058389B00_2_058389B0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058559180_2_05855918
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058558200_2_05855820
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05868BFC0_2_05868BFC
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0584DB600_2_0584DB60
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0584FAD00_2_0584FAD0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05854AFB0_2_05854AFB
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_053417470_2_05341747
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_053E90040_2_053E9004
    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\GetX64BTIT.exe 91F1023142B7BABF6FF75DAD984C2A35BDE61DC9E61F45483F4B65008576D581
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: String function: 05836650 appears 47 times
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: String function: 05868880 appears 70 times
    Source: Payload 94.75 (4).225.exeStatic PE information: Resource name: RT_STRING type: DOS executable (COM)
    Source: Payload 94.75 (4).225.exeStatic PE information: Resource name: RT_STRING type: 0420 Alliant virtual executable not stripped
    Source: Payload 94.75 (4).225.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1270589700.00000000072D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs Payload 94.75 (4).225.exe
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1262903572.00000000075AD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payload 94.75 (4).225.exe
    Source: Payload 94.75 (4).225.exe, 00000000.00000002.2510431983.0000000007B4C000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs Payload 94.75 (4).225.exe
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1262721780.00000000073F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payload 94.75 (4).225.exe
    Source: Payload 94.75 (4).225.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: 0.2.Payload 94.75 (4).225.exe.5830000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Kronos_cdd2e2c5 reference_sample = baa9cedbbe0f5689be8f8028a6537c39e9ea8b0815ad76cb98f365ca5a41653f, os = windows, severity = x86, description = Strings used by the Kronos banking trojan and variants., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Kronos, fingerprint = 0e124d42a6741a095b66928303731e7060788bc1035b98b729ca91e4f7b6bc44, id = cdd2e2c5-17fc-4cec-aece-0b19c54faccf, last_modified = 2021-08-23
    Source: 0.2.Payload 94.75 (4).225.exe.5830000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Kronos_cdd2e2c5 reference_sample = baa9cedbbe0f5689be8f8028a6537c39e9ea8b0815ad76cb98f365ca5a41653f, os = windows, severity = x86, description = Strings used by the Kronos banking trojan and variants., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Kronos, fingerprint = 0e124d42a6741a095b66928303731e7060788bc1035b98b729ca91e4f7b6bc44, id = cdd2e2c5-17fc-4cec-aece-0b19c54faccf, last_modified = 2021-08-23
    Source: 00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Kronos_cdd2e2c5 reference_sample = baa9cedbbe0f5689be8f8028a6537c39e9ea8b0815ad76cb98f365ca5a41653f, os = windows, severity = x86, description = Strings used by the Kronos banking trojan and variants., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Kronos, fingerprint = 0e124d42a6741a095b66928303731e7060788bc1035b98b729ca91e4f7b6bc44, id = cdd2e2c5-17fc-4cec-aece-0b19c54faccf, last_modified = 2021-08-23
    Source: 00000000.00000002.2509245363.0000000005340000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
    Source: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Kronos_cdd2e2c5 reference_sample = baa9cedbbe0f5689be8f8028a6537c39e9ea8b0815ad76cb98f365ca5a41653f, os = windows, severity = x86, description = Strings used by the Kronos banking trojan and variants., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Kronos, fingerprint = 0e124d42a6741a095b66928303731e7060788bc1035b98b729ca91e4f7b6bc44, id = cdd2e2c5-17fc-4cec-aece-0b19c54faccf, last_modified = 2021-08-23
    Source: 00000000.00000002.2509423119.00000000053E9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
    Source: Process Memory Space: Payload 94.75 (4).225.exe PID: 7288, type: MEMORYSTRMatched rule: Windows_Trojan_Kronos_cdd2e2c5 reference_sample = baa9cedbbe0f5689be8f8028a6537c39e9ea8b0815ad76cb98f365ca5a41653f, os = windows, severity = x86, description = Strings used by the Kronos banking trojan and variants., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Kronos, fingerprint = 0e124d42a6741a095b66928303731e7060788bc1035b98b729ca91e4f7b6bc44, id = cdd2e2c5-17fc-4cec-aece-0b19c54faccf, last_modified = 2021-08-23
    Source: classification engineClassification label: mal100.bank.troj.spyw.evad.winEXE@3/2@7/16
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05863948 OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,0_2_05863948
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0583F7E0 CreateEventA,CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,GetCurrentProcessId,lstrcmpiW,GetCurrentProcessId,lstrcmpiW,Process32NextW,CloseHandle,OpenProcess,TerminateProcess,CloseHandle,0_2_0583F7E0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05857866 CoInitialize,CoCreateInstance,wcschr,CoUninitialize,0_2_05857866
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{AD3EBBCA-D942-886C-AD3E-CABB824AEA00}
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeMutant created: \Sessions\1\BaseNamedObjects\Global\34fbdedca9ab6c8c1b63381b7ae2961b
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeFile created: C:\Users\user~1\AppData\Local\Temp\GetX64BTIT.exeJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: Payload 94.75 (4).225.exeVirustotal: Detection: 76%
    Source: Payload 94.75 (4).225.exeReversingLabs: Detection: 89%
    Source: Payload 94.75 (4).225.exeString found in binary or memory: t xml:space=.gif" border="0"</body> </html> overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script> /favicon.ico" />operating system" style="width:1target="_blank">State Universitytext-align:left; document.write(, including the around t
    Source: unknownProcess created: C:\Users\user\Desktop\Payload 94.75 (4).225.exe "C:\Users\user\Desktop\Payload 94.75 (4).225.exe"
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeProcess created: C:\Users\user\AppData\Local\Temp\GetX64BTIT.exe "C:\Users\user~1\AppData\Local\Temp\GetX64BTIT.exe"
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeProcess created: C:\Users\user\AppData\Local\Temp\GetX64BTIT.exe "C:\Users\user~1\AppData\Local\Temp\GetX64BTIT.exe"Jump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: msvcr100.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: dssenh.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\GetX64BTIT.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
    Source: Binary string: wininet.pdb source: Payload 94.75 (4).225.exe, 00000000.00000003.1270589700.00000000072D5000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2510431983.0000000007731000.00000040.00001000.00020000.00000000.sdmp
    Source: Binary string: C:\Users\yvanhom\Desktop\Summary\mini-tor\mini-tor\bin\Release\x64\GetX64BTIT.pdb source: GetX64BTIT.exe, 00000007.00000002.1278249107.00007FF688412000.00000002.00000001.01000000.00000005.sdmp, GetX64BTIT.exe, 00000007.00000000.1276168039.00007FF688412000.00000002.00000001.01000000.00000005.sdmp, GetX64BTIT.exe.0.dr
    Source: Binary string: wntdll.pdbUGP source: Payload 94.75 (4).225.exe, 00000000.00000003.1262903572.0000000007480000.00000040.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1262721780.00000000072D5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wntdll.pdb source: Payload 94.75 (4).225.exe, 00000000.00000003.1262903572.0000000007480000.00000040.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1262721780.00000000072D5000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wininet.pdbUGP source: Payload 94.75 (4).225.exe, 00000000.00000003.1270589700.00000000072D5000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2510431983.0000000007731000.00000040.00001000.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05869864 LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_05869864
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05879538 push 00000000h; ret 0_2_058795C9
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_053FB515 push esi; ret 0_2_053FB526
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_053EB246 push esp; retf 0_2_053EB262
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_053FB3EA pushfd ; iretd 0_2_053FB3FA
    Source: initial sampleStatic PE information: section name: UPX0
    Source: initial sampleStatic PE information: section name: UPX1
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeFile created: C:\Users\user\AppData\Local\Temp\GetX64BTIT.exeJump to dropped file
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05869864 LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_05869864
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\GetX64BTIT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Temp\GetX64BTIT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0585547C0_2_0585547C
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058637DE0_2_058637DE
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058483F00_2_058483F0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeEvasive API call chain: DeviceIoControl,DecisionNodes,Sleepgraph_0-30397
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeEvasive API call chain: NtQuerySystemInformation,DecisionNodes,Sleepgraph_0-30990
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0583F7E0 CreateEventA,CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,GetCurrentProcessId,lstrcmpiW,GetCurrentProcessId,lstrcmpiW,Process32NextW,CloseHandle,OpenProcess,TerminateProcess,CloseHandle,0_2_0583F7E0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeThread delayed: delay time: 300000Jump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-30568
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058483F00_2_058483F0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exe TID: 7292Thread sleep time: -300000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeFile opened: PhysicalDrive0Jump to behavior
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058625CF lstrcatA,memset,lstrcpyA,lstrcpyA,lstrcatA,lstrcatA,GetLastError,FindFirstFileA,memset,lstrcpyA,lstrcatA,lstrcatA,memset,lstrcpyA,lstrcatA,lstrcatA,lstrcmpA,lstrcmpA,GetLastError,CopyFileA,FindNextFileA,0_2_058625CF
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05858093 FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,DeleteFileW,GetLastError,memcpy,CreateThread,CloseHandle,FindNextFileW,FindClose,0_2_05858093
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058582BA memset,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,FindNextFileW,CloseHandle,0_2_058582BA
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05858225 memset,FindFirstFileW,FindNextFileW,CloseHandle,0_2_05858225
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05853C41 lstrcpyW,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcatW,lstrcatW,FindNextFileW,DeleteFileW,FindClose,0_2_05853C41
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeThread delayed: delay time: 300000Jump to behavior
    Source: Payload 94.75 (4).225.exe, 00000000.00000002.2509490680.00000000054A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeAPI call chain: ExitProcess graph end nodegraph_0-30278
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeAPI call chain: ExitProcess graph end nodegraph_0-30017
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeDebugger detection routine: NtQueryInformationProcess or NtQuerySystemInformation, DecisionNodes, ExitProcess or Sleepgraph_0-30990
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058661E2 LdrInitializeThunk,0_2_058661E2
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0583F7E0 CreateEventA,CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,GetCurrentProcessId,lstrcmpiW,GetCurrentProcessId,lstrcmpiW,Process32NextW,CloseHandle,OpenProcess,TerminateProcess,CloseHandle,0_2_0583F7E0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05869864 LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_05869864
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05855335 mov eax, dword ptr fs:[00000030h]0_2_05855335
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05863F96 mov ecx, dword ptr fs:[00000030h]0_2_05863F96
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0534092B mov eax, dword ptr fs:[00000030h]0_2_0534092B
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05340D90 mov eax, dword ptr fs:[00000030h]0_2_05340D90
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_053E9B03 push dword ptr fs:[00000030h]0_2_053E9B03
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_004010E9 GetProcessHeap,RtlFreeHeap,0_2_004010E9
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05866B83 CloseHandle,ExitProcess,GetSidLengthRequired,LocalAlloc,InitializeSid,GetSidSubAuthority,InitializeSecurityDescriptor,SetSecurityDescriptorGroup,SetSecurityDescriptorDacl,memset,CreateEventW,SetEvent,ResetEvent,LocalFree,0_2_05866B83
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05865B22 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_05865B22
    Source: Payload 94.75 (4).225.exe, 00000000.00000003.1323338580.00000000059AC000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1394777725.00000000080EC000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1774361818.00000000080EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
    Source: Payload 94.75 (4).225.exe, 00000000.00000002.2506705433.0000000000188000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Program Manager494126
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05831690 GetSystemTime,0_2_05831690
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05863202 GetComputerNameA,lstrcpyA,lstrcatA,lstrcatA,lstrcpyA,lstrlenA,lstrlenA,GetUserNameA,lstrcatA,lstrlenA,lstrcpyA,lstrlenA,0_2_05863202
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0583F650 memset,GetVersionExA,GetNativeSystemInfo,GetCurrentProcessId,0_2_0583F650
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: Payload 94.75 (4).225.exe PID: 7288, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: Payload 94.75 (4).225.exe PID: 7288, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: Payload 94.75 (4).225.exe PID: 7288, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: Payload 94.75 (4).225.exe PID: 7288, type: MEMORYSTR
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058485E0 Sleep,WSAStartup,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,Sleep,GetProcessHeap,HeapAlloc,socket,htons,bind,listen,CreateEventA,CreateThread,ResumeThread,GetProcessHeap,HeapFree,closesocket,0_2_058485E0
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_058514AE bind,0_2_058514AE
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0585142F bind,0_2_0585142F
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_0586871E WSAStartup,socket,htons,bind,listen,0_2_0586871E
    Source: C:\Users\user\Desktop\Payload 94.75 (4).225.exeCode function: 0_2_05851805 getaddrinfo,closesocket,socket,bind,closesocket,memcpy,freeaddrinfo,closesocket,listen,0_2_05851805
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts22
    Native API
    1
    DLL Side-Loading
    1
    DLL Side-Loading
    1
    Deobfuscate/Decode Files or Information
    21
    Input Capture
    1
    System Time Discovery
    Remote Services12
    Archive Collected Data
    2
    Ingress Tool Transfer
    Exfiltration Over Other Network Medium1
    Data Encrypted for Impact
    CredentialsDomainsDefault Accounts2
    Command and Scripting Interpreter
    1
    Create Account
    1
    Access Token Manipulation
    21
    Obfuscated Files or Information
    LSASS Memory1
    Account Discovery
    Remote Desktop Protocol1
    Screen Capture
    21
    Encrypted Channel
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
    Process Injection
    1
    Software Packing
    Security Account Manager1
    File and Directory Discovery
    SMB/Windows Admin Shares21
    Input Capture
    1
    Non-Standard Port
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    DLL Side-Loading
    NTDS114
    System Information Discovery
    Distributed Component Object Model3
    Clipboard Data
    2
    Non-Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script131
    Virtualization/Sandbox Evasion
    LSA Secrets341
    Security Software Discovery
    SSHKeylogging3
    Application Layer Protocol
    Scheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Access Token Manipulation
    Cached Domain Credentials131
    Virtualization/Sandbox Evasion
    VNCGUI Input Capture1
    Proxy
    Data Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Process Injection
    DCSync3
    Process Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
    System Owner/User Discovery
    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
    System Network Configuration Discovery
    Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    Payload 94.75 (4).225.exe76%VirustotalBrowse
    Payload 94.75 (4).225.exe89%ReversingLabsWin32.Trojan.Glupteba
    Payload 94.75 (4).225.exe100%AviraHEUR/AGEN.1315257
    Payload 94.75 (4).225.exe100%Joe Sandbox ML
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\GetX64BTIT.exe58%ReversingLabsWin64.Backdoor.Zapchast
    No Antivirus matches
    SourceDetectionScannerLabelLink
    ntp1.glb.nist.gov0%VirustotalBrowse
    api.ipify.org0%VirustotalBrowse
    SourceDetectionScannerLabelLink
    https://api.ipify.org/0%URL Reputationsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    ntp1.glb.nist.gov
    132.163.96.1
    truefalseunknown
    api.ipify.org
    104.26.12.205
    truefalseunknown
    time-a-g.nist.gov
    129.6.15.28
    truefalse
      unknown
      time-a.nist.gov
      unknown
      unknowntrue
        unknown
        time.nist.gov
        unknown
        unknowntrue
          unknown
          171.39.242.20.in-addr.arpa
          unknown
          unknowntrue
            unknown
            NameMaliciousAntivirus DetectionReputation
            https://api.ipify.org/false
            • URL Reputation: safe
            unknown
            http://216.218.219.41/tor/server/fp/4bfc9c631a93ff4ba3aa84bc6931b4310c38a263false
              unknown
              http://45.66.35.11/tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4dfalse
                unknown
                http://45.66.35.11/tor/server/fp/7502c6382100a6ff1d40dc3546733116ffd66576false
                  unknown
                  http://45.66.35.11/tor/server/fp/e2f67eec1c8cd17d17d309b63986ea6cbd18ea20false
                    unknown
                    http://193.23.244.244/tor/server/fp/7502c6382100a6ff1d40dc3546733116ffd66576false
                      unknown
                      http://45.66.35.11/tor/server/fp/39c2201ae58f7ef3f6bf2c8a1bb5630abf06fbf9false
                        unknown
                        http://193.23.244.244/tor/server/fp/e9ce2bf105b852f9cac70fa2793e7f3cb22aeffbfalse
                          unknown
                          http://45.66.35.11/tor/server/fp/6b0be2e6cddaf3521c2c02c42bac1d2397271d4bfalse
                            unknown
                            http://45.66.35.11/tor/server/fp/1934cd4c10d261285a7ec042468d521f82c282c3false
                              unknown
                              http://193.23.244.244/tor/server/fp/d6ebf64a4335f44f975eca23c6d89a795b78dafffalse
                                unknown
                                http://45.66.35.11/tor/server/fp/6c143720fff8469ef6a5c5b4066366340cf6c0d1false
                                  unknown
                                  http://45.66.35.11/tor/server/fp/bc97dbf322e999ee1ff0fa1ff433dc1432757415false
                                    unknown
                                    http://193.23.244.244/tor/server/fp/e2f67eec1c8cd17d17d309b63986ea6cbd18ea20false
                                      unknown
                                      http://216.218.219.41/tor/server/fp/d7316bf7fd633dd7474b18c33e1d5fdeb04d26a7false
                                        unknown
                                        http://193.23.244.244/tor/server/fp/d902fc5803124514d6812910ca0ebc833c86c1b2false
                                          unknown
                                          http://216.218.219.41/tor/server/fp/144449bb1eca24bea5d332ce8bf43ef4b642af55false
                                            unknown
                                            http://216.218.219.41/tor/server/fp/e9ce2bf105b852f9cac70fa2793e7f3cb22aeffbfalse
                                              unknown
                                              http://193.23.244.244/tor/server/fp/56344dee34d3343090d00ad88ce2d58b50712c81false
                                                unknown
                                                http://216.218.219.41/tor/server/fp/39c2201ae58f7ef3f6bf2c8a1bb5630abf06fbf9false
                                                  unknown
                                                  http://45.66.35.11/tor/server/fp/56344dee34d3343090d00ad88ce2d58b50712c81false
                                                    unknown
                                                    http://45.66.35.11/tor/server/fp/d6ebf64a4335f44f975eca23c6d89a795b78dafffalse
                                                      unknown
                                                      http://131.188.40.189/tor/status-vote/current/consensusfalse
                                                        unknown
                                                        http://193.23.244.244/tor/server/fp/39c2201ae58f7ef3f6bf2c8a1bb5630abf06fbf9false
                                                          unknown
                                                          http://193.23.244.244/tor/server/fp/6b0be2e6cddaf3521c2c02c42bac1d2397271d4bfalse
                                                            unknown
                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            http://html4/loose.dtdPayload 94.75 (4).225.exe, Payload 94.75 (4).225.exe, 00000000.00000003.1270589700.00000000072D5000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2510431983.0000000007731000.00000040.00001000.00020000.00000000.sdmpfalse
                                                              unknown
                                                              http://https://hostHTTP/1.1HTTP/1.0GETPayload 94.75 (4).225.exe, 00000000.00000002.2509755258.0000000005800000.00000004.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2512428734.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1274637887.0000000005945000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://api.ipify.org/&z=%d?a=29/UNKNOWN/UNKNOWNPayload 94.75 (4).225.exe, 00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  https://rdp.shPayload 94.75 (4).225.exe, 00000000.00000003.2374744112.0000000008CCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    http://.cssPayload 94.75 (4).225.exe, 00000000.00000003.1270589700.00000000072D5000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2510431983.0000000007731000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://emeraldonion.org/donate/Payload 94.75 (4).225.exe, 00000000.00000002.2510062995.0000000005996000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        https://digitalcourage.social/Payload 94.75 (4).225.exe, 00000000.00000002.2510062995.0000000005996000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          http://m3r7ifpzkdix4rf5.onion/kpanel/connect.php?a=29Payload 94.75 (4).225.exe, 00000000.00000002.2509490680.00000000054A5000.00000004.00000020.00020000.00000000.sdmptrue
                                                                            unknown
                                                                            https://sabotage.netPayload 94.75 (4).225.exe, 00000000.00000003.1305847262.0000000008647000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1297403956.000000000835C000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1299057021.00000000086B7000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1297652565.00000000084B4000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1300083610.00000000081D9000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1294359575.00000000081D3000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1292883437.0000000007FD1000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1299328973.00000000081D8000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000003.1295819990.0000000008271000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              http://.jpgPayload 94.75 (4).225.exe, Payload 94.75 (4).225.exe, 00000000.00000003.1270589700.00000000072D5000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Payload 94.75 (4).225.exe, 00000000.00000002.2510431983.0000000007731000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                unknown
                                                                                http://m3r7ifpzkdix4rf5.onion/kpanel/connect.phpPayload 94.75 (4).225.exe, 00000000.00000003.1774404586.00000000059AC000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                  unknown
                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs
                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  45.66.35.11
                                                                                  unknownNetherlands
                                                                                  47482SPECTRENLfalse
                                                                                  104.26.12.205
                                                                                  api.ipify.orgUnited States
                                                                                  13335CLOUDFLARENETUSfalse
                                                                                  94.143.137.213
                                                                                  unknownSpain
                                                                                  8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                                  162.247.74.27
                                                                                  unknownUnited States
                                                                                  4224CALYX-ASUSfalse
                                                                                  132.163.97.2
                                                                                  unknownUnited States
                                                                                  49US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfalse
                                                                                  129.6.15.28
                                                                                  time-a-g.nist.govUnited States
                                                                                  49US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfalse
                                                                                  51.15.96.2
                                                                                  unknownFrance
                                                                                  12876OnlineSASFRfalse
                                                                                  45.94.31.29
                                                                                  unknownNetherlands
                                                                                  395800GBTCLOUDUSfalse
                                                                                  158.69.205.247
                                                                                  unknownCanada
                                                                                  16276OVHFRfalse
                                                                                  132.163.96.1
                                                                                  ntp1.glb.nist.govUnited States
                                                                                  49US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfalse
                                                                                  185.225.226.182
                                                                                  unknownunknown
                                                                                  207560VIKHOSTUAfalse
                                                                                  131.188.40.189
                                                                                  unknownGermany
                                                                                  680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
                                                                                  216.218.219.41
                                                                                  unknownUnited States
                                                                                  6939HURRICANEUSfalse
                                                                                  129.150.56.220
                                                                                  unknownUnited States
                                                                                  4192STORTEK-INTUSfalse
                                                                                  23.129.64.145
                                                                                  unknownUnited States
                                                                                  396507EMERALD-ONIONUSfalse
                                                                                  193.23.244.244
                                                                                  unknownGermany
                                                                                  50472CHAOS-ASDEfalse
                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                  Analysis ID:1547868
                                                                                  Start date and time:2024-11-03 09:35:06 +01:00
                                                                                  Joe Sandbox product:CloudBasic
                                                                                  Overall analysis duration:0h 5m 56s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                  Number of analysed new started processes analysed:13
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:0
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Sample name:Payload 94.75 (4).225.exe
                                                                                  Detection:MAL
                                                                                  Classification:mal100.bank.troj.spyw.evad.winEXE@3/2@7/16
                                                                                  EGA Information:
                                                                                  • Successful, ratio: 100%
                                                                                  HCA Information:
                                                                                  • Successful, ratio: 100%
                                                                                  • Number of executed functions: 97
                                                                                  • Number of non-executed functions: 238
                                                                                  Cookbook Comments:
                                                                                  • Found application associated with file extension: .exe
                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                  • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                  TimeTypeDescription
                                                                                  03:36:13API Interceptor5x Sleep call for process: Payload 94.75 (4).225.exe modified
                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  45.66.35.11Payload 94.75 (3).225.exeGet hashmaliciousUnknownBrowse
                                                                                  • 45.66.35.11/tor/server/fp/da4b488c2826dfbbd04d635da1e71a2ba5b20747
                                                                                  Payload 94.75 (2).225.exeGet hashmaliciousUnknownBrowse
                                                                                  • 45.66.35.11/tor/server/fp/ac7c0f9d57dadad5d8f4568ee1543ef3e22a47ce
                                                                                  104.26.12.205Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                  • api.ipify.org/
                                                                                  6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                                  • api.ipify.org/
                                                                                  perfcc.elfGet hashmaliciousXmrigBrowse
                                                                                  • api.ipify.org/
                                                                                  SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                  • api.ipify.org/
                                                                                  SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                  • api.ipify.org/
                                                                                  hloRQZmlfg.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                  • api.ipify.org/
                                                                                  file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                  • api.ipify.org/
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                  • api.ipify.org/
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                  • api.ipify.org/
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                  • api.ipify.org/
                                                                                  132.163.97.2VLTKNhatRac.exeGet hashmaliciousUnknownBrowse
                                                                                    IxOp5BRgEv.exeGet hashmaliciousUnknownBrowse
                                                                                      y99ZI1Kjg8.exeGet hashmaliciousUnknownBrowse
                                                                                        QP6s4u5SZ8.exeGet hashmaliciousUnknownBrowse
                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          ntp1.glb.nist.govT8TY28UxiT.dllGet hashmaliciousUnknownBrowse
                                                                                          • 128.138.140.44
                                                                                          Q0cWJo6Jvh.exeGet hashmaliciousUnknownBrowse
                                                                                          • 132.163.97.1
                                                                                          Q0cWJo6Jvh.exeGet hashmaliciousUnknownBrowse
                                                                                          • 132.163.97.3
                                                                                          ExeFile (354).exeGet hashmaliciousUnknownBrowse
                                                                                          • 132.163.97.1
                                                                                          ExeFile (355).exeGet hashmaliciousUnknownBrowse
                                                                                          • 132.163.96.3
                                                                                          ExeFile (354).exeGet hashmaliciousUnknownBrowse
                                                                                          • 128.138.141.172
                                                                                          ExeFile (355).exeGet hashmaliciousUnknownBrowse
                                                                                          • 132.163.97.4
                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.30886.16837.exeGet hashmaliciousUnknownBrowse
                                                                                          • 128.138.141.172
                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.30886.16837.exeGet hashmaliciousUnknownBrowse
                                                                                          • 132.163.96.2
                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.22797.26187.exeGet hashmaliciousUnknownBrowse
                                                                                          • 132.163.96.3
                                                                                          time-a-g.nist.govy99ZI1Kjg8.exeGet hashmaliciousUnknownBrowse
                                                                                          • 129.6.15.28
                                                                                          QP6s4u5SZ8.exeGet hashmaliciousUnknownBrowse
                                                                                          • 129.6.15.28
                                                                                          2X3f1ykTmM.exeGet hashmaliciousKronosBrowse
                                                                                          • 129.6.15.28
                                                                                          kr.exeGet hashmaliciousKronosBrowse
                                                                                          • 129.6.15.28
                                                                                          WjmYak325l.exeGet hashmaliciousKronosBrowse
                                                                                          • 129.6.15.28
                                                                                          F75rJPKdGb.exeGet hashmaliciousKronosBrowse
                                                                                          • 129.6.15.28
                                                                                          ozJy5Zf5cf.exeGet hashmaliciousKronosBrowse
                                                                                          • 129.6.15.28
                                                                                          tgduMePOh0.exeGet hashmaliciousKronosBrowse
                                                                                          • 129.6.15.28
                                                                                          8AcNX5GzVY.exeGet hashmaliciousKronosBrowse
                                                                                          • 129.6.15.28
                                                                                          QkAgFhbO4a.exeGet hashmaliciousKronosBrowse
                                                                                          • 129.6.15.28
                                                                                          api.ipify.orgOrdine d'acquisto OI16014 e OI1601.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • 104.26.12.205
                                                                                          https://v90hdblg6c012.b-cdn.net/ppo45-fill-captch.htmlGet hashmaliciousLummaCBrowse
                                                                                          • 104.26.12.205
                                                                                          SecuriteInfo.com.Win32.Malware-gen.1695.31617.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                          • 104.26.13.205
                                                                                          8RuktpEZ8Q.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                          • 104.26.12.205
                                                                                          SecuriteInfo.com.Win64.CrypterX-gen.2448.5331.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                          • 172.67.74.152
                                                                                          SecuriteInfo.com.Win64.CrypterX-gen.23557.8276.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                          • 104.26.12.205
                                                                                          SecuriteInfo.com.Win64.PWSX-gen.1991.8598.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                          • 104.26.13.205
                                                                                          creditcard.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                          • 104.26.13.205
                                                                                          7rfw2HqJjJ.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                          • 104.26.12.205
                                                                                          SecuriteInfo.com.Win64.MalwareX-gen.26402.21423.exeGet hashmaliciousUnknownBrowse
                                                                                          • 104.26.12.205
                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          SPECTRENLPayload 94.75 (3).225.exeGet hashmaliciousUnknownBrowse
                                                                                          • 45.66.35.32
                                                                                          Payload 94.75 (2).225.exeGet hashmaliciousUnknownBrowse
                                                                                          • 45.66.35.11
                                                                                          8QBpLkbY6i.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                          • 45.66.33.45
                                                                                          A2G6pO40qG.exeGet hashmaliciousCMSBruteBrowse
                                                                                          • 45.66.35.11
                                                                                          jXBjxhHQgR.exeGet hashmaliciousCMSBruteBrowse
                                                                                          • 45.66.35.11
                                                                                          c8sDO7umrx.exeGet hashmaliciousCMSBruteBrowse
                                                                                          • 45.66.35.11
                                                                                          PHHOjspjmp.exeGet hashmaliciousCMSBruteBrowse
                                                                                          • 45.66.33.45
                                                                                          Mcb5K3TOWT.exeGet hashmaliciousUnknownBrowse
                                                                                          • 45.66.33.45
                                                                                          7VzdKNO227.exeGet hashmaliciousUnknownBrowse
                                                                                          • 45.66.35.11
                                                                                          906o5yr1NE.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, Stealc, XmrigBrowse
                                                                                          • 45.66.33.45
                                                                                          CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                          • 188.114.96.3
                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                          • 188.114.96.3
                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                          • 188.114.96.3
                                                                                          WF36VSMfKA.exeGet hashmaliciousZhark RATBrowse
                                                                                          • 172.67.159.186
                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                          • 188.114.96.3
                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, StealcBrowse
                                                                                          • 188.114.96.3
                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                          • 188.114.96.3
                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, Zhark RATBrowse
                                                                                          • 104.21.33.140
                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                          • 188.114.96.3
                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                          • 188.114.96.3
                                                                                          ONEANDONE-ASBrauerstrasse48DEPayload 94.75 (3).225.exeGet hashmaliciousUnknownBrowse
                                                                                          • 82.165.70.65
                                                                                          vTvt7ezxnl.exeGet hashmaliciousStealc, VidarBrowse
                                                                                          • 87.106.236.48
                                                                                          LpzvKHFnGD.exeGet hashmaliciousStealc, VidarBrowse
                                                                                          • 87.106.236.48
                                                                                          Reservation Detail Booking.com ID4336.vbsGet hashmaliciousAsyncRAT, PureLog Stealer, zgRATBrowse
                                                                                          • 212.227.67.33
                                                                                          https://myabd.co.uk/main/arull.php?7080797967704b53693230746450544d6f737a6b6a4e533076544b7972566438774a38394d4841413d3d#EMAILBASE64#Get hashmaliciousHTMLPhisherBrowse
                                                                                          • 217.160.0.3
                                                                                          https://www.google.se/url?q=%25CHAR5fgdrehsuabfolb&rct=%25CHAR4ndgsTYhfgyrv452jbsda&sa=t&esrc=Rgxldhffsbxhds&source=&cd=ZyB0byB5b3Ugbm=BAowunbc&ved=NmsnjdowpteqndyCBtY=&url=amp/reformasvaesma.es/pujrtqdguyr?eyCBtYgRFnRgxLmVnPvGet hashmaliciousUnknownBrowse
                                                                                          • 82.223.67.146
                                                                                          xLgTQcFdIJ.exeGet hashmaliciousStealc, VidarBrowse
                                                                                          • 87.106.236.48
                                                                                          VkTNb6p288.exeGet hashmaliciousFormBookBrowse
                                                                                          • 217.160.0.158
                                                                                          WGo3ga1AL9.exeGet hashmaliciousStealc, VidarBrowse
                                                                                          • 87.106.236.48
                                                                                          https://hidrive.ionos.com/lnk/FamigcCEFGet hashmaliciousUnknownBrowse
                                                                                          • 213.165.66.58
                                                                                          CALYX-ASUSPayload 94.75.225.exeGet hashmaliciousUnknownBrowse
                                                                                          • 162.247.74.31
                                                                                          b2Oyebni2W.exeGet hashmaliciousUnknownBrowse
                                                                                          • 162.247.74.200
                                                                                          c8sDO7umrx.exeGet hashmaliciousCMSBruteBrowse
                                                                                          • 162.247.74.201
                                                                                          Mcb5K3TOWT.exeGet hashmaliciousUnknownBrowse
                                                                                          • 162.247.74.201
                                                                                          OShRqF6jNV.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, Stealc, SystemBC, XmrigBrowse
                                                                                          • 162.247.74.201
                                                                                          SLtb3T91Li.exeGet hashmaliciousUnknownBrowse
                                                                                          • 162.247.74.201
                                                                                          01b9T4tDdG.exeGet hashmaliciousGlupteba, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                          • 162.247.74.201
                                                                                          82YWwkVfIS.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoaderBrowse
                                                                                          • 185.220.103.111
                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                          • 162.247.74.201
                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                          • 162.247.74.201
                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          3b5074b1b5d032e5620f69f9f700ff0eVsXpA6fSbk.jsGet hashmaliciousUnknownBrowse
                                                                                          • 104.26.12.205
                                                                                          VsXpA6fSbk.jsGet hashmaliciousUnknownBrowse
                                                                                          • 104.26.12.205
                                                                                          lDPmx9XNXu.exeGet hashmaliciousUnknownBrowse
                                                                                          • 104.26.12.205
                                                                                          lDPmx9XNXu.exeGet hashmaliciousUnknownBrowse
                                                                                          • 104.26.12.205
                                                                                          Request For Quotation RFQ1310.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                          • 104.26.12.205
                                                                                          Quote.exeGet hashmaliciousMassLogger RATBrowse
                                                                                          • 104.26.12.205
                                                                                          Ordine d'acquisto OI16014 e OI1601.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • 104.26.12.205
                                                                                          k1iZHyRK6K.exeGet hashmaliciousDCRatBrowse
                                                                                          • 104.26.12.205
                                                                                          SecuriteInfo.com.Riskware.Application.15728.494.exeGet hashmaliciousUnknownBrowse
                                                                                          • 104.26.12.205
                                                                                          SecuriteInfo.com.Riskware.Application.15728.494.exeGet hashmaliciousUnknownBrowse
                                                                                          • 104.26.12.205
                                                                                          c12f54a3f91dc7bafd92cb59fe009a35Payload 94.75 (3).225.exeGet hashmaliciousUnknownBrowse
                                                                                          • 51.15.96.2
                                                                                          • 45.94.31.29
                                                                                          • 94.143.137.213
                                                                                          • 158.69.205.247
                                                                                          • 162.247.74.27
                                                                                          • 185.225.226.182
                                                                                          • 129.150.56.220
                                                                                          • 23.129.64.145
                                                                                          Payload 94.75 (2).225.exeGet hashmaliciousUnknownBrowse
                                                                                          • 51.15.96.2
                                                                                          • 45.94.31.29
                                                                                          • 94.143.137.213
                                                                                          • 158.69.205.247
                                                                                          • 162.247.74.27
                                                                                          • 185.225.226.182
                                                                                          • 129.150.56.220
                                                                                          • 23.129.64.145
                                                                                          dnlib.exeGet hashmaliciousUnknownBrowse
                                                                                          • 51.15.96.2
                                                                                          • 45.94.31.29
                                                                                          • 94.143.137.213
                                                                                          • 158.69.205.247
                                                                                          • 162.247.74.27
                                                                                          • 185.225.226.182
                                                                                          • 129.150.56.220
                                                                                          • 23.129.64.145
                                                                                          2y0EV2jtyQ.exeGet hashmaliciousUnknownBrowse
                                                                                          • 51.15.96.2
                                                                                          • 45.94.31.29
                                                                                          • 94.143.137.213
                                                                                          • 158.69.205.247
                                                                                          • 162.247.74.27
                                                                                          • 185.225.226.182
                                                                                          • 129.150.56.220
                                                                                          • 23.129.64.145
                                                                                          SecuriteInfo.com.Win32.BankerX-gen.16604.2792.exeGet hashmaliciousUnknownBrowse
                                                                                          • 51.15.96.2
                                                                                          • 45.94.31.29
                                                                                          • 94.143.137.213
                                                                                          • 158.69.205.247
                                                                                          • 162.247.74.27
                                                                                          • 185.225.226.182
                                                                                          • 129.150.56.220
                                                                                          • 23.129.64.145
                                                                                          FileViewer.exeGet hashmaliciousUnknownBrowse
                                                                                          • 51.15.96.2
                                                                                          • 45.94.31.29
                                                                                          • 94.143.137.213
                                                                                          • 158.69.205.247
                                                                                          • 162.247.74.27
                                                                                          • 185.225.226.182
                                                                                          • 129.150.56.220
                                                                                          • 23.129.64.145
                                                                                          a6pN09gwZj.exeGet hashmaliciousUnknownBrowse
                                                                                          • 51.15.96.2
                                                                                          • 45.94.31.29
                                                                                          • 94.143.137.213
                                                                                          • 158.69.205.247
                                                                                          • 162.247.74.27
                                                                                          • 185.225.226.182
                                                                                          • 129.150.56.220
                                                                                          • 23.129.64.145
                                                                                          a6pN09gwZj.exeGet hashmaliciousUnknownBrowse
                                                                                          • 51.15.96.2
                                                                                          • 45.94.31.29
                                                                                          • 94.143.137.213
                                                                                          • 158.69.205.247
                                                                                          • 162.247.74.27
                                                                                          • 185.225.226.182
                                                                                          • 129.150.56.220
                                                                                          • 23.129.64.145
                                                                                          fL271NVAru.exeGet hashmaliciousUnknownBrowse
                                                                                          • 51.15.96.2
                                                                                          • 45.94.31.29
                                                                                          • 94.143.137.213
                                                                                          • 158.69.205.247
                                                                                          • 162.247.74.27
                                                                                          • 185.225.226.182
                                                                                          • 129.150.56.220
                                                                                          • 23.129.64.145
                                                                                          yoYRK88Xg2.exeGet hashmaliciousUnknownBrowse
                                                                                          • 51.15.96.2
                                                                                          • 45.94.31.29
                                                                                          • 94.143.137.213
                                                                                          • 158.69.205.247
                                                                                          • 162.247.74.27
                                                                                          • 185.225.226.182
                                                                                          • 129.150.56.220
                                                                                          • 23.129.64.145
                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          C:\Users\user\AppData\Local\Temp\GetX64BTIT.exe2X3f1ykTmM.exeGet hashmaliciousKronosBrowse
                                                                                            kr.exeGet hashmaliciousKronosBrowse
                                                                                              WjmYak325l.exeGet hashmaliciousKronosBrowse
                                                                                                F75rJPKdGb.exeGet hashmaliciousKronosBrowse
                                                                                                  ozJy5Zf5cf.exeGet hashmaliciousKronosBrowse
                                                                                                    tgduMePOh0.exeGet hashmaliciousKronosBrowse
                                                                                                      8AcNX5GzVY.exeGet hashmaliciousKronosBrowse
                                                                                                        QkAgFhbO4a.exeGet hashmaliciousKronosBrowse
                                                                                                          zfpLjnr5P9.exeGet hashmaliciousKronosBrowse
                                                                                                            8TTLURnXhM.exeGet hashmaliciousKronosBrowse
                                                                                                              Process:C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                              Category:modified
                                                                                                              Size (bytes):3584
                                                                                                              Entropy (8bit):3.6097432647869687
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:iflXaTvtsBzS/ulSInUIh6hhyZXoMB5vRuqS:kMTih53jpx
                                                                                                              MD5:B4CD27F2B37665F51EB9FE685EC1D373
                                                                                                              SHA1:7F08FEBF0FDB7FC9F8BF35A10FB11E7DE431ABE0
                                                                                                              SHA-256:91F1023142B7BABF6FF75DAD984C2A35BDE61DC9E61F45483F4B65008576D581
                                                                                                              SHA-512:E025F65224D78F5FD0ABEBE281AC0D44A385B2641E367CF39EED6AEFADA20A112AC47F94D7FEBC4424F1DB6A6947BAC16FF83EF93A8D745B3CDDFDBE64C49A1E
                                                                                                              Malicious:true
                                                                                                              Antivirus:
                                                                                                              • Antivirus: ReversingLabs, Detection: 58%
                                                                                                              Joe Sandbox View:
                                                                                                              • Filename: 2X3f1ykTmM.exe, Detection: malicious, Browse
                                                                                                              • Filename: kr.exe, Detection: malicious, Browse
                                                                                                              • Filename: WjmYak325l.exe, Detection: malicious, Browse
                                                                                                              • Filename: F75rJPKdGb.exe, Detection: malicious, Browse
                                                                                                              • Filename: ozJy5Zf5cf.exe, Detection: malicious, Browse
                                                                                                              • Filename: tgduMePOh0.exe, Detection: malicious, Browse
                                                                                                              • Filename: 8AcNX5GzVY.exe, Detection: malicious, Browse
                                                                                                              • Filename: QkAgFhbO4a.exe, Detection: malicious, Browse
                                                                                                              • Filename: zfpLjnr5P9.exe, Detection: malicious, Browse
                                                                                                              • Filename: 8TTLURnXhM.exe, Detection: malicious, Browse
                                                                                                              Reputation:moderate, very likely benign file
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o..+..+..+..X..(..+..,..8...*..8...*..8..*..Rich+..........PE..d...n..[.........."............................@.............................P............`.................................................."..(....@.......0....................... ..p............................................ ..@............................text...w........................... ..`.rdata..n.... ......................@..@.pdata.......0......................@..@.rsrc........@......................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                              Process:C:\Users\user\AppData\Local\Temp\GetX64BTIT.exe
                                                                                                              File Type:data
                                                                                                              Category:modified
                                                                                                              Size (bytes):28
                                                                                                              Entropy (8bit):4.423251796980336
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:MONtEfunMn:MgMn
                                                                                                              MD5:03065520ADE39E7DEDC2C428E9D10EB9
                                                                                                              SHA1:568E52DA058C666A368D4A1567AFC22E0CB10687
                                                                                                              SHA-256:296FFA24BE46495C87719BE4FE56119598600947DDE9F47B45F910F2960510AB
                                                                                                              SHA-512:EDEC6B037CC7F78E8CFEF36ECFE7C512711702E354D2C8443E25D027D12B8E90E17247A3D8688E3151E1EEE92A1A424781BE59CB79E0A4C5B781464ED2BB8E9D
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview: p1+....H..(..u.I..H........
                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                              Entropy (8bit):7.769597357351791
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.66%
                                                                                                              • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                              File name:Payload 94.75 (4).225.exe
                                                                                                              File size:624'143 bytes
                                                                                                              MD5:987a79c800f109491dcbfbc589f940f2
                                                                                                              SHA1:d0a7eedc6b908ffc728f287036696fd0688436f7
                                                                                                              SHA256:07457423012b530efe135d313c7c3d509c0ec8f13dacd5751ddfce7c311182c7
                                                                                                              SHA512:959c7e45f4ae3ab901f7aad2ed3d5d74861aa9d812df0bf1bd499afd759a2811b98dbba43e143c3a90f8fa7c4b7d8592e1aa60402de8cc62da409c30aad118ac
                                                                                                              SSDEEP:12288:KZ543M5v7Kc3ygT2lXVCllX8peI7cQitqUmyq+1pmhM:SUiL3yjXUlu0I7vitqUmyq+1paM
                                                                                                              TLSH:D0D4E026686C2F44D923B334720B2E3595B69B1F3F26556CEEFF8BB1E174A404A5304B
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1Zmsu;. u;. u;. ki. j;. ki. l;. ki. .;. R.x p;. u;. .;. ki. t;. ki. t;. ki. t;. Richu;. ........................PE..L...L.w^...
                                                                                                              Icon Hash:2927382d4e6c6424
                                                                                                              Entrypoint:0x51bd3b0
                                                                                                              Entrypoint Section:UPX1
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0x5E778B4C [Sun Mar 22 15:59:08 2020 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:5
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:5
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:5
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:51f3f223eb524785c1900912591586f0
                                                                                                              Instruction
                                                                                                              pushad
                                                                                                              mov esi, 05128000h
                                                                                                              lea edi, dword ptr [esi-04D27000h]
                                                                                                              push edi
                                                                                                              jmp 00007FADA47FC98Dh
                                                                                                              nop
                                                                                                              mov al, byte ptr [esi]
                                                                                                              inc esi
                                                                                                              mov byte ptr [edi], al
                                                                                                              inc edi
                                                                                                              add ebx, ebx
                                                                                                              jne 00007FADA47FC989h
                                                                                                              mov ebx, dword ptr [esi]
                                                                                                              sub esi, FFFFFFFCh
                                                                                                              adc ebx, ebx
                                                                                                              jc 00007FADA47FC96Fh
                                                                                                              mov eax, 00000001h
                                                                                                              add ebx, ebx
                                                                                                              jne 00007FADA47FC989h
                                                                                                              mov ebx, dword ptr [esi]
                                                                                                              sub esi, FFFFFFFCh
                                                                                                              adc ebx, ebx
                                                                                                              adc eax, eax
                                                                                                              add ebx, ebx
                                                                                                              jnc 00007FADA47FC98Dh
                                                                                                              jne 00007FADA47FC9AAh
                                                                                                              mov ebx, dword ptr [esi]
                                                                                                              sub esi, FFFFFFFCh
                                                                                                              adc ebx, ebx
                                                                                                              jc 00007FADA47FC9A1h
                                                                                                              dec eax
                                                                                                              add ebx, ebx
                                                                                                              jne 00007FADA47FC989h
                                                                                                              mov ebx, dword ptr [esi]
                                                                                                              sub esi, FFFFFFFCh
                                                                                                              adc ebx, ebx
                                                                                                              adc eax, eax
                                                                                                              jmp 00007FADA47FC956h
                                                                                                              add ebx, ebx
                                                                                                              jne 00007FADA47FC989h
                                                                                                              mov ebx, dword ptr [esi]
                                                                                                              sub esi, FFFFFFFCh
                                                                                                              adc ebx, ebx
                                                                                                              adc ecx, ecx
                                                                                                              jmp 00007FADA47FC9D4h
                                                                                                              xor ecx, ecx
                                                                                                              sub eax, 03h
                                                                                                              jc 00007FADA47FC993h
                                                                                                              shl eax, 08h
                                                                                                              mov al, byte ptr [esi]
                                                                                                              inc esi
                                                                                                              xor eax, FFFFFFFFh
                                                                                                              je 00007FADA47FC9F7h
                                                                                                              sar eax, 1
                                                                                                              mov ebp, eax
                                                                                                              jmp 00007FADA47FC98Dh
                                                                                                              add ebx, ebx
                                                                                                              jne 00007FADA47FC989h
                                                                                                              mov ebx, dword ptr [esi]
                                                                                                              sub esi, FFFFFFFCh
                                                                                                              adc ebx, ebx
                                                                                                              jc 00007FADA47FC94Eh
                                                                                                              inc ecx
                                                                                                              add ebx, ebx
                                                                                                              jne 00007FADA47FC989h
                                                                                                              mov ebx, dword ptr [esi]
                                                                                                              sub esi, FFFFFFFCh
                                                                                                              adc ebx, ebx
                                                                                                              jc 00007FADA47FC940h
                                                                                                              add ebx, ebx
                                                                                                              jne 00007FADA47FC989h
                                                                                                              mov ebx, dword ptr [esi]
                                                                                                              sub esi, FFFFFFFCh
                                                                                                              adc ebx, ebx
                                                                                                              adc ecx, ecx
                                                                                                              add ebx, ebx
                                                                                                              jnc 00007FADA47FC971h
                                                                                                              jne 00007FADA47FC98Bh
                                                                                                              mov ebx, dword ptr [esi]
                                                                                                              sub esi, FFFFFFFCh
                                                                                                              adc ebx, ebx
                                                                                                              jnc 00007FADA47FC966h
                                                                                                              add ecx, 02h
                                                                                                              cmp ebp, FFFFFB00h
                                                                                                              adc ecx, 02h
                                                                                                              lea edx, dword ptr [edi+ebp]
                                                                                                              cmp ebp, FFFFFFFCh
                                                                                                              jbe 00007FADA47FC990h
                                                                                                              mov al, byte ptr [edx]
                                                                                                              Programming Language:
                                                                                                              • [C++] VS2008 build 21022
                                                                                                              • [ASM] VS2008 build 21022
                                                                                                              • [ C ] VS2008 build 21022
                                                                                                              • [IMP] VS2005 build 50727
                                                                                                              • [RES] VS2008 build 21022
                                                                                                              • [LNK] VS2008 build 21022
                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x4dc0a440xc4.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x4dbe0000x2a44.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              UPX00x10000x4d270000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              UPX10x4d280000x960000x9560013726edc009367412d6beee0ba78577fFalse0.9239082112970711MPEG ADTS, layer I, v2, 160 kbps, 24 kHz, Monaural7.779111693612384IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              .rsrc0x4dbe0000x30000x2c0014e568ded1458a4885212ea55ed74756False0.6082208806818182data5.364583390499237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                              GOPEREDEWEYOWALAGOBAW0x4db36d80xdbddata0.9920386693204436
                                                                                                              RT_BITMAP0x4ce48900xcee48empty0
                                                                                                              RT_ICON0x4dbe2c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.6364107883817427
                                                                                                              RT_STRING0x4db46800x24cDOS executable (COM)1.0187074829931972
                                                                                                              RT_STRING0x4db48d00xc40420 Alliant virtual executable not stripped1.0561224489795917
                                                                                                              RT_GROUP_ICON0x4dc08740x14data1.15
                                                                                                              RT_VERSION0x4dc088c0x1b8COM executable for DOS0.5954545454545455
                                                                                                              None0x4db44980xadata1.8
                                                                                                              None0x4db44a80xadata1.8
                                                                                                              None0x4db44b80xaNon-ISO extended-ASCII text, with no line terminators, with escape sequences1.8
                                                                                                              DLLImport
                                                                                                              KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                                                                                                              WINHTTP.dllWinHttpCloseHandle
                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749701216.218.219.4180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.761245193.23.244.24480TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.76121645.66.35.1180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.761248216.218.219.4180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.76126045.66.35.1180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74979245.66.35.1180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74972945.66.35.1180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.76124645.66.35.1180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.761262193.23.244.24480TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.761148193.23.244.24480TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.761253216.218.219.4180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.761243193.23.244.24480TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749704193.23.244.24480TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.76108845.66.35.1180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.761242193.23.244.24480TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.761261193.23.244.24480TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.761241193.23.244.24480TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74971745.66.35.1180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749723216.218.219.4180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.761258193.23.244.24480TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.76124445.66.35.1180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.74970245.66.35.1180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749711193.23.244.24480TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749705193.23.244.24480TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.76115545.66.35.1180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.76125945.66.35.1180TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.761247193.23.244.24480TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749699131.188.40.18980TCP
                                                                                                              2024-11-03T09:35:57.678292+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.761263216.218.219.4180TCP
                                                                                                              2024-11-03T09:36:06.777667+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.749700104.26.12.205443TCP
                                                                                                              2024-11-03T09:36:21.698063+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.749758TCP
                                                                                                              2024-11-03T09:36:55.887071+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.761161TCP
                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Nov 3, 2024 09:36:02.878741026 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:02.883636951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:02.883717060 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:02.886225939 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:02.891064882 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.944403887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.944421053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.944432020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.944444895 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.944454908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.944468975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.944473982 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:03.944525003 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.944538116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.944540024 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:03.944550037 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.944560051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.944597006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:03.944608927 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:03.950038910 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.950052023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:03.950103045 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.096935034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.096975088 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.096987009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.096998930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.097009897 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.097017050 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.097055912 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.097246885 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.097259045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.097269058 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.097278118 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.097290039 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.097316027 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.097348928 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.098108053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.098119020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.098130941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.098148108 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.098159075 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.098164082 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.098186970 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.099004030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.099014997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.099025965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.099035978 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.099049091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.099050045 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.099167109 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.099834919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.099847078 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.099883080 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.101908922 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.101928949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.101970911 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.245523930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249653101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249705076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249706030 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.249716043 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249758959 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.249810934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249821901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249833107 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249842882 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249865055 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249875069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249887943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249896049 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.249900103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249914885 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249926090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249936104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249938011 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.249950886 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.249959946 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.249979973 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.249995947 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.249996901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.250011921 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.250024080 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.250035048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.250046015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.250053883 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.250056982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.250071049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.250077963 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.250104904 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.250861883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.250906944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.250909090 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.250920057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.250966072 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.250974894 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.250992060 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251003981 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251013994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251024008 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251034021 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.251055956 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.251411915 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251431942 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251444101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251461029 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.251485109 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.251544952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251563072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251574993 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251585960 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251591921 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251602888 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251615047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251616001 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.251631021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251641035 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.251646996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.251674891 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.251698017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.254770041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.254811049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.254821062 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.254827023 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.254859924 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.397819042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.397831917 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.397844076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.397880077 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.397969007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.397980928 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.398026943 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.402765989 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.402807951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.402817011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.402817965 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.402837992 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.402849913 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.402862072 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.402888060 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.402925968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.402936935 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.402947903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.402964115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.402978897 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403009892 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403047085 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403047085 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403110981 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403148890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403161049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403171062 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403182030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403255939 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403255939 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403343916 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403356075 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403408051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403419971 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403450966 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403484106 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403491974 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403502941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403532982 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403563023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403604031 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403619051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403640985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403655052 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403666973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403678894 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403680086 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403706074 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403775930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403785944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403796911 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403809071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403820038 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403820038 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403831959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403841019 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403848886 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.403876066 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.403894901 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.404062986 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404166937 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404176950 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404189110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404198885 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404211044 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404216051 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.404222965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404237032 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.404266119 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.404273033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404284000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404295921 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404305935 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404310942 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.404320002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404333115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404342890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404351950 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.404356003 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404367924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.404376030 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.404382944 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.404424906 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.407941103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.407958031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.407970905 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.407983065 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.407994986 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408010960 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408021927 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408080101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408098936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408109903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408118963 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408121109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408134937 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408142090 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408147097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408159018 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408169985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408180952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408188105 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408193111 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408205986 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408216953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408221960 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408231020 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408236980 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408261061 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408271074 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408509016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408519983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408531904 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408543110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408555031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408566952 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408602953 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408674002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408715963 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408719063 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408727884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408761024 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408792973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408806086 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408816099 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408827066 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408839941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408849955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.408859015 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408924103 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.408988953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.409030914 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.409043074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.409070969 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.409107924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.409126997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.409140110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.409151077 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.409158945 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.409162998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.409173012 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.409173965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.409204006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.459542036 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.550868988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.550898075 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.550915956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.550930977 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.550946951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.550946951 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.550964117 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.550981045 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.550983906 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.551001072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.551031113 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.551049948 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.556139946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556166887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556184053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556214094 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.556236029 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556251049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556267023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556281090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556294918 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.556296110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556315899 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.556353092 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.556560040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556575060 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556601048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556613922 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556615114 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.556629896 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556646109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556662083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556668043 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.556679964 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556693077 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556694984 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.556718111 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556732893 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.556740999 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.556778908 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.557216883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557245016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557261944 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.557293892 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557310104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557334900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557342052 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.557351112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557385921 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.557388067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557413101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557430029 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.557440042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557455063 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557470083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557487011 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.557495117 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557508945 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.557511091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557518005 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557540894 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557552099 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.557557106 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557565928 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557580948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557590961 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557612896 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.557651997 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.557677031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557693005 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557708979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557739973 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.557748079 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557763100 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557780981 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.557791948 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.557857990 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.558054924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558070898 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558089972 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558106899 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558123112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558129072 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.558149099 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558163881 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558173895 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.558177948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558197021 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.558202028 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558211088 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558226109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558270931 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.558620930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558645964 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558660030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558675051 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.558706999 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.558716059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558731079 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558747053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.558770895 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.559122086 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.559154987 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.559168100 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.559181929 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.559214115 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.559283018 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.559298992 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.559324026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.559341908 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.559681892 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.559695959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.559711933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.559731960 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.559761047 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.559822083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.559868097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.559884071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.559909105 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.560231924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560259104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560271978 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560282946 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.560287952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560308933 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.560396910 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560414076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560430050 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560441017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.560477972 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.560708046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560786963 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560801983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560817003 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560833931 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.560847044 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560863018 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560867071 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.560888052 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560904980 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560909033 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.560919046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560934067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560949087 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560952902 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.560965061 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560980082 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.560985088 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.561021090 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.561022043 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561039925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561074018 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.561126947 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561144114 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561167955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561183929 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561187029 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.561208963 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561214924 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.561224937 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561243057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561252117 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.561256886 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561284065 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.561671972 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561697960 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561713934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561727047 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.561764956 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.561779976 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561794996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561810017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.561835051 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.562261105 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.562288046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.562302113 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.562304020 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.562346935 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.562347889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.562365055 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.562390089 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.562405109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.562407017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.562457085 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.562747002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.562760115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.562808037 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.562808990 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.562823057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.562865973 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.563081026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.563097000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.563111067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.563141108 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.563220978 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.563270092 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.563287973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.563302040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.563324928 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.563347101 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564018965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564035892 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564049959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564066887 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564074039 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564089060 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564091921 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564107895 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564124107 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564140081 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564142942 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564169884 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564237118 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564251900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564269066 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564275026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564284086 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564292908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564306021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564311981 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564348936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564349890 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564363003 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564394951 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564449072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564466000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564496994 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564516068 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564532042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564548969 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564579964 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564596891 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564599037 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564615965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564631939 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564654112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564656019 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.564666986 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.564693928 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.565202951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.565217018 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.565232992 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.565251112 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.565258026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.565274000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.565282106 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.565289974 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.565313101 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.565860033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.565885067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.565906048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.565912962 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.565943003 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.565947056 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.565958977 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.565973997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.566000938 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.566593885 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.566606998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.566621065 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.566637039 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.566653013 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.566684961 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.567147017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.567162991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.567179918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.567190886 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.567224979 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.567567110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.567615032 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.567630053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.567665100 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.568346977 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.568373919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.568388939 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.568403006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.568438053 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.568896055 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.568912983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.568931103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.568958044 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.569495916 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.569546938 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.569551945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.569566011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.569590092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.569603920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.569618940 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.569643974 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.570116997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.570131063 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.570177078 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.570177078 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.570190907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.570238113 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.571103096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.571116924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.571141005 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.571156979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.571161985 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.571196079 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.572139978 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.572154045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.572169065 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.572184086 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.572241068 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.572282076 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.573419094 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573442936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573460102 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573474884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573491096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573493004 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.573507071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573517084 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.573523045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573551893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573554039 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.573568106 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573582888 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573596954 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.573597908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573615074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573626041 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.573631048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573646069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.573657036 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.573685884 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.714160919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714322090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714368105 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.714457035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714612007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714669943 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.714695930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714711905 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714729071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714762926 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.714796066 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714824915 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714844942 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.714865923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714880943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714909077 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.714925051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714940071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714955091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714975119 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.714977026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.714993000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715002060 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715009928 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715034008 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715049982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715065002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715081930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715090990 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715125084 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715198040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715214968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715259075 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715281010 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715358019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715409994 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715426922 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715446949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715471983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715487957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715497017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715534925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715534925 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715552092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715593100 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715610027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715650082 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715663910 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715679884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715697050 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715733051 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715761900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715796947 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715821981 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715847969 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715886116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715900898 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715918064 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715933084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715958118 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715965033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.715991020 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.715996027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716028929 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716073036 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716089010 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716119051 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716154099 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716169119 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716193914 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716198921 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716216087 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716231108 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716234922 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716248035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716264009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716269970 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716299057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716305017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716325045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716340065 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716363907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716367006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716396093 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716404915 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716411114 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716428041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716451883 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716453075 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716469049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716491938 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716500998 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716506958 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716519117 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716526985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716542959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716552973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716567039 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716567993 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716608047 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716623068 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716854095 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716878891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716892958 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716917038 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716924906 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716932058 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716948032 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716959000 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716964006 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716979980 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.716989994 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.716995955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717021942 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717022896 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717036963 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717053890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717062950 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717068911 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717083931 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717094898 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717101097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717118979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717133045 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717142105 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717159033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717160940 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717174053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717191935 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717204094 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717206001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717221975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717236996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717236996 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717253923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717266083 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717278957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717297077 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717299938 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717315912 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717333078 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717344046 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717348099 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717363119 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717376947 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717391968 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717391968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717411041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717417002 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717426062 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717442036 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717442989 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717458010 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717473984 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717477083 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717490911 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717506886 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717508078 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717523098 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717538118 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717546940 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717552900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717570066 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717575073 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717586994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717602015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717602968 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717628002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717634916 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717644930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717660904 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717677116 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717685938 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717696905 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717701912 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717717886 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717732906 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717746973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717747927 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717763901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717791080 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717792988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717811108 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717820883 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717834949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717849016 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717850924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717865944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717880011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717892885 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717897892 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717915058 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717922926 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717930079 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717945099 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717956066 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.717958927 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717977047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.717993021 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718000889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718019009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718024015 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718034029 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718050003 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718066931 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718077898 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718082905 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718097925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718110085 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718112946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718130112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718137980 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718144894 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718159914 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718167067 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718178034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718193054 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718197107 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718208075 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718223095 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718238115 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718239069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718256950 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718266010 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718275070 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718277931 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718292952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718308926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718318939 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718324900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718333006 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718347073 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718360901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718377113 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718389988 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718394041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718401909 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718408108 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718435049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718441963 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718458891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718473911 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718477964 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718489885 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718506098 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718516111 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718521118 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718535900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718543053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718544006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718554020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718561888 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718569040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718584061 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718597889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718611002 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718612909 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718642950 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718642950 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718660116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718676090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718683004 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718692064 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718708038 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718718052 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718722105 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718739986 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718749046 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718756914 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718772888 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718781948 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718789101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718805075 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718815088 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718822002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718837976 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718847990 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718852997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718869925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718882084 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718885899 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718902111 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718914986 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718919992 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718938112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718940020 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718955040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718969107 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.718977928 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.718986034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719002008 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719010115 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719018936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719034910 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719044924 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719050884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719067097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719074965 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719084024 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719100952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719113111 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719116926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719136000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719146967 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719152927 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719171047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719178915 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719187975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719202995 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719211102 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719222069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719237089 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719242096 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719253063 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719263077 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719269991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719276905 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719285965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719300985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719325066 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719330072 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719340086 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719341040 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719360113 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.719386101 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719408035 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.719630957 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.720577955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.720632076 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.720675945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721585035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721600056 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721616983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721627951 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.721678019 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.721720934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721735954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721750021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721765041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721775055 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.721780062 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721797943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721810102 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.721813917 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721838951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721841097 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.721853971 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721869946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721879959 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.721887112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721901894 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721929073 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721934080 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.721942902 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.721946955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721962929 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721978903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.721992970 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.721997023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722012997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722022057 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.722038031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722052097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722054005 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.722068071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722084045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722090006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.722100019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722115040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722129107 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.722131014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722146988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722156048 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.722163916 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722178936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722187996 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.722196102 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722210884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722223997 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.722227097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.722256899 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.724257946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.724303961 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.724360943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.724376917 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.724392891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.724409103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.724416971 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.724426031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.724442005 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.724451065 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.724459887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.724528074 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725116968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725179911 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725258112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725274086 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725291014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725306988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725318909 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725322962 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725338936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725349903 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725354910 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725372076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725383997 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725394964 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725419998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725421906 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725438118 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725452900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725466967 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725469112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725483894 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725498915 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725502968 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725514889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725531101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725541115 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725545883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725568056 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725581884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725599051 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725606918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725624084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725637913 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725652933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725655079 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725668907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725683928 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725684881 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725701094 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725718021 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725718975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725733995 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725749969 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725764990 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725775003 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725790977 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725800037 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725806952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725821018 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725825071 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725836992 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725853920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725864887 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725878000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725893974 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725905895 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725909948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725924969 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725931883 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725940943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725956917 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725970030 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.725972891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.725987911 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726006985 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726015091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726030111 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726030111 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726047039 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726063013 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726063967 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726079941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726094961 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726104021 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726109982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726125956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726130009 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726141930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726164103 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726164103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726191044 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726201057 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726207018 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726222038 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726237059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726250887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726260900 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726269007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726284027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726289034 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726300001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726309061 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726327896 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726339102 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726362944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726380110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726392031 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726398945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726423979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726427078 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726439953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726455927 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726468086 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726471901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726489067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726499081 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726504087 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726520061 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726531029 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726535082 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726552010 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726561069 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726567984 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726584911 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726594925 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726599932 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726615906 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726632118 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726634026 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726649046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726658106 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726665974 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726681948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726692915 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726696014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726713896 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726727962 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726728916 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726744890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726756096 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726762056 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726778030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726788998 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726794004 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726809025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726816893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726819038 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726825953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726834059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726843119 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726856947 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726872921 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726886034 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.726891041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.726922035 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.739967108 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.740072966 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.860605001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.860620975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.860665083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.860682964 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.860687971 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.860706091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.860738993 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862163067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862212896 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862253904 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862277985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862293959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862308979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862319946 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862333059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862354994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862364054 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862373114 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862399101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862399101 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862418890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862443924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862451077 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862461090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862476110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862488985 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862497091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862520933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862521887 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862539053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862552881 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862567902 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862581968 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862586021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862601995 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862601995 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862618923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862632036 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862658978 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862834930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862904072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862917900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862947941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862957001 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.862963915 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862978935 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.862991095 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863004923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863018990 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863029957 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863035917 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863051891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863061905 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863070011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863095045 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863281965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863331079 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863368034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863382101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863396883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863411903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863423109 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863426924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863471985 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863497972 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863524914 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863539934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863544941 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863594055 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863625050 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863648891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863665104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863679886 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863692045 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863696098 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863712072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863727093 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863730907 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863749027 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863754034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863779068 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863791943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863807917 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863814116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863830090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863837957 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863857985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863873005 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863881111 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863895893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863912106 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863925934 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863945007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863956928 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.863960981 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863977909 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.863990068 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.864001036 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.864003897 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.864021063 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.864033937 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.864042997 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.864052057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.864061117 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.864065886 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.864109993 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.866555929 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866573095 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866589069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866612911 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.866628885 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.866710901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866727114 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866743088 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866756916 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866786003 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.866806030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866822958 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866838932 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866843939 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.866854906 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866866112 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.866872072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866888046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866904020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866904020 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.866924047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866940975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.866947889 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.866962910 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867149115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867165089 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867178917 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867193937 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867194891 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867211103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867228031 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867259026 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867296934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867321968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867341995 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867356062 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867364883 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867373943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867397070 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867405891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867420912 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867435932 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867450953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867450953 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867474079 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867480040 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867492914 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867508888 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867517948 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867526054 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867542982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867553949 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867588043 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867727995 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867743015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867758036 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867784023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867785931 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867799997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867815018 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867829084 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867830038 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867846012 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867860079 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867861032 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867877960 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867887974 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867909908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867923021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867945910 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867945910 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867964029 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.867974043 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.867978096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868002892 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868021011 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868026972 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868042946 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868042946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868058920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868084908 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868086100 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868102074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868117094 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868133068 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868140936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868155956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868163109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868163109 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868189096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868196964 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868211985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868226051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868241072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868247032 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868256092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868273020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868275881 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868288040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868299961 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868313074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868315935 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868328094 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868344069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868360996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868362904 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868376970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868392944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868393898 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868407965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868422031 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868423939 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868439913 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868449926 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868467093 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868479013 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868490934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868515968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868530035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868535042 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868546009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868561029 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868571997 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868576050 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868591070 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868613005 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868616104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868633032 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868639946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868655920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868673086 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868679047 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868699074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868710995 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868716002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868731976 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868746042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868757963 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868771076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868783951 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868794918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868812084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868825912 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868837118 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868840933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868865967 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868872881 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868896961 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868911982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868915081 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868930101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868942976 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868952036 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868966103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868979931 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.868983030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.868999004 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869014025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869024992 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869029045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869045973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869056940 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869060040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869076014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869098902 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869098902 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869117022 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869121075 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869133949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869148970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869153976 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869164944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869179964 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869194031 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869196892 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869213104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869225025 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869226933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869242907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869254112 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869257927 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869273901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869283915 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869290113 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869306087 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869314909 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869321108 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869337082 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869347095 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869352102 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869366884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869374990 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869381905 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869396925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869406939 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869426012 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869436026 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869450092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869465113 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869478941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869497061 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869507074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869520903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869535923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869539976 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869560003 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869566917 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869575977 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869590998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869605064 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869609118 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869621038 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869631052 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869636059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869652987 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869667053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869679928 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869683027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869699001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869713068 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869714975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869728088 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869730949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869749069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869762897 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869762897 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869782925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869791985 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869798899 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869818926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869827032 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869836092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869852066 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869867086 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869868040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869887114 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869899988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869904995 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869915962 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869930983 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869930983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869950056 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869961977 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.869967937 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869982958 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.869997025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870004892 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.870011091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870028019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870034933 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.870043993 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870054007 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.870059967 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870074987 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870090008 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.870090008 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870106936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870116949 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.870124102 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870136976 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870147943 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.870151997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870167971 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870174885 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.870184898 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.870203972 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.871543884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871596098 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.871615887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871630907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871645927 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871660948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871671915 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.871701956 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.871794939 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871810913 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871825933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871840954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871855974 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871870995 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871885061 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871898890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871905088 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.871905088 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.871916056 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871932983 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.871948957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871963978 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.871964931 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871980906 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.871995926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872009039 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.872014046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872029066 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872036934 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.872045994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872061014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872064114 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.872076988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872092009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872092962 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.872107983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872123003 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872137070 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872138023 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.872153044 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872159004 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.872168064 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872184038 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872196913 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.872199059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872215033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872224092 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.872231960 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:04.872235060 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.872289896 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.877624035 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:04.877733946 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.014692068 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.014723063 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.014770985 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.014938116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.014955044 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.014970064 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.014983892 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.014990091 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015001059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015017033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015038967 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015049934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015058994 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015065908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015084028 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015099049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015115023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015120983 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015129089 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015144110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015146017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015161037 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015166044 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015178919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015192986 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015198946 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015218019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015233994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015238047 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015249968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015265942 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015271902 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015281916 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015297890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015305996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015310049 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015321970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015337944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015353918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015356064 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015377045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015391111 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015394926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015400887 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015414953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015431881 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015444040 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015445948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015463114 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015475035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015475988 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015490055 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015513897 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.015522957 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.015543938 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.016784906 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.016798019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.016813040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.016838074 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.016868114 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.016875982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.016890049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.016905069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.016927958 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.016940117 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.016952991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.016968012 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.016977072 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.016983032 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.016999960 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017010927 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017039061 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017052889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017069101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017082930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017106056 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017110109 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017122984 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017136097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017149925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017157078 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017167091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017184973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017184973 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017210007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017210960 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017226934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017242908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017251968 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017256975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017271996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017285109 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017286062 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017312050 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017323017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017328024 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017344952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017357111 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017371893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017390966 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017395973 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017406940 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017421961 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017435074 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017438889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017455101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017462969 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017471075 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017486095 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017494917 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017501116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017514944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017529964 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017532110 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017544985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017556906 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017560005 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017575979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017587900 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017597914 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017613888 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017616034 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017638922 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017652988 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017656088 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017671108 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017685890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017700911 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017704010 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017715931 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017729044 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017730951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017749071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017755985 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017764091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017788887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017792940 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017803907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017827988 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017828941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017853975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017868996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017874002 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017884970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017900944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017916918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017927885 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017936945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017959118 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017961025 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017976046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.017991066 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.017995119 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018017054 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018022060 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018037081 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018052101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018059969 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018070936 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018078089 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018090963 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018095970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018111944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018120050 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018127918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018142939 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018158913 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018158913 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018184900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018198013 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018209934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018224001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018238068 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018240929 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018264055 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018266916 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018279076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018302917 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018305063 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018320084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018337011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018351078 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018352032 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018367052 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018378973 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018383026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018399000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018407106 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018414021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018429041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018439054 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018443108 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018467903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018471003 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018484116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018501043 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018510103 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018517017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018532991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018541098 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018549919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018565893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018577099 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018582106 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018596888 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018604040 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018614054 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018629074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018646955 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018661022 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018673897 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018683910 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018699884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018713951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018723011 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018729925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018749952 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018754005 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018769979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018784046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018800020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018800974 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018815994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018829107 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018835068 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018848896 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018858910 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018865108 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018881083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018896103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018898010 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018923998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018924952 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018951893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018965006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.018969059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.018985033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019000053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019015074 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019017935 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019033909 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019043922 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019049883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019066095 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019076109 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019081116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019102097 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019108057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019124031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019138098 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019150972 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019154072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019169092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019180059 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019185066 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019201994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019210100 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019217968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019232988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019243956 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019248009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019263983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019273043 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019289970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019299984 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019305944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019330025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019347906 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019347906 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019377947 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019388914 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019392014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019418001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019428015 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019433975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019448996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019464016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019471884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019474983 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019488096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019504070 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019509077 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019519091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019534111 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019534111 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019552946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019570112 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019579887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019594908 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019594908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019612074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019625902 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019639969 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019642115 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019655943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019670963 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019675970 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019686937 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019705057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019706011 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019721031 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019726038 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019751072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019766092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019771099 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019781113 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019795895 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019809961 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019824028 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019829035 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019838095 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019839048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019855022 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019870996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019872904 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019886017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019901991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019910097 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019917965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019928932 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019933939 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019949913 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019964933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019979954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019979954 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.019995928 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.019996881 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020010948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020024061 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020026922 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020045042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020059109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020065069 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020075083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020091057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020091057 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020107031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020122051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020124912 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020137072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020150900 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020150900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020165920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020180941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020195007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020200968 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020212889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020226955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020230055 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020242929 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020257950 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020272970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020276070 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020288944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020301104 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020306110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020323038 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020329952 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020338058 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020353079 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020359039 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020369053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020394087 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020396948 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020409107 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020425081 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020441055 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020442963 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020457029 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020468950 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020473957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020489931 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020495892 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020507097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020522118 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020530939 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020538092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020553112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020565987 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020569086 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020586014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020601034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020601034 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020617008 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020627022 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020632982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020648956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020662069 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020664930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020682096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020689011 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020697117 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020713091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020723104 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020726919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020745993 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020751953 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020762920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020788908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020796061 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020806074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020821095 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020828009 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020837069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020852089 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020860910 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020872116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020890951 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020896912 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020914078 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020927906 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020936966 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020942926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020958900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020968914 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.020983934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.020998955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021001101 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021014929 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021030903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021038055 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021047115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021070957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021069050 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021096945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021110058 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021112919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021128893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021146059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021152973 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021171093 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021186113 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021193981 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021219015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021229982 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021233082 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021250010 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021261930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021276951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021281958 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021295071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021301985 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021311998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021341085 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021341085 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021357059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021373034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021384001 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021389961 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021404982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021411896 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021420956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021445990 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021451950 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021461010 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021478891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021486044 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021502018 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021518946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021523952 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021532059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021547079 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021553993 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021564007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021579027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021590948 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021595001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021616936 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021617889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021636009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021660089 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021660089 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021677017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021692991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021701097 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021709919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021727085 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021733046 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021743059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021759033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021764040 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021773100 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021790028 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021800995 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021804094 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021820068 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021828890 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021836996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021852016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021867990 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021869898 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021886110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021892071 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.021902084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.021931887 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022352934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022378922 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022394896 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022403002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022427082 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022439003 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022443056 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022459984 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022474051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022485971 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022490025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022505045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022516966 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022532940 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022546053 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022548914 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022564888 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022581100 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022587061 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022595882 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022614956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022624016 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022633076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022648096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022656918 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022670984 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022686958 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022689104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022705078 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022720098 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022725105 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022737026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022752047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022758961 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022768021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022794008 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022794962 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022828102 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022842884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022842884 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022856951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022872925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022881031 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022887945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022902966 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022914886 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022918940 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022934914 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022942066 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022950888 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022967100 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022977114 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.022981882 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.022999048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023005962 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023037910 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023159027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023192883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023224115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023228884 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023279905 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023305893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023329020 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023333073 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023360014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023372889 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023374081 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023390055 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023411989 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023418903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023433924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023458958 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023459911 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023477077 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023493052 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023499966 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023509026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023525000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023528099 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023538113 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023561954 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023570061 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023586035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023610115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023613930 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023626089 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023633957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023648977 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023663998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023667097 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023696899 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023705959 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023711920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023727894 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023742914 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023750067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023765087 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023772955 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023789883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023806095 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023808002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023823023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023832083 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023850918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023869991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023870945 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023895025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023909092 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023921967 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023937941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023952007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023962975 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023967028 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.023991108 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.023992062 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024009943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024025917 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024033070 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.024065971 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.024104118 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024204969 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024244070 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.024255991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024270058 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024293900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024310112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024319887 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.024360895 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.024368048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024384022 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024398088 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024419069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024421930 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.024434090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024451017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024456978 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.024492979 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.024501085 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024610043 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024656057 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.024776936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024828911 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024843931 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024867058 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.024894953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024926901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024944067 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.024950981 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024965048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024988890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.024997950 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025006056 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025021076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025027990 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025037050 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025058985 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025060892 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025078058 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025091887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025105953 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025109053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025124073 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025130033 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025140047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025155067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025165081 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025170088 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025187016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025194883 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025213957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025226116 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025229931 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025255919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025275946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025275946 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025291920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025305986 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025315046 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025321007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025336027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025341988 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025351048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025363922 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025374889 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025378942 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025396109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025408983 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025410891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025428057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025437117 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025444031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025468111 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025804043 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025842905 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025887966 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025903940 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025944948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025945902 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.025962114 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.025979042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026004076 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026103973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026119947 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026135921 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026146889 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026150942 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026168108 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026177883 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026182890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026199102 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026210070 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026215076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026231050 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026238918 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026257992 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026269913 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026273966 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026289940 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026304960 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026314020 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026321888 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026336908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026348114 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026352882 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026370049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026371956 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026386023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026412010 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026416063 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026438951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026454926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026456118 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026470900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026485920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026494980 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026500940 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026515961 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026527882 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026530981 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026546955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026552916 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026561975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026577950 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026590109 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026592970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026608944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026617050 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026624918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026643038 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026653051 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026657104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026673079 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026681900 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026689053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026705027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026714087 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026725054 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026740074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026740074 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026755095 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026771069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026777983 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026786089 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026801109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026804924 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.026825905 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.026839972 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027107954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027129889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027147055 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027163029 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027167082 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027179956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027193069 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027206898 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027223110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027226925 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027236938 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027251959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027266979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027281046 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027283907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027291059 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027302027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027326107 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027333021 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027368069 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027431965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027529001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027544022 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027559042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027570963 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027575016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027590990 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027600050 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027607918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027632952 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027698994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027720928 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027735949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027745962 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027750969 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027766943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027776957 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027785063 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027800083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027812958 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027815104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027833939 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027839899 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027854919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027869940 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027883053 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027884007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027900934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027909994 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027918100 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027934074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027941942 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027950048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027965069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.027977943 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.027998924 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028002977 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028029919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028045893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028059959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028074980 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028075933 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028091908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028104067 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028107882 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028124094 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028131008 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028155088 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028162003 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028179884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028194904 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028209925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028218031 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028225899 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028239965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028249025 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028254986 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028270960 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028280973 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028285980 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028301954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028312922 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028323889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028341055 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028348923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028366089 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028379917 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028388977 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028397083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028413057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028424978 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028428078 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028445005 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028459072 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028476954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028482914 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028501987 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028517008 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028532028 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028546095 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028547049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028565884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028572083 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028582096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028597116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028605938 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028610945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028633118 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028637886 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028656960 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028671980 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028673887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028688908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028703928 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028712988 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028717995 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028734922 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028743029 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028749943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028764009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028775930 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028779984 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028798103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028805971 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028822899 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028836012 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028839111 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028855085 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028871059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028886080 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028887987 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028906107 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028913975 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028923035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028939009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028949022 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028956890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028971910 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.028980017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.028986931 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029002905 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029011965 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029019117 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029033899 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029048920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029050112 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029064894 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029081106 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029119968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029124022 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029130936 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029145956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029164076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029166937 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029180050 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029196978 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029208899 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029215097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029232025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029238939 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029247046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029263020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029274940 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029278994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029294968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029308081 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029311895 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029330015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029337883 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029345036 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029361963 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029376030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029376984 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029392004 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029402971 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029407024 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029422998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029432058 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029438972 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029454947 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029463053 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029469967 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029488087 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029495001 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029504061 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029520035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029526949 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029540062 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029556036 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029568911 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029576063 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029592037 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029599905 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029608011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029623032 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029635906 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029639006 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029654980 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029664040 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029671907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029686928 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029697895 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029701948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029717922 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029722929 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029732943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029747963 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029757023 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029762983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029778957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029799938 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029815912 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029815912 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029824018 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029839039 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029855967 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029865026 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029870987 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029886961 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029896975 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029901981 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029918909 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029931068 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029933929 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029949903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029963017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.029968023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029985905 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.029998064 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.030002117 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030019045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030026913 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.030033112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030050039 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030060053 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.030065060 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030081034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030091047 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.030097008 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030112028 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030122995 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.030127048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030148983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030153990 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.030168056 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030184031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030188084 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.030200005 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030220032 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030225039 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.030236959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030252934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030261993 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.030268908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030284882 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030293941 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.030299902 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.030323982 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.037806034 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.037919044 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.042788029 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.042817116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.042834044 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.042849064 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.042851925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.042869091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.042876005 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.042887926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.042908907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.042913914 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.042949915 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043119907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043143034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043174982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043190956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043191910 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043209076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043224096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043237925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043246031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043256044 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043261051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043277025 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043277025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043297052 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043320894 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043330908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043330908 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043349028 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043364048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043374062 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043380976 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043399096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043412924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043414116 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043430090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043440104 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043445110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043468952 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043473959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043499947 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043523073 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043524981 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043550968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043565035 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043566942 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043584108 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043598890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043608904 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043622971 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043637037 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043638945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043654919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043668985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043678999 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043684959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043700933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043715954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043715954 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043734074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043744087 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043762922 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043766975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043782949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043798923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043812990 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043828011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043837070 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043843985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043855906 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043860912 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043875933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043891907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043895006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043908119 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043924093 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043925047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043941021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043956041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043965101 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.043971062 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043987036 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.043997049 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.044002056 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044013977 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.044018030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044034958 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044044971 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.044053078 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044069052 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044080019 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.044084072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044099092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044114113 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044116020 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.044128895 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044142962 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.044146061 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044162035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044171095 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.044177055 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044193029 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044213057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044215918 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.044228077 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044243097 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.044244051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044260979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044265032 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.044276953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044292927 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044302940 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.044306993 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044322968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.044332027 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.044362068 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.163877010 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.163908958 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.163923979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.163938999 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.163954973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.163970947 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164007902 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164046049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164061069 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164071083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164086103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164100885 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164118052 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164138079 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164148092 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164151907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164169073 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164195061 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164208889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164222956 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164222956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164241076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164256096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164257050 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164266109 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164275885 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164299011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164309978 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164318085 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164341927 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164344072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164370060 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164397001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164411068 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164412975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164428949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164443970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164453030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164453983 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164467096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164474964 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164499998 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164509058 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164535046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164537907 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164551020 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164551973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164566994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164582014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164593935 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164597034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164613962 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164622068 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164639950 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164649010 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164654016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164669991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164683104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164695024 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164700031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164716959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164729118 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164733887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164751053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164760113 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164764881 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164784908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164798975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164798975 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164817095 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164829969 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164833069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164849997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164859056 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164865971 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164881945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164896011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164900064 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164915085 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164928913 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164937973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164956093 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.164962053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164978981 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.164993048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165004969 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165009022 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165024996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165040016 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165043116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165060043 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165075064 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165077925 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165091991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165106058 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165108919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165132999 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165144920 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165148020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165168047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165173054 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165185928 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165201902 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165211916 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165218115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165232897 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165244102 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165247917 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165266991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165275097 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165283918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165298939 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165307045 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165314913 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165330887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165337086 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165347099 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165361881 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165366888 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165378094 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165395021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165402889 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165410042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165426016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165433884 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165462971 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165499926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165601015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165612936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165637970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165637970 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165654898 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165663004 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165678024 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165693998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165694952 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165721893 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165736914 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165800095 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165815115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165828943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165853024 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165855885 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165869951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165885925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165894985 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165903091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165918112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165926933 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165941954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165957928 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.165965080 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165980101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.165994883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166002989 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166012049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166027069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166033030 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166043997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166059017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166069031 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166074038 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166090012 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166095972 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166124105 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166131973 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166148901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166174889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166189909 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166194916 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166205883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166234016 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166239977 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166255951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166270971 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166281939 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166286945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166302919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166313887 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166317940 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166336060 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166342974 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166352034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166368008 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166377068 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166394949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166408062 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166419983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166443110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166457891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166467905 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166474104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166491985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166495085 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166517019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166532040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166546106 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166551113 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166559935 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166574001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166590929 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166590929 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166599989 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166620970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166635036 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166637897 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166656971 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166672945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166677952 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166687012 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166702986 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166712046 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166719913 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166738033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166743994 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166754007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166779041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166785955 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166810036 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166821003 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166826010 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166841984 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166857004 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166872025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166881084 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166886091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166896105 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166912079 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166925907 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166927099 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166943073 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166955948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166966915 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.166971922 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166986942 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.166996956 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167016983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167026043 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167042017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167057037 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167073011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167083979 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167088032 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167104006 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167109966 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167119026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167135000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167144060 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167150021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167165041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167171955 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167193890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167207003 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167220116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167233944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167248964 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167262077 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167267084 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167278051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167287111 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167294979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167309999 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167324066 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167335033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167352915 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167361021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167387009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167399883 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167401075 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167418003 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167433023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167440891 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167449951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167474031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167478085 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167490005 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167505026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167516947 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167526960 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167543888 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167551041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167566061 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167579889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167591095 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167603016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167622089 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167629004 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167643070 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167658091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167670012 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167671919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167690992 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167701960 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167705059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167721033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167732954 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167737007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167752028 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167763948 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167769909 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167785883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167792082 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167810917 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167824984 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167828083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167844057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167859077 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167867899 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167872906 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167890072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167895079 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167915106 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167928934 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167932034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167948961 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167963982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167978048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.167979956 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.167995930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168008089 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168013096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168029070 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168037891 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168042898 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168066025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168083906 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168091059 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168106079 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168109894 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168122053 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168135881 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168148041 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168148041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168168068 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168179035 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168198109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168210030 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168220043 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168236017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168250084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168260098 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168265104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168278933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168289900 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168303967 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168317080 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168320894 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168337107 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168359995 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168360949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168375969 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168384075 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168401957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168416023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168423891 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168431997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168448925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168463945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168468952 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168488979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168493986 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168504953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168520927 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168530941 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168534994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168560982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168562889 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168576956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168591976 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168601990 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168606997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168631077 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168633938 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168649912 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168664932 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168672085 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168677092 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168685913 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168703079 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168709993 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168730021 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168739080 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168754101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168766975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168775082 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168792963 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168807030 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168809891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168823957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168847084 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168852091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168874979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168889046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168891907 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168906927 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168925047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168930054 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168941975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168956995 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168965101 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.168973923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168987036 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.168996096 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169009924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169028044 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169034004 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169049025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169064999 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169074059 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169080019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169095993 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169105053 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169110060 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169125080 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169135094 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169138908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169158936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169166088 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169183016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169198036 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169198036 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169214010 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169229984 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169248104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169243097 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169264078 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169265032 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169280052 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169296026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169306993 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169310093 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169327974 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169337988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169353008 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169368982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169378042 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169384956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169400930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169409037 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169415951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169433117 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169441938 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169446945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169462919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169469118 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169497967 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169502020 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169524908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169539928 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169554949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169564962 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169569016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169584990 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169596910 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169600010 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169615984 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169624090 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169645071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169655085 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169661045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169677019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169692039 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169703007 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169708014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169723988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169733047 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169737101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169751883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169763088 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169768095 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169783115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169794083 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169807911 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169821978 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169822931 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169837952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169853926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169864893 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169869900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169886112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169894934 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169903040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169919014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169928074 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169936895 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169958115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169959068 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.169984102 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.169996977 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170016050 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170032978 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170048952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170056105 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170064926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170078993 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170089006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170094967 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170109987 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170115948 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170135975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170147896 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170151949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170169115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170191050 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170193911 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170209885 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170224905 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170234919 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170239925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170255899 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170264006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170272112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170288086 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170298100 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170304060 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170319080 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170325041 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170334101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170356989 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170360088 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170377016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170391083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170402050 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170406103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170423031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170432091 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170439005 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170453072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170461893 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170470953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170485973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170488119 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170507908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170530081 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170531988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170548916 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170563936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170572996 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170578957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170593977 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170603037 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170608044 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170623064 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170634031 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170639038 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170665979 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170669079 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170694113 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170707941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170711040 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170723915 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170737982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170746088 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170766115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170774937 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170792103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170808077 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170830965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170831919 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170845985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170861006 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170871019 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170876980 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170892000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170901060 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170913935 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170937061 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170938015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170954943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170969963 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.170979023 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.170984983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171000957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171010017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171016932 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171031952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171041012 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171046972 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171062946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171072006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171088934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171103954 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171111107 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171128035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171143055 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171149015 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171156883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171170950 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171176910 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171186924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171201944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171211958 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171216965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171237946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171243906 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171263933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171278954 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171278954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171295881 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171309948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171334028 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171334028 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171350002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171359062 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171365976 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171380997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171394110 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171396971 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171420097 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171422005 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171438932 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171453953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171463966 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171469927 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171485901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171495914 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171502113 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171518087 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171531916 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171535015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171550035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171551943 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171574116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171588898 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171597004 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171627045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171636105 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171641111 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171657085 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171672106 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171683073 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171698093 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171713114 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171720982 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171730042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171745062 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171752930 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171761036 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171776056 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171782970 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171792030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171807051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171814919 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171823025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171838045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171844959 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171854973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171869040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171878099 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171885014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171901941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171905994 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171927929 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171946049 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171952009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171967983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171983004 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.171994925 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.171998978 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172013998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172023058 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172030926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172046900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172054052 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172061920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172076941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172082901 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172100067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172116995 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172123909 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172139883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172154903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172168970 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172169924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172185898 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172194958 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172203064 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172218084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172228098 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172233105 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172255993 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172260046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172285080 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172300100 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172302961 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172314882 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172332048 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172338009 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172348022 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172363043 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172373056 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172379017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172401905 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172403097 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172426939 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172441959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172442913 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172458887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172472954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172482967 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172487974 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172504902 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172514915 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172519922 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172535896 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172545910 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172553062 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172568083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172574043 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172596931 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172602892 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172614098 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172630072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172645092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172658920 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172658920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172674894 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172688007 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172688961 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172705889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172714949 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172722101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172736883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172744036 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172754049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172776937 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172776937 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172794104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172808886 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172816992 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172826052 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172841072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172846079 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172857046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172872066 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172880888 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172887087 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172913074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172914028 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172930002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172945023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172954082 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172960043 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172975063 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.172985077 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.172991991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173007011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173017025 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173022032 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173038960 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173048019 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173065901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173070908 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173089981 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173105001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173120022 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173129082 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173135996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173152924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173161030 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173168898 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173182964 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173192978 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173198938 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173222065 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173224926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173249006 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173264027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173268080 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173280001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173295021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173300982 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173310995 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173326015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173332930 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173341990 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173361063 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173365116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173391104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173403025 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173407078 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173422098 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173449039 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173450947 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173465967 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173480988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173491955 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173496962 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173512936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173523903 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173528910 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173544884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173552990 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173553944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173571110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173584938 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173598051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173613071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173613071 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173629045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173644066 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173660040 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173662901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173680067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173685074 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173697948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173721075 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173726082 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173739910 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173753023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173762083 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173767090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173783064 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173793077 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173798084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173814058 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173821926 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173829079 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173844099 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173852921 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173858881 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173876047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173882008 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173901081 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173909903 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173918009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173934937 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173949957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173959017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.173964024 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173979998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.173994064 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174001932 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174010992 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174031019 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174031019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174047947 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174052954 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174063921 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174082041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174091101 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174097061 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174113035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174132109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174138069 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174148083 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174161911 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174161911 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174190044 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174196959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174220085 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174233913 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174240112 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174251080 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174266100 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174272060 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174282074 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174297094 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174309969 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174310923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174328089 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174336910 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174352884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174365997 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174369097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174385071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174401999 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174408913 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174417019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174432039 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174441099 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174448013 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174470901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174473047 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174494982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174509048 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174510956 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174527884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174545050 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174549103 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174560070 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174578905 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174592972 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174592972 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174611092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174621105 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174634933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174649954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174653053 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174665928 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174681902 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174690008 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174698114 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174715042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174731016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174731970 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174747944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174756050 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174762964 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174778938 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174792051 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174793959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174808979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174818039 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174827099 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174843073 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174849033 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174858093 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174874067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174880981 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174890041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174906969 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174915075 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174921036 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174937963 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174948931 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174952030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174968004 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174978018 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.174983025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.174999952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175008059 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175015926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175038099 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175041914 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175054073 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175070047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175076962 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175086021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175101042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175108910 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175117016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175132036 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175141096 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175146103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175172091 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175174952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175196886 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175209045 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175214052 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175230026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175246000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175255060 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175261974 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175277948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175283909 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175295115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175309896 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175317049 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175332069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175347090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175349951 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175369978 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175383091 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175385952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175411940 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175422907 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175426960 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175442934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175458908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175463915 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175474882 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175489902 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175499916 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175504923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175520897 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175532103 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175535917 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175554037 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175559998 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175570011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175585032 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175594091 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175600052 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175615072 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175626040 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175631046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175647020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175656080 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175662041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175678015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175690889 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175693035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175709963 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175717115 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175725937 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175743103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175751925 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175756931 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175774097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175781965 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175789118 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175803900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175811052 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175821066 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175836086 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175847054 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175853014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175869942 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175874949 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175884962 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175901890 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175915003 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175916910 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175934076 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175942898 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175949097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175965071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175980091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.175981998 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.175996065 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176012039 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176013947 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176028013 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176038980 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176043987 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176060915 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176069975 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176076889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176093102 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176101923 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176110029 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176126957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176137924 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176141024 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176156044 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176166058 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176172972 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176188946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176197052 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176203966 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176219940 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176229954 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176234961 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176251888 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176255941 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176265955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176280975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176295996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176295996 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176312923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176320076 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176330090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176345110 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176346064 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176346064 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176361084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176376104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176388979 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176392078 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176409006 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176424980 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176424980 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176440001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176454067 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176464081 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176480055 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176486969 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176496983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176515102 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176518917 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176532030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176547050 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176553011 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176572084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176587105 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176588058 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176604986 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176620007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176625967 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176636934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176651001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176659107 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176667929 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176681042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176690102 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176697016 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176712990 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176719904 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176728964 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176745892 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176759005 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176764011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176780939 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176794052 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176798105 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176815033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176819086 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176831007 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176846027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176855087 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176862001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176877975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176882982 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176892996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176909924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176918983 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176925898 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176940918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176949978 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.176954985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176964045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176976919 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176992893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.176996946 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177009106 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177025080 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177026987 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177041054 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177046061 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177057028 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177069902 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177073002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177092075 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177102089 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177107096 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177123070 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177138090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177139997 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177153111 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177166939 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177167892 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177184105 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177198887 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177202940 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177215099 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177222967 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177232027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177248001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177261114 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177263021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177278996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177287102 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177294970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177311897 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177324057 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177326918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177344084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177357912 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177359104 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177372932 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177387953 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177387953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177406073 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177412987 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177422047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177438021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177445889 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177453041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177469015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177476883 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177485943 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177500963 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177508116 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177515984 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177531004 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177540064 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177545071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177561045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177567959 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177580118 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177596092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177602053 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177611113 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177624941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177634954 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177640915 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177656889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177668095 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177671909 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177686930 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177695990 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177701950 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177716970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177727938 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177731037 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177747011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177753925 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177762985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177778959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177788973 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177794933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177808046 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177810907 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177824974 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177829027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177845955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177855015 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177860975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177876949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177882910 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177895069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177911997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177917004 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177927017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177942991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177954912 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177958012 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177974939 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.177979946 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.177992105 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178008080 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178015947 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178021908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178036928 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178051949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178052902 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178067923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178076029 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178083897 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178100109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178111076 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178114891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178133011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178137064 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178148985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178164959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178174973 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178179979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178195953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178205013 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178211927 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178227901 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178237915 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178244114 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178260088 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178273916 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178281069 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178291082 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178302050 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178306103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178323030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178329945 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178339958 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178355932 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178368092 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178371906 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178388119 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178404093 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178420067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178436041 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178438902 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178456068 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178457022 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178472996 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178472996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178489923 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178498983 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178504944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178520918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178534985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178544044 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178550959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178565025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178569078 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178580046 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178596020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178603888 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178611994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178622961 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178627968 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178643942 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178658009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178661108 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178673983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178687096 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178689957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178706884 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178715944 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178720951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178735971 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178749084 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178750992 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178767920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178776026 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178785086 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178801060 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178808928 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178817034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178832054 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178839922 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178848028 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178863049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178869963 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178879023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178894997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178900003 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178910971 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178926945 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178932905 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178944111 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178958893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178965092 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.178968906 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178986073 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.178998947 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179002047 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179023981 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179027081 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179039955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179054022 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179064989 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179069042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179084063 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179094076 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179100037 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179116011 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179121017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179132938 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179147005 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179152012 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179162979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179178953 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179188967 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179193020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179208040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179214001 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179223061 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179238081 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179253101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179254055 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179270983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179280996 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179286957 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179303885 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.179316044 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179337978 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179359913 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.179434061 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.184297085 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.184365988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.184434891 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.184705019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.184892893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.184916973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.184937000 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.184940100 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.184957027 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.184973001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.184983015 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.184989929 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185005903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185013056 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185023069 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185038090 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185048103 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185064077 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185077906 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185089111 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185105085 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185118914 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185128927 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185134888 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185151100 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185159922 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185168982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185184002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185190916 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185199976 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185220003 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185231924 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185255051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185272932 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185285091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185298920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185307980 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185323000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185334921 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185338020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185353994 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185369015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185369015 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185385942 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185389042 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185403109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185419083 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185431004 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185453892 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185456991 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185470104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185486078 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185494900 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185503006 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185518980 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185524940 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185534954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185549021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185558081 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185563087 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185580015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185596943 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185605049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185619116 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185628891 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185643911 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185658932 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185668945 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185673952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185689926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185702085 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185705900 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185720921 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185725927 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185765982 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185776949 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185791969 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185806990 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185822964 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185832977 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185837984 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185853958 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185858965 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185868979 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185883999 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185893059 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185899019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185915947 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185921907 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185930014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185945034 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185952902 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185961008 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185976982 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.185985088 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.185992002 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186007023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186016083 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186022043 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186038017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186047077 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186052084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186077118 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186081886 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186105967 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186120033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186121941 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186137915 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186153889 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186157942 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186175108 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186192036 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186197042 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186213017 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186237097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186240911 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186254025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186269045 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186275959 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186285019 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186300039 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186307907 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186314106 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186342001 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186347008 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186357021 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186378956 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186383009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186398029 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186413050 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186422110 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186427116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186444044 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186453104 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186459064 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186475992 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186486006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186491013 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186506033 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186510086 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186528921 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186543941 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186553955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186568975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186583996 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186593056 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186599970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186620951 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186639071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186655998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186670065 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186680079 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186683893 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186700106 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186707973 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186729908 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186736107 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186754942 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186769962 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186784983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186794043 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186825037 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186826944 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186842918 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186857939 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186872959 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186882019 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186888933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186913967 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186917067 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186933041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186947107 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186959028 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186964035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186980009 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.186985970 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.186995983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187011003 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187022924 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187026978 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187043905 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187047958 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187062025 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187077999 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187083006 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187093973 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187109947 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187124014 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187125921 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187144041 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187153101 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187160015 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187175989 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187182903 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187199116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187212944 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187225103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187239885 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187253952 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187263966 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187269926 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187284946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187299013 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187305927 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187323093 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187323093 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187340975 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187366962 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187367916 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187391043 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187407017 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187407970 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187422991 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187438965 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187448025 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187453985 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187469006 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187477112 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187485933 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187500954 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187510014 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187525988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187541008 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187542915 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187561035 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187576056 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187583923 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187592030 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187607050 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187612057 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187623024 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187638998 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187649012 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187654018 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187670946 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187678099 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187686920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187702894 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187709093 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187720060 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187735081 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187742949 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187751055 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187766075 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187773943 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187782049 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187798023 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187802076 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187813997 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187829971 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187836885 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187844992 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187866926 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187891960 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187907934 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187922955 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187933922 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187938929 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187954903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187963963 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.187971115 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187987089 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.187992096 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188003063 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188018084 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188028097 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188033104 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188049078 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188061953 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188064098 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188081026 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188087940 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188097000 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188112020 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188119888 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188128948 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188150883 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188153982 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188165903 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188182116 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188196898 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188200951 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188216925 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188221931 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188232899 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188251972 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188263893 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188266993 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188283920 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188292027 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188299894 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188317060 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188323975 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188332081 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188347101 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188354969 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188364983 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188380003 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188394070 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188396931 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188414097 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188419104 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188430071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188445091 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188451052 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188460112 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188476086 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188482046 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188493967 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188509941 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188517094 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188525915 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188546896 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188546896 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188563108 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188579082 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188587904 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188594103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188611031 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188618898 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188626051 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188641071 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188647032 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188656092 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188672066 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188683033 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188688040 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188704014 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188711882 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188719988 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188735008 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188740969 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188751936 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188774109 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188787937 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188787937 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188805103 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188812971 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188821077 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188834906 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188848972 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188848972 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188863993 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188877106 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188879967 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188898087 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188906908 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.188914061 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.188937902 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.192924023 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.210222960 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.210856915 CET4969980192.168.2.7131.188.40.189
                                                                                                              Nov 3, 2024 09:36:05.215702057 CET8049699131.188.40.189192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.916471004 CET49700443192.168.2.7104.26.12.205
                                                                                                              Nov 3, 2024 09:36:05.916522980 CET44349700104.26.12.205192.168.2.7
                                                                                                              Nov 3, 2024 09:36:05.916826010 CET49700443192.168.2.7104.26.12.205
                                                                                                              Nov 3, 2024 09:36:05.916826010 CET49700443192.168.2.7104.26.12.205
                                                                                                              Nov 3, 2024 09:36:05.916862011 CET44349700104.26.12.205192.168.2.7
                                                                                                              Nov 3, 2024 09:36:06.695528984 CET44349700104.26.12.205192.168.2.7
                                                                                                              Nov 3, 2024 09:36:06.695614100 CET49700443192.168.2.7104.26.12.205
                                                                                                              Nov 3, 2024 09:36:06.737364054 CET49700443192.168.2.7104.26.12.205
                                                                                                              Nov 3, 2024 09:36:06.737380028 CET44349700104.26.12.205192.168.2.7
                                                                                                              Nov 3, 2024 09:36:06.737685919 CET44349700104.26.12.205192.168.2.7
                                                                                                              Nov 3, 2024 09:36:06.777524948 CET49700443192.168.2.7104.26.12.205
                                                                                                              Nov 3, 2024 09:36:06.819344044 CET44349700104.26.12.205192.168.2.7
                                                                                                              Nov 3, 2024 09:36:07.009052038 CET44349700104.26.12.205192.168.2.7
                                                                                                              Nov 3, 2024 09:36:07.009110928 CET44349700104.26.12.205192.168.2.7
                                                                                                              Nov 3, 2024 09:36:07.009202003 CET49700443192.168.2.7104.26.12.205
                                                                                                              Nov 3, 2024 09:36:07.025398016 CET49700443192.168.2.7104.26.12.205
                                                                                                              Nov 3, 2024 09:36:07.025410891 CET44349700104.26.12.205192.168.2.7
                                                                                                              Nov 3, 2024 09:36:07.025468111 CET49700443192.168.2.7104.26.12.205
                                                                                                              Nov 3, 2024 09:36:07.025475025 CET44349700104.26.12.205192.168.2.7
                                                                                                              Nov 3, 2024 09:36:07.789546013 CET4970180192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:36:07.794410944 CET8049701216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:36:07.794488907 CET4970180192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:36:07.799499035 CET4970180192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:36:07.804526091 CET8049701216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:36:08.571547985 CET8049701216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:36:08.571626902 CET4970180192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:36:08.571667910 CET4970180192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:36:08.572160959 CET4970280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:08.576495886 CET8049701216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:36:08.577047110 CET804970245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:08.577117920 CET4970280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:08.577169895 CET4970280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:08.582039118 CET804970245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:09.639648914 CET804970245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:09.639728069 CET4970280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:09.639770985 CET4970280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:09.640317917 CET4970480192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:09.644678116 CET804970245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:09.645224094 CET8049704193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:09.645292044 CET4970480192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:09.645361900 CET4970480192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:09.650115967 CET8049704193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:10.694444895 CET8049704193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:10.694508076 CET4970480192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:10.694555998 CET4970480192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:10.695199013 CET4970580192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:10.699493885 CET8049704193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:10.700045109 CET8049705193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:10.700109959 CET4970580192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:10.700206041 CET4970580192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:10.705100060 CET8049705193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:11.756724119 CET8049705193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:11.756791115 CET4970580192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:11.756814003 CET4970580192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:11.757266045 CET4971180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:11.761735916 CET8049705193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:11.762065887 CET8049711193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:11.762145996 CET4971180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:11.762242079 CET4971180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:11.766992092 CET8049711193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:12.815628052 CET8049711193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:12.815782070 CET4971180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:12.815818071 CET4971180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:12.816513062 CET4971780192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:12.820614100 CET8049711193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:12.821290970 CET804971745.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:12.821367025 CET4971780192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:12.821417093 CET4971780192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:12.826376915 CET804971745.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:13.858233929 CET804971745.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:13.858405113 CET4971780192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:13.858458996 CET4971780192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:13.859368086 CET4972380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:36:13.864346981 CET804971745.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:13.864527941 CET8049723216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:36:13.864609957 CET4972380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:36:13.864706993 CET4972380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:36:13.869846106 CET8049723216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:36:14.643049002 CET8049723216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:36:14.643068075 CET8049723216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:36:14.643157005 CET8049723216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:36:14.643203020 CET4972380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:36:14.643255949 CET4972380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:36:14.643306017 CET4972380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:36:14.650350094 CET8049723216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:36:14.774976969 CET4972980192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:14.779989004 CET804972945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:14.780088902 CET4972980192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:14.780163050 CET4972980192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:14.784897089 CET804972945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:15.841190100 CET804972945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:15.841212988 CET804972945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:15.841228008 CET804972945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:15.841239929 CET804972945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:15.841252089 CET804972945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:15.841294050 CET4972980192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:15.897124052 CET4972980192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:15.986730099 CET804972945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:15.986862898 CET4972980192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:15.986993074 CET4972980192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:15.988154888 CET49735443192.168.2.7162.247.74.27
                                                                                                              Nov 3, 2024 09:36:15.988198042 CET44349735162.247.74.27192.168.2.7
                                                                                                              Nov 3, 2024 09:36:15.988297939 CET49735443192.168.2.7162.247.74.27
                                                                                                              Nov 3, 2024 09:36:15.988503933 CET49735443192.168.2.7162.247.74.27
                                                                                                              Nov 3, 2024 09:36:15.988519907 CET44349735162.247.74.27192.168.2.7
                                                                                                              Nov 3, 2024 09:36:15.991805077 CET804972945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:17.113646984 CET44349735162.247.74.27192.168.2.7
                                                                                                              Nov 3, 2024 09:36:17.113847971 CET49735443192.168.2.7162.247.74.27
                                                                                                              Nov 3, 2024 09:36:17.116019964 CET49735443192.168.2.7162.247.74.27
                                                                                                              Nov 3, 2024 09:36:17.116028070 CET44349735162.247.74.27192.168.2.7
                                                                                                              Nov 3, 2024 09:36:17.116296053 CET44349735162.247.74.27192.168.2.7
                                                                                                              Nov 3, 2024 09:36:17.116646051 CET49735443192.168.2.7162.247.74.27
                                                                                                              Nov 3, 2024 09:36:17.163337946 CET44349735162.247.74.27192.168.2.7
                                                                                                              Nov 3, 2024 09:36:25.171371937 CET4978013192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:25.176287889 CET1349780129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:25.176354885 CET4978013192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:25.903768063 CET1349780129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:25.903851986 CET4978013192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:25.903919935 CET4978013192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:25.908844948 CET1349780129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:25.912527084 CET4978413192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:25.917409897 CET1349784129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:25.917481899 CET4978413192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:26.645284891 CET1349784129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:26.645339012 CET4978413192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:26.645375013 CET4978413192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:26.650374889 CET1349784129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:26.654089928 CET4979013192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:36:26.659133911 CET1349790132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:26.659198999 CET4979013192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:36:27.331995964 CET1349790132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:27.332072020 CET4979013192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:36:27.332149029 CET4979013192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:36:27.333724022 CET4979280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:27.336889982 CET1349790132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:27.338551998 CET804979245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:27.338624001 CET4979280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:27.339319944 CET4979280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:27.344100952 CET804979245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:28.374439955 CET804979245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:28.374551058 CET804979245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:28.374561071 CET804979245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:28.374577999 CET804979245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:28.374588966 CET804979245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:28.374598026 CET804979245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:28.374604940 CET4979280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:28.374629974 CET4979280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:28.374659061 CET4979280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:28.519875050 CET804979245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:28.519969940 CET4979280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:28.526190996 CET4979280192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:28.527015924 CET49798443192.168.2.723.129.64.145
                                                                                                              Nov 3, 2024 09:36:28.527038097 CET4434979823.129.64.145192.168.2.7
                                                                                                              Nov 3, 2024 09:36:28.527106047 CET49798443192.168.2.723.129.64.145
                                                                                                              Nov 3, 2024 09:36:28.527287960 CET49798443192.168.2.723.129.64.145
                                                                                                              Nov 3, 2024 09:36:28.527299881 CET4434979823.129.64.145192.168.2.7
                                                                                                              Nov 3, 2024 09:36:28.531589985 CET804979245.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:29.748657942 CET4434979823.129.64.145192.168.2.7
                                                                                                              Nov 3, 2024 09:36:29.748730898 CET49798443192.168.2.723.129.64.145
                                                                                                              Nov 3, 2024 09:36:29.752336025 CET49798443192.168.2.723.129.64.145
                                                                                                              Nov 3, 2024 09:36:29.752345085 CET4434979823.129.64.145192.168.2.7
                                                                                                              Nov 3, 2024 09:36:29.752650023 CET4434979823.129.64.145192.168.2.7
                                                                                                              Nov 3, 2024 09:36:29.753057003 CET49798443192.168.2.723.129.64.145
                                                                                                              Nov 3, 2024 09:36:29.795341015 CET4434979823.129.64.145192.168.2.7
                                                                                                              Nov 3, 2024 09:36:37.742738008 CET6107413192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:37.747497082 CET1361074129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:37.747581005 CET6107413192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:38.471268892 CET1361074129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:38.471338987 CET6107413192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:38.471440077 CET6107413192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:38.472245932 CET6107813192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:38.476370096 CET1361074129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:38.477077007 CET1361078129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:38.477137089 CET6107813192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:39.206939936 CET1361078129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:39.207142115 CET6107813192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:39.207142115 CET6107813192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:39.208146095 CET6108413192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:36:39.212104082 CET1361078129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:39.213037968 CET1361084132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:39.213118076 CET6108413192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:36:39.886204958 CET1361084132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:39.886320114 CET6108413192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:36:39.886379004 CET6108413192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:36:39.888274908 CET6108880192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:39.891159058 CET1361084132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:39.893215895 CET806108845.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:39.893321037 CET6108880192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:39.893393040 CET6108880192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:39.898129940 CET806108845.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:40.930845976 CET806108845.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:40.930869102 CET806108845.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:40.930879116 CET806108845.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:40.930928946 CET6108880192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:41.073039055 CET806108845.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:41.073127031 CET6108880192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:41.073179960 CET6108880192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:41.073793888 CET61094443192.168.2.794.143.137.213
                                                                                                              Nov 3, 2024 09:36:41.073837042 CET4436109494.143.137.213192.168.2.7
                                                                                                              Nov 3, 2024 09:36:41.073913097 CET61094443192.168.2.794.143.137.213
                                                                                                              Nov 3, 2024 09:36:41.074074984 CET61094443192.168.2.794.143.137.213
                                                                                                              Nov 3, 2024 09:36:41.074094057 CET4436109494.143.137.213192.168.2.7
                                                                                                              Nov 3, 2024 09:36:41.078187943 CET806108845.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:42.464624882 CET4436109494.143.137.213192.168.2.7
                                                                                                              Nov 3, 2024 09:36:42.464688063 CET61094443192.168.2.794.143.137.213
                                                                                                              Nov 3, 2024 09:36:42.466238022 CET61094443192.168.2.794.143.137.213
                                                                                                              Nov 3, 2024 09:36:42.466243029 CET4436109494.143.137.213192.168.2.7
                                                                                                              Nov 3, 2024 09:36:42.466494083 CET4436109494.143.137.213192.168.2.7
                                                                                                              Nov 3, 2024 09:36:42.466790915 CET61094443192.168.2.794.143.137.213
                                                                                                              Nov 3, 2024 09:36:42.511368990 CET4436109494.143.137.213192.168.2.7
                                                                                                              Nov 3, 2024 09:36:50.468113899 CET6113413192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:50.472974062 CET1361134129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:50.473057032 CET6113413192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:51.193489075 CET1361134129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:51.193564892 CET6113413192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:51.193595886 CET6113413192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:51.194327116 CET6114013192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:51.198465109 CET1361134129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:51.199259043 CET1361140129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:51.199326992 CET6114013192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:51.925095081 CET1361140129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:51.925152063 CET6114013192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:51.925302029 CET6114013192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:36:51.925884008 CET6114213192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:36:51.930073023 CET1361140129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:36:51.930721045 CET1361142132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:51.930787086 CET6114213192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:36:52.607467890 CET1361142132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:52.607584000 CET6114213192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:36:52.607645988 CET6114213192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:36:52.612451077 CET1361142132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:52.737874985 CET6114880192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:52.743590117 CET8061148193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:52.743688107 CET6114880192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:52.743741035 CET6114880192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:52.748589993 CET8061148193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:53.783813000 CET8061148193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:53.783957005 CET6114880192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:53.784079075 CET6114880192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:36:53.784718990 CET6115580192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:53.788816929 CET8061148193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:36:53.789510965 CET806115545.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:53.789583921 CET6115580192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:53.789678097 CET6115580192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:53.794429064 CET806115545.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:54.834112883 CET806115545.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:54.834167004 CET806115545.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:54.834312916 CET6115580192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:54.834630966 CET806115545.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:54.881653070 CET6115580192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:54.985651016 CET806115545.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:54.985737085 CET6115580192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:54.985796928 CET6115580192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:36:54.986596107 CET61162443192.168.2.751.15.96.2
                                                                                                              Nov 3, 2024 09:36:54.986617088 CET4436116251.15.96.2192.168.2.7
                                                                                                              Nov 3, 2024 09:36:54.986689091 CET61162443192.168.2.751.15.96.2
                                                                                                              Nov 3, 2024 09:36:54.986872911 CET61162443192.168.2.751.15.96.2
                                                                                                              Nov 3, 2024 09:36:54.986886978 CET4436116251.15.96.2192.168.2.7
                                                                                                              Nov 3, 2024 09:36:54.990819931 CET806115545.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:36:56.468157053 CET4436116251.15.96.2192.168.2.7
                                                                                                              Nov 3, 2024 09:36:56.468333006 CET61162443192.168.2.751.15.96.2
                                                                                                              Nov 3, 2024 09:36:56.470444918 CET61162443192.168.2.751.15.96.2
                                                                                                              Nov 3, 2024 09:36:56.470453024 CET4436116251.15.96.2192.168.2.7
                                                                                                              Nov 3, 2024 09:36:56.470700979 CET4436116251.15.96.2192.168.2.7
                                                                                                              Nov 3, 2024 09:36:56.471503019 CET61162443192.168.2.751.15.96.2
                                                                                                              Nov 3, 2024 09:36:56.515372038 CET4436116251.15.96.2192.168.2.7
                                                                                                              Nov 3, 2024 09:37:04.476743937 CET6120313192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:04.481595993 CET1361203129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:04.481730938 CET6120313192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:05.210746050 CET1361203129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:05.210825920 CET6120313192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:05.210867882 CET6120313192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:05.211644888 CET6120913192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:05.216052055 CET1361203129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:05.216511011 CET1361209129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:05.216615915 CET6120913192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:05.943757057 CET1361209129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:05.943830967 CET6120913192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:05.943886995 CET6120913192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:05.944772005 CET6121113192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:37:05.948709965 CET1361209129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:05.949690104 CET1361211132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:37:05.949760914 CET6121113192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:37:06.628123999 CET1361211132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:37:06.628221989 CET6121113192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:37:06.628249884 CET6121113192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:37:06.629874945 CET6121680192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:06.633302927 CET1361211132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:37:06.635008097 CET806121645.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:06.635098934 CET6121680192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:06.635143995 CET6121680192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:06.640077114 CET806121645.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:07.688112974 CET806121645.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:07.688184977 CET806121645.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:07.688198090 CET806121645.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:07.688291073 CET6121680192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:07.837148905 CET806121645.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:07.837215900 CET6121680192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:07.837243080 CET6121680192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:07.837771893 CET61223443192.168.2.7129.150.56.220
                                                                                                              Nov 3, 2024 09:37:07.837786913 CET44361223129.150.56.220192.168.2.7
                                                                                                              Nov 3, 2024 09:37:07.837846041 CET61223443192.168.2.7129.150.56.220
                                                                                                              Nov 3, 2024 09:37:07.837997913 CET61223443192.168.2.7129.150.56.220
                                                                                                              Nov 3, 2024 09:37:07.838022947 CET44361223129.150.56.220192.168.2.7
                                                                                                              Nov 3, 2024 09:37:07.842283010 CET806121645.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:09.273821115 CET44361223129.150.56.220192.168.2.7
                                                                                                              Nov 3, 2024 09:37:09.273893118 CET61223443192.168.2.7129.150.56.220
                                                                                                              Nov 3, 2024 09:37:09.275541067 CET61223443192.168.2.7129.150.56.220
                                                                                                              Nov 3, 2024 09:37:09.275548935 CET44361223129.150.56.220192.168.2.7
                                                                                                              Nov 3, 2024 09:37:09.275793076 CET44361223129.150.56.220192.168.2.7
                                                                                                              Nov 3, 2024 09:37:09.276082039 CET61223443192.168.2.7129.150.56.220
                                                                                                              Nov 3, 2024 09:37:09.319375038 CET44361223129.150.56.220192.168.2.7
                                                                                                              Nov 3, 2024 09:37:17.295754910 CET6123813192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:17.300669909 CET1361238129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:17.300785065 CET6123813192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:18.028964996 CET1361238129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:18.029071093 CET6123813192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:18.029158115 CET6123813192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:18.029993057 CET6123913192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:18.033948898 CET1361238129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:18.034996986 CET1361239129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:18.035104036 CET6123913192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:18.767632961 CET1361239129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:18.767950058 CET6123913192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:18.767950058 CET6123913192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:18.768922091 CET6124013192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:37:18.772881031 CET1361239129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:18.773884058 CET1361240132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:37:18.773992062 CET6124013192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:37:19.456608057 CET1361240132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:37:19.456849098 CET6124013192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:37:19.457046986 CET6124013192.168.2.7132.163.96.1
                                                                                                              Nov 3, 2024 09:37:19.458904028 CET6124180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:19.461838007 CET1361240132.163.96.1192.168.2.7
                                                                                                              Nov 3, 2024 09:37:19.463937998 CET8061241193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:19.464025974 CET6124180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:19.464097023 CET6124180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:19.469058990 CET8061241193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:20.524528980 CET8061241193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:20.524754047 CET6124180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:20.524754047 CET6124180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:20.525295973 CET6124280192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:20.531990051 CET8061241193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:20.532001972 CET8061242193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:20.532083988 CET6124280192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:20.532143116 CET6124280192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:20.537796974 CET8061242193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:21.600173950 CET8061242193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:21.600275040 CET6124280192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:21.600359917 CET6124280192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:21.600912094 CET6124380192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:21.605308056 CET8061242193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:21.605735064 CET8061243193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:21.605803013 CET6124380192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:21.605853081 CET6124380192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:21.610657930 CET8061243193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:22.667918921 CET8061243193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:22.668155909 CET6124380192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:22.668155909 CET6124380192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:22.673089027 CET8061243193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:22.883184910 CET6124480192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:22.888183117 CET806124445.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:22.888309956 CET6124480192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:22.888400078 CET6124480192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:22.893148899 CET806124445.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:23.969053030 CET806124445.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:23.969197035 CET6124480192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:23.969278097 CET6124480192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:23.969907045 CET6124580192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:23.974211931 CET806124445.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:23.974730968 CET8061245193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:23.974800110 CET6124580192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:23.974859953 CET6124580192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:23.979650021 CET8061245193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:25.064137936 CET8061245193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:25.064280033 CET6124580192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:25.064395905 CET6124580192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:25.065253019 CET6124680192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:25.069211006 CET8061245193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:25.070065022 CET806124645.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:25.070133924 CET6124680192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:25.070224047 CET6124680192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:25.075057030 CET806124645.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:26.111088991 CET806124645.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:26.111299992 CET6124680192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:26.111402988 CET6124680192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:26.112226009 CET6124780192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:26.116347075 CET806124645.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:26.117114067 CET8061247193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:26.117331982 CET6124780192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:26.117424011 CET6124780192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:26.122714043 CET8061247193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:27.182360888 CET8061247193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:27.182461977 CET6124780192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:27.182499886 CET6124780192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:27.183094978 CET6124880192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:27.187427998 CET8061247193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:27.187961102 CET8061248216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:27.188070059 CET6124880192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:27.188112020 CET6124880192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:27.192939043 CET8061248216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:27.946302891 CET8061248216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:27.946330070 CET8061248216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:27.946350098 CET8061248216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:27.946362972 CET8061248216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:27.946455002 CET6124880192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:27.946533918 CET6124880192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:27.954509020 CET8061248216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:27.954689980 CET6124880192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:27.954754114 CET6124880192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:27.956571102 CET61249443192.168.2.7185.225.226.182
                                                                                                              Nov 3, 2024 09:37:27.956604004 CET44361249185.225.226.182192.168.2.7
                                                                                                              Nov 3, 2024 09:37:27.956737041 CET61249443192.168.2.7185.225.226.182
                                                                                                              Nov 3, 2024 09:37:27.957261086 CET61249443192.168.2.7185.225.226.182
                                                                                                              Nov 3, 2024 09:37:27.957274914 CET44361249185.225.226.182192.168.2.7
                                                                                                              Nov 3, 2024 09:37:27.959618092 CET8061248216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:29.406296015 CET44361249185.225.226.182192.168.2.7
                                                                                                              Nov 3, 2024 09:37:29.406398058 CET61249443192.168.2.7185.225.226.182
                                                                                                              Nov 3, 2024 09:37:29.407937050 CET61249443192.168.2.7185.225.226.182
                                                                                                              Nov 3, 2024 09:37:29.407948971 CET44361249185.225.226.182192.168.2.7
                                                                                                              Nov 3, 2024 09:37:29.408179045 CET44361249185.225.226.182192.168.2.7
                                                                                                              Nov 3, 2024 09:37:29.408515930 CET61249443192.168.2.7185.225.226.182
                                                                                                              Nov 3, 2024 09:37:29.451338053 CET44361249185.225.226.182192.168.2.7
                                                                                                              Nov 3, 2024 09:37:37.416563034 CET6125013192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:38.031059980 CET1361250129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:38.031147957 CET6125013192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:38.755254984 CET1361250129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:38.755467892 CET6125013192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:38.755467892 CET6125013192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:38.756146908 CET6125113192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:38.760615110 CET1361250129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:38.761188984 CET1361251129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:38.761264086 CET6125113192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:39.487031937 CET1361251129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:39.487252951 CET6125113192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:39.487253904 CET6125113192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:39.492199898 CET1361251129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:39.495385885 CET6125213192.168.2.7132.163.97.2
                                                                                                              Nov 3, 2024 09:37:39.500274897 CET1361252132.163.97.2192.168.2.7
                                                                                                              Nov 3, 2024 09:37:39.500395060 CET6125213192.168.2.7132.163.97.2
                                                                                                              Nov 3, 2024 09:37:40.175184011 CET1361252132.163.97.2192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.175280094 CET6125213192.168.2.7132.163.97.2
                                                                                                              Nov 3, 2024 09:37:40.175328016 CET6125213192.168.2.7132.163.97.2
                                                                                                              Nov 3, 2024 09:37:40.176949978 CET6125380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:40.180167913 CET1361252132.163.97.2192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.181863070 CET8061253216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.181931973 CET6125380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:40.181996107 CET6125380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:40.188175917 CET8061253216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.951200962 CET8061253216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.951252937 CET8061253216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.951263905 CET8061253216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.951273918 CET8061253216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.951284885 CET8061253216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.951296091 CET8061253216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.951308966 CET8061253216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.951363087 CET6125380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:40.951531887 CET6125380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:40.958197117 CET8061253216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.958280087 CET6125380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:40.965504885 CET6125380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:40.970424891 CET8061253216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.972029924 CET61254443192.168.2.745.94.31.29
                                                                                                              Nov 3, 2024 09:37:40.972075939 CET4436125445.94.31.29192.168.2.7
                                                                                                              Nov 3, 2024 09:37:40.972142935 CET61254443192.168.2.745.94.31.29
                                                                                                              Nov 3, 2024 09:37:40.972374916 CET61254443192.168.2.745.94.31.29
                                                                                                              Nov 3, 2024 09:37:40.972393036 CET4436125445.94.31.29192.168.2.7
                                                                                                              Nov 3, 2024 09:37:42.349704981 CET4436125445.94.31.29192.168.2.7
                                                                                                              Nov 3, 2024 09:37:42.349776983 CET61254443192.168.2.745.94.31.29
                                                                                                              Nov 3, 2024 09:37:42.352519035 CET61254443192.168.2.745.94.31.29
                                                                                                              Nov 3, 2024 09:37:42.352530003 CET4436125445.94.31.29192.168.2.7
                                                                                                              Nov 3, 2024 09:37:42.352807999 CET4436125445.94.31.29192.168.2.7
                                                                                                              Nov 3, 2024 09:37:42.353202105 CET61254443192.168.2.745.94.31.29
                                                                                                              Nov 3, 2024 09:37:42.395349026 CET4436125445.94.31.29192.168.2.7
                                                                                                              Nov 3, 2024 09:37:50.351943016 CET6125513192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:50.356905937 CET1361255129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:50.357095957 CET6125513192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:51.082986116 CET1361255129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:51.083111048 CET6125513192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:51.083168030 CET6125513192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:51.084039927 CET6125613192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:51.087986946 CET1361255129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:51.089015961 CET1361256129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:51.089112997 CET6125613192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:51.818480015 CET1361256129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:51.818886042 CET6125613192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:51.818913937 CET6125613192.168.2.7129.6.15.28
                                                                                                              Nov 3, 2024 09:37:51.820453882 CET6125713192.168.2.7132.163.97.2
                                                                                                              Nov 3, 2024 09:37:51.823743105 CET1361256129.6.15.28192.168.2.7
                                                                                                              Nov 3, 2024 09:37:51.825301886 CET1361257132.163.97.2192.168.2.7
                                                                                                              Nov 3, 2024 09:37:51.825381041 CET6125713192.168.2.7132.163.97.2
                                                                                                              Nov 3, 2024 09:37:52.522373915 CET1361257132.163.97.2192.168.2.7
                                                                                                              Nov 3, 2024 09:37:52.522491932 CET6125713192.168.2.7132.163.97.2
                                                                                                              Nov 3, 2024 09:37:52.529222012 CET6125713192.168.2.7132.163.97.2
                                                                                                              Nov 3, 2024 09:37:52.534082890 CET1361257132.163.97.2192.168.2.7
                                                                                                              Nov 3, 2024 09:37:52.776676893 CET6125880192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:52.781619072 CET8061258193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:52.781708956 CET6125880192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:52.781804085 CET6125880192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:52.786659002 CET8061258193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:53.840296984 CET8061258193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:53.840579033 CET6125880192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:53.840579033 CET6125880192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:53.841007948 CET6125980192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:53.845432043 CET8061258193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:53.845834970 CET806125945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:53.845900059 CET6125980192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:53.846019030 CET6125980192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:53.850825071 CET806125945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:54.897089958 CET806125945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:54.897109985 CET806125945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:54.897119045 CET806125945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:54.897216082 CET6125980192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:54.897327900 CET6125980192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:54.898111105 CET6126080192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:54.902236938 CET806125945.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:54.902935982 CET806126045.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:54.903013945 CET6126080192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:54.903104067 CET6126080192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:54.907876968 CET806126045.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:55.974072933 CET806126045.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:55.974200964 CET6126080192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:55.974289894 CET6126080192.168.2.745.66.35.11
                                                                                                              Nov 3, 2024 09:37:55.974781036 CET6126180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:55.982407093 CET806126045.66.35.11192.168.2.7
                                                                                                              Nov 3, 2024 09:37:55.982419014 CET8061261193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:55.982494116 CET6126180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:55.984292030 CET6126180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:55.990731955 CET8061261193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:57.043379068 CET8061261193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:57.043487072 CET6126180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:57.043523073 CET6126180192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:57.044060946 CET6126280192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:57.048289061 CET8061261193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:57.048839092 CET8061262193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:57.048897028 CET6126280192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:57.049597025 CET6126280192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:57.054377079 CET8061262193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:58.122644901 CET8061262193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:58.122793913 CET6126280192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:58.124456882 CET6126280192.168.2.7193.23.244.244
                                                                                                              Nov 3, 2024 09:37:58.125441074 CET6126380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:58.135395050 CET8061262193.23.244.244192.168.2.7
                                                                                                              Nov 3, 2024 09:37:58.135409117 CET8061263216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:58.135488987 CET6126380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:58.135570049 CET6126380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:58.140325069 CET8061263216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:58.896753073 CET8061263216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:58.896769047 CET8061263216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:58.896778107 CET8061263216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:58.897201061 CET6126380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:58.904766083 CET8061263216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:37:58.904874086 CET6126380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:58.904949903 CET6126380192.168.2.7216.218.219.41
                                                                                                              Nov 3, 2024 09:37:58.905693054 CET61264443192.168.2.7158.69.205.247
                                                                                                              Nov 3, 2024 09:37:58.905735016 CET44361264158.69.205.247192.168.2.7
                                                                                                              Nov 3, 2024 09:37:58.905813932 CET61264443192.168.2.7158.69.205.247
                                                                                                              Nov 3, 2024 09:37:58.905989885 CET61264443192.168.2.7158.69.205.247
                                                                                                              Nov 3, 2024 09:37:58.905999899 CET44361264158.69.205.247192.168.2.7
                                                                                                              Nov 3, 2024 09:37:58.909754038 CET8061263216.218.219.41192.168.2.7
                                                                                                              Nov 3, 2024 09:38:00.054924011 CET44361264158.69.205.247192.168.2.7
                                                                                                              Nov 3, 2024 09:38:00.055097103 CET61264443192.168.2.7158.69.205.247
                                                                                                              Nov 3, 2024 09:38:00.056535006 CET61264443192.168.2.7158.69.205.247
                                                                                                              Nov 3, 2024 09:38:00.056545973 CET44361264158.69.205.247192.168.2.7
                                                                                                              Nov 3, 2024 09:38:00.056747913 CET44361264158.69.205.247192.168.2.7
                                                                                                              Nov 3, 2024 09:38:00.057084084 CET61264443192.168.2.7158.69.205.247
                                                                                                              Nov 3, 2024 09:38:00.103331089 CET44361264158.69.205.247192.168.2.7
                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Nov 3, 2024 09:36:05.907767057 CET4943553192.168.2.71.1.1.1
                                                                                                              Nov 3, 2024 09:36:05.914386034 CET53494351.1.1.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:25.156213045 CET5657953192.168.2.71.1.1.1
                                                                                                              Nov 3, 2024 09:36:25.163218975 CET53565791.1.1.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:25.904565096 CET6132453192.168.2.71.1.1.1
                                                                                                              Nov 3, 2024 09:36:25.911963940 CET53613241.1.1.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:26.646142960 CET5889653192.168.2.71.1.1.1
                                                                                                              Nov 3, 2024 09:36:26.653394938 CET53588961.1.1.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:36.952508926 CET5357539162.159.36.2192.168.2.7
                                                                                                              Nov 3, 2024 09:36:37.797038078 CET6408653192.168.2.71.1.1.1
                                                                                                              Nov 3, 2024 09:36:37.804018974 CET53640861.1.1.1192.168.2.7
                                                                                                              Nov 3, 2024 09:36:50.460282087 CET6285953192.168.2.71.1.1.1
                                                                                                              Nov 3, 2024 09:36:50.467551947 CET53628591.1.1.1192.168.2.7
                                                                                                              Nov 3, 2024 09:37:39.487835884 CET6223053192.168.2.71.1.1.1
                                                                                                              Nov 3, 2024 09:37:39.494534016 CET53622301.1.1.1192.168.2.7
                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Nov 3, 2024 09:36:05.907767057 CET192.168.2.71.1.1.10x35b8Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:25.156213045 CET192.168.2.71.1.1.10x8d99Standard query (0)time-a.nist.govA (IP address)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:25.904565096 CET192.168.2.71.1.1.10x400cStandard query (0)time-a-g.nist.govA (IP address)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:26.646142960 CET192.168.2.71.1.1.10xb576Standard query (0)time.nist.govA (IP address)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:37.797038078 CET192.168.2.71.1.1.10xb098Standard query (0)171.39.242.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:50.460282087 CET192.168.2.71.1.1.10x4a34Standard query (0)time-a.nist.govA (IP address)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:37:39.487835884 CET192.168.2.71.1.1.10xab0dStandard query (0)time.nist.govA (IP address)IN (0x0001)false
                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Nov 3, 2024 09:36:05.914386034 CET1.1.1.1192.168.2.70x35b8No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:05.914386034 CET1.1.1.1192.168.2.70x35b8No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:05.914386034 CET1.1.1.1192.168.2.70x35b8No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:25.163218975 CET1.1.1.1192.168.2.70x8d99No error (0)time-a.nist.govtime-a-g.nist.govCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:25.163218975 CET1.1.1.1192.168.2.70x8d99No error (0)time-a-g.nist.gov129.6.15.28A (IP address)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:25.911963940 CET1.1.1.1192.168.2.70x400cNo error (0)time-a-g.nist.gov129.6.15.28A (IP address)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:26.653394938 CET1.1.1.1192.168.2.70xb576No error (0)time.nist.govntp1.glb.nist.govCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:26.653394938 CET1.1.1.1192.168.2.70xb576No error (0)ntp1.glb.nist.gov132.163.96.1A (IP address)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:37.804018974 CET1.1.1.1192.168.2.70xb098Name error (3)171.39.242.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:50.467551947 CET1.1.1.1192.168.2.70x4a34No error (0)time-a.nist.govtime-a-g.nist.govCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:36:50.467551947 CET1.1.1.1192.168.2.70x4a34No error (0)time-a-g.nist.gov129.6.15.28A (IP address)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:37:39.494534016 CET1.1.1.1192.168.2.70xab0dNo error (0)time.nist.govntp1.glb.nist.govCNAME (Canonical name)IN (0x0001)false
                                                                                                              Nov 3, 2024 09:37:39.494534016 CET1.1.1.1192.168.2.70xab0dNo error (0)ntp1.glb.nist.gov132.163.97.2A (IP address)IN (0x0001)false
                                                                                                              • api.ipify.org
                                                                                                              • 131.188.40.189
                                                                                                              • 216.218.219.41
                                                                                                              • 45.66.35.11
                                                                                                              • 193.23.244.244
                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.749699131.188.40.189807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:02.886225939 CET74OUTGET /tor/status-vote/current/consensus HTTP/1.0
                                                                                                              Host: 131.188.40.189
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:
                                                                                                              Nov 3, 2024 09:36:03.944403887 CET1236INHTTP/1.0 200 OK
                                                                                                              Date: Sun, 03 Nov 2024 08:36:03 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              X-Your-Address-Is: 96.44.151.123
                                                                                                              Content-Encoding: identity
                                                                                                              Expires: Sun, 03 Nov 2024 09:00:00 GMT
                                                                                                              Vary: X-Or-Diff-From-Consensus
                                                                                                              Data Raw: 6e 65 74 77 6f 72 6b 2d 73 74 61 74 75 73 2d 76 65 72 73 69 6f 6e 20 33 0a 76 6f 74 65 2d 73 74 61 74 75 73 20 63 6f 6e 73 65 6e 73 75 73 0a 63 6f 6e 73 65 6e 73 75 73 2d 6d 65 74 68 6f 64 20 33 33 0a 76 61 6c 69 64 2d 61 66 74 65 72 20 32 30 32 34 2d 31 31 2d 30 33 20 30 38 3a 30 30 3a 30 30 0a 66 72 65 73 68 2d 75 6e 74 69 6c 20 32 30 32 34 2d 31 31 2d 30 33 20 30 39 3a 30 30 3a 30 30 0a 76 61 6c 69 64 2d 75 6e 74 69 6c 20 32 30 32 34 2d 31 31 2d 30 33 20 31 31 3a 30 30 3a 30 30 0a 76 6f 74 69 6e 67 2d 64 65 6c 61 79 20 33 30 30 20 33 30 30 0a 63 6c 69 65 6e 74 2d 76 65 72 73 69 6f 6e 73 20 30 2e 34 2e 38 2e 31 2d 61 6c 70 68 61 2c 30 2e 34 2e 38 2e 32 2d 61 6c 70 68 61 2c 30 2e 34 2e 38 2e 33 2d 72 63 2c 30 2e 34 2e 38 2e 34 2c 30 2e 34 2e 38 2e 35 2c 30 2e 34 2e 38 2e 36 2c 30 2e 34 2e 38 2e 37 2c 30 2e 34 2e 38 2e 38 2c 30 2e 34 2e 38 2e 39 2c 30 2e 34 2e 38 2e 31 30 2c 30 2e 34 2e 38 2e 31 31 2c 30 2e 34 2e 38 2e 31 32 2c 30 2e 34 2e 38 2e 31 33 0a 73 65 72 76 65 72 2d 76 65 72 73 69 6f 6e 73 [TRUNCATED]
                                                                                                              Data Ascii: network-status-version 3vote-status consensusconsensus-method 33valid-after 2024-11-03 08:00:00fresh-until 2024-11-03 09:00:00valid-until 2024-11-03 11:00:00voting-delay 300 300client-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11,0.4.8.12,0.4.8.13server-versions 0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9,0.4.8.10,0.4.8.11,0.4.8.12,0.4.8.13known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Validrecommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2required-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2params AuthDirMa [TRUNCATED]
                                                                                                              Nov 3, 2024 09:36:03.944421053 CET212INData Raw: 50 65 72 41 64 64 72 3d 38 20 43 69 72 63 75 69 74 50 72 69 6f 72 69 74 79 48 61 6c 66 6c 69 66 65 4d 73 65 63 3d 33 30 30 30 30 20 44 6f 53 43 69 72 63 75 69 74 43 72 65 61 74 69 6f 6e 42 75 72 73 74 3d 36 30 20 44 6f 53 43 69 72 63 75 69 74 43
                                                                                                              Data Ascii: PerAddr=8 CircuitPriorityHalflifeMsec=30000 DoSCircuitCreationBurst=60 DoSCircuitCreationEnabled=1 DoSCircuitCreationMinConnections=2 DoSCircuitCreationRate=2 DoSConnectionEnabled=1 DoSConnectionMaxConcurrentCoun
                                                                                                              Nov 3, 2024 09:36:03.944432020 CET1236INData Raw: 74 3d 35 30 20 44 6f 53 52 65 66 75 73 65 53 69 6e 67 6c 65 48 6f 70 43 6c 69 65 6e 74 52 65 6e 64 65 7a 76 6f 75 73 3d 31 20 45 78 74 65 6e 64 42 79 45 64 32 35 35 31 39 49 44 3d 31 20 4b 49 53 54 53 63 68 65 64 52 75 6e 49 6e 74 65 72 76 61 6c
                                                                                                              Data Ascii: t=50 DoSRefuseSingleHopClientRendezvous=1 ExtendByEd25519ID=1 KISTSchedRunInterval=3 NumNTorsPerTAP=100 UseOptimisticData=1 bwauthpid=1 bwscanner_cc=1 cbttestfreq=10 cc_alg=2 cc_cwnd_full_gap=4 cc_cwnd_full_minpct=25 cc_cwnd_inc=1 cc_cwnd_inc_
                                                                                                              Nov 3, 2024 09:36:03.944444895 CET1236INData Raw: 72 69 73 65 75 70 20 64 6f 74 20 6e 65 74 3e 20 2d 20 31 6e 4e 7a 65 6b 75 48 47 47 7a 42 59 52 7a 79 6a 66 6a 46 45 66 65 69 73 4e 76 78 6b 6e 34 52 54 0a 76 6f 74 65 2d 64 69 67 65 73 74 20 34 44 42 36 36 36 35 44 37 43 36 39 34 41 30 30 35 46
                                                                                                              Data Ascii: riseup dot net> - 1nNzekuHGGzBYRzyjfjFEfeisNvxkn4RTvote-digest 4DB6665D7C694A005F4E3968DD8E545EB16C1969dir-source bastet 27102BC123E7AF1D4741AE047E160C91ADC76B21 204.13.164.118 204.13.164.118 80 443contact stefani <nocat at readthefinemanua
                                                                                                              Nov 3, 2024 09:36:03.944454908 CET1236INData Raw: 32 35 43 45 46 35 31 35 42 32 32 36 20 31 33 31 2e 31 38 38 2e 34 30 2e 31 38 39 20 31 33 31 2e 31 38 38 2e 34 30 2e 31 38 39 20 38 30 20 34 34 33 0a 63 6f 6e 74 61 63 74 20 34 30 39 36 52 2f 32 36 31 43 35 46 42 45 37 37 32 38 35 46 38 38 46 42
                                                                                                              Data Ascii: 25CEF515B226 131.188.40.189 131.188.40.189 80 443contact 4096R/261C5FBE77285F88FB0C343266C8C2D7C5AA446D Sebastian Hahn <tor@sebastianhahn.net> - 12NbRAjAG5U3LLWETSF7fSTcdaz32Mu5CNvote-digest A9A478340E574B694C1280253DF303D0F2F05DDFdir-sourc
                                                                                                              Nov 3, 2024 09:36:03.944468975 CET1236INData Raw: 35 30 30 2c 31 35 33 33 2c 31 36 37 37 2c 31 37 32 33 2c 31 37 35 35 2c 31 38 36 33 2c 32 30 38 32 2d 32 30 38 33 2c 32 30 38 36 2d 32 30 38 37 2c 32 30 39 35 2d 32 30 39 36 2c 32 31 30 32 2d 32 31 30 34 2c 33 31 32 38 2c 33 33 38 39 2c 33 36 39
                                                                                                              Data Ascii: 500,1533,1677,1723,1755,1863,2082-2083,2086-2087,2095-2096,2102-2104,3128,3389,3690,4321,4643,5050,5190,5222-5223,5228,5900,6660-6669,6679,6697,8000,8008,8074,8080,8082,8087-8088,8332-8333,8443,8888,9418,9999-10000,11371,19294,19638,50002,6473
                                                                                                              Nov 3, 2024 09:36:03.944525003 CET1236INData Raw: 2c 32 30 38 36 2d 32 30 38 37 2c 32 30 39 35 2d 32 30 39 36 2c 32 31 30 32 2d 32 31 30 34 2c 33 31 32 38 2c 33 33 38 39 2c 33 36 39 30 2c 34 33 32 31 2c 34 36 34 33 2c 35 30 35 30 2c 35 31 39 30 2c 35 32 32 32 2d 35 32 32 33 2c 35 32 32 38 2c 35
                                                                                                              Data Ascii: ,2086-2087,2095-2096,2102-2104,3128,3389,3690,4321,4643,5050,5190,5222-5223,5228,5900,6660-6669,6679,6697,8000,8008,8074,8080,8082,8087-8088,8232-8233,8332-8333,8443,8888,9418,9999-10000,11371,19294,19638,50002,64738r CalyxInstitute14 ABG9JIW
                                                                                                              Nov 3, 2024 09:36:03.944538116 CET1236INData Raw: 3d 32 20 52 65 6c 61 79 3d 31 2d 34 0a 77 20 42 61 6e 64 77 69 64 74 68 3d 34 39 30 0a 70 20 61 63 63 65 70 74 20 31 32 33 34 35 2d 31 32 33 35 30 0a 72 20 4d 4f 52 44 45 4b 41 49 53 45 52 20 41 42 65 6b 63 34 74 76 2f 46 34 39 44 38 66 75 4f 41
                                                                                                              Data Ascii: =2 Relay=1-4w Bandwidth=490p accept 12345-12350r MORDEKAISER ABekc4tv/F49D8fuOAwQ/CFgMoo fvnINGsFgtjuML+6Q7OX5jwAWSk 2024-11-03 00:00:21 84.16.234.150 9030 0s Fast Guard Running Stable V2Dir Validv Tor 0.4.8.12pr Conflux=1 Cons=1-2 Desc=
                                                                                                              Nov 3, 2024 09:36:03.944550037 CET1236INData Raw: 30 3a 31 39 32 3a 3a 31 34 30 5d 3a 34 34 33 0a 73 20 45 78 69 74 20 46 61 73 74 20 48 53 44 69 72 20 52 75 6e 6e 69 6e 67 20 53 74 61 62 6c 65 20 56 32 44 69 72 20 56 61 6c 69 64 0a 76 20 54 6f 72 20 30 2e 34 2e 38 2e 31 33 0a 70 72 20 43 6f 6e
                                                                                                              Data Ascii: 0:192::140]:443s Exit Fast HSDir Running Stable V2Dir Validv Tor 0.4.8.13pr Conflux=1 Cons=1-2 Desc=1-2 DirCache=2 FlowCtrl=1-2 HSDir=2 HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-4w Bandwidth=7100p accept
                                                                                                              Nov 3, 2024 09:36:03.944560051 CET1236INData Raw: 2d 32 20 44 69 72 43 61 63 68 65 3d 32 20 46 6c 6f 77 43 74 72 6c 3d 31 2d 32 20 48 53 44 69 72 3d 32 20 48 53 49 6e 74 72 6f 3d 34 2d 35 20 48 53 52 65 6e 64 3d 31 2d 32 20 4c 69 6e 6b 3d 31 2d 35 20 4c 69 6e 6b 41 75 74 68 3d 31 2c 33 20 4d 69
                                                                                                              Data Ascii: -2 DirCache=2 FlowCtrl=1-2 HSDir=2 HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-4w Bandwidth=19000p reject 25r Unnamed AD9/AOvZLybDbQkeinbf1x0dhlI wYZs/2tmTAMyhICaOghXI/ZZVyE 2024-11-03 01:03:29 84.144.179.16
                                                                                                              Nov 3, 2024 09:36:03.950038910 CET1236INData Raw: 33 2c 38 37 33 2c 39 39 31 2c 39 39 33 2d 39 39 35 2c 31 31 39 34 2c 31 32 39 33 2c 33 36 39 30 2c 34 33 32 31 2c 35 32 32 32 2d 35 32 32 33 2c 35 32 32 38 2c 36 36 36 30 2d 36 36 36 39 2c 36 36 37 39 2c 36 36 39 37 2c 39 34 31 38 2c 31 31 33 37
                                                                                                              Data Ascii: 3,873,991,993-995,1194,1293,3690,4321,5222-5223,5228,6660-6669,6679,6697,9418,11371,64738r NTH33R5 AFXbCQgg18CJmewVmP1upjZYYa0 QiSPlYO4Q2SOmhe/FLwTmduEcsY 2024-11-02 20:28:34 192.42.116.185 9004 0a [2001:67c:6ec:203:192:42:116:185]:9004s Ex


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.749701216.218.219.41807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:07.799499035 CET95OUTGET /tor/server/fp/39c2201ae58f7ef3f6bf2c8a1bb5630abf06fbf9 HTTP/1.0
                                                                                                              Host: 216.218.219.41
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              2192.168.2.74970245.66.35.11807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:08.577169895 CET92OUTGET /tor/server/fp/39c2201ae58f7ef3f6bf2c8a1bb5630abf06fbf9 HTTP/1.0
                                                                                                              Host: 45.66.35.11
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              3192.168.2.749704193.23.244.244807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:09.645361900 CET95OUTGET /tor/server/fp/39c2201ae58f7ef3f6bf2c8a1bb5630abf06fbf9 HTTP/1.0
                                                                                                              Host: 193.23.244.244
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              4192.168.2.749705193.23.244.244807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:10.700206041 CET95OUTGET /tor/server/fp/e2f67eec1c8cd17d17d309b63986ea6cbd18ea20 HTTP/1.0
                                                                                                              Host: 193.23.244.244
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              5192.168.2.749711193.23.244.244807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:11.762242079 CET95OUTGET /tor/server/fp/e2f67eec1c8cd17d17d309b63986ea6cbd18ea20 HTTP/1.0
                                                                                                              Host: 193.23.244.244
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              6192.168.2.74971745.66.35.11807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:12.821417093 CET92OUTGET /tor/server/fp/e2f67eec1c8cd17d17d309b63986ea6cbd18ea20 HTTP/1.0
                                                                                                              Host: 45.66.35.11
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              7192.168.2.749723216.218.219.41807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:13.864706993 CET95OUTGET /tor/server/fp/4bfc9c631a93ff4ba3aa84bc6931b4310c38a263 HTTP/1.0
                                                                                                              Host: 216.218.219.41
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:
                                                                                                              Nov 3, 2024 09:36:14.643049002 CET1236INHTTP/1.0 200 OK
                                                                                                              Date: Sun, 03 Nov 2024 08:36:14 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              X-Your-Address-Is: 96.44.151.123
                                                                                                              Content-Encoding: identity
                                                                                                              Expires: Tue, 05 Nov 2024 08:36:14 GMT
                                                                                                              Data Raw: 72 6f 75 74 65 72 20 6b 61 72 6f 74 74 65 20 31 30 39 2e 37 30 2e 31 30 30 2e 34 20 34 34 33 20 30 20 30 0a 69 64 65 6e 74 69 74 79 2d 65 64 32 35 35 31 39 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 41 51 51 41 42 31 74 56 41 56 38 41 79 63 4a 56 72 6d 57 49 67 61 2f 56 56 37 4a 75 34 61 61 4e 56 65 42 31 4f 79 48 4e 6d 42 77 78 54 38 57 49 39 30 57 45 41 51 41 67 42 41 44 46 73 4d 35 54 0a 5a 5a 75 57 78 79 34 6a 47 37 6e 70 42 51 75 4a 6e 66 4e 64 66 49 76 57 2b 70 2f 2b 57 2b 59 63 51 4b 32 43 44 32 34 56 79 43 6d 31 53 61 47 47 78 4a 71 2f 61 33 6f 79 65 32 57 79 4f 6c 68 45 0a 78 46 36 50 35 70 33 64 39 37 39 5a 74 56 41 68 30 6c 35 75 52 32 38 4e 57 35 50 39 4a 6e 66 67 74 67 30 4e 52 56 6e 6e 2f 78 52 4a 61 73 39 79 59 55 56 43 73 33 52 76 42 67 6b 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 6d 61 73 74 65 72 2d 6b 65 79 2d 65 64 32 35 35 31 39 20 78 62 44 4f 55 32 57 62 6c 73 63 75 49 78 75 35 36 51 55 [TRUNCATED]
                                                                                                              Data Ascii: router karotte 109.70.100.4 443 0 0identity-ed25519-----BEGIN ED25519 CERT-----AQQAB1tVAV8AycJVrmWIga/VV7Ju4aaNVeB1OyHNmBwxT8WI90WEAQAgBADFsM5TZZuWxy4jG7npBQuJnfNdfIvW+p/+W+YcQK2CD24VyCm1SaGGxJq/a3oye2WyOlhExF6P5p3d979ZtVAh0l5uR28NW5P9Jnfgtg0NRVnn/xRJas9yYUVCs3RvBgk=-----END ED25519 CERT-----master-key-ed25519 xbDOU2WblscuIxu56QULiZ3zXXyL1vqf/lvmHECtgg8or-address [2a03:e600:100::4]:443platform Tor 0.4.8.12 on Linuxproto Conflux=1 Cons=1-2 Desc=1-2 DirCache=2 FlowCtrl=1-2 HSDir=2 HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-4published 2024-11-02 22:49:46fingerprint 4BFC 9C63 1A93 FF4B A3AA 84BC 6931 B431 0C38 A263uptime 2523670bandwidth 65536000 131072000 15005177extra-info-digest 983AA1A20B3B76490B27E5B402A58EC55331D9B4 ITi7W2wPSda+q4IZUAefMM0lJWKWMqBKnE4UTReSKdgonion-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBALOJCjdLDKUTnKzVoDqajO9ehveRxusT4JBav7iXKvTnVII9JLN6zd65+TlydS8H+rPO9XgTLJtiQ2XZiJDdgNY9TyOfqV6nFL9uEeBYjgeNymHu/Cas8wlw8n4HbRMGkLQRUPLYEMPy [TRUNCATED]
                                                                                                              Nov 3, 2024 09:36:14.643068075 CET764INData Raw: 0a 2d 2d 2d 2d 2d 45 4e 44 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 73 69 67 6e 69 6e 67 2d 6b 65 79 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 47 4a 41 6f 47 42 41
                                                                                                              Data Ascii: -----END RSA PUBLIC KEY-----signing-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAPwvbtIPcnESYpDXkq7rAvmIDJYi2aw4Vzobhe/ZWwpAfkQ8dpqDgGk3L3mnoAFrfnKGTzKzGOg8u2KXcvvcjgz0BXpYVM4Y9n21fjR3Gf+mfhHpKVrmLtS7S7ATPyEl6exWiko6uw3OYaJthPnU2e17Hu5I9vcH


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              8192.168.2.74972945.66.35.11807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:14.780163050 CET92OUTGET /tor/server/fp/6c143720fff8469ef6a5c5b4066366340cf6c0d1 HTTP/1.0
                                                                                                              Host: 45.66.35.11
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:
                                                                                                              Nov 3, 2024 09:36:15.841190100 CET1236INHTTP/1.0 200 OK
                                                                                                              Date: Sun, 03 Nov 2024 08:36:15 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              X-Your-Address-Is: 96.44.151.123
                                                                                                              Content-Encoding: identity
                                                                                                              Expires: Tue, 05 Nov 2024 08:36:15 GMT
                                                                                                              Data Raw: 72 6f 75 74 65 72 20 43 61 6c 79 78 49 6e 73 74 69 74 75 74 65 31 31 20 31 36 32 2e 32 34 37 2e 37 34 2e 32 37 20 34 34 33 20 30 20 30 0a 69 64 65 6e 74 69 74 79 2d 65 64 32 35 35 31 39 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 41 51 51 41 42 31 62 63 41 55 57 6b 4c 52 77 49 6c 36 4a 74 44 33 46 62 38 34 66 79 74 45 46 52 73 6c 2f 5a 4c 77 35 67 39 4e 37 46 6f 70 68 65 6d 51 76 6a 41 51 41 67 42 41 41 56 31 4e 51 50 0a 2b 31 32 57 30 4a 36 55 30 6a 4d 75 69 2b 79 4d 31 63 6f 41 39 79 72 32 5a 45 42 37 71 44 55 75 2b 59 4e 72 52 66 6c 53 51 43 30 4e 54 78 42 32 7a 53 48 41 6b 34 34 70 46 79 58 48 4e 67 4f 74 0a 37 56 78 2b 6a 34 53 53 33 63 4a 51 72 49 4d 79 72 55 4e 7a 70 6d 74 47 6d 69 41 73 77 70 63 71 65 51 32 63 57 6d 69 5a 36 76 75 34 44 39 79 4d 30 70 4a 6f 43 57 70 43 66 41 67 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 6d 61 73 74 65 72 2d 6b 65 79 2d 65 64 32 35 35 31 39 20 46 64 54 55 44 2f 74 64 6c [TRUNCATED]
                                                                                                              Data Ascii: router CalyxInstitute11 162.247.74.27 443 0 0identity-ed25519-----BEGIN ED25519 CERT-----AQQAB1bcAUWkLRwIl6JtD3Fb84fytEFRsl/ZLw5g9N7FophemQvjAQAgBAAV1NQP+12W0J6U0jMui+yM1coA9yr2ZEB7qDUu+YNrRflSQC0NTxB2zSHAk44pFyXHNgOt7Vx+j4SS3cJQrIMyrUNzpmtGmiAswpcqeQ2cWmiZ6vu4D9yM0pJoCWpCfAg=-----END ED25519 CERT-----master-key-ed25519 FdTUD/tdltCelNIzLovsjNXKAPcq9mRAe6g1LvmDa0Uplatform Tor 0.4.8.11 on Linuxproto Conflux=1 Cons=1-2 Desc=1-2 DirCache=2 FlowCtrl=1-2 HSDir=2 HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-4published 2024-11-03 07:25:34fingerprint 6C14 3720 FFF8 469E F6A5 C5B4 0663 6634 0CF6 C0D1uptime 14436352bandwidth 1073741824 1073741824 14296236extra-info-digest F9ABE3272F292433C00F9F448E3872742AE166E6 bsMNyFMIgkII+6oKqrt8NpvRil8BDV70u11Z8VRwoJgonion-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAMcNs/Xgq+J4q+hhh9W1IU6o1LXDdahwVYRxfKxBFkeioWwEzkPeeGcXR2HU4Yqzh9zflAmoyIkNEwT8lBT1pIhPwWGq60WAchmX6UyouyNvuBzT/wsUBPa+solXMAqJR+B2GU4+wupsNJcN7OXw4WkCCZoFOgtO [TRUNCATED]
                                                                                                              Nov 3, 2024 09:36:15.841212988 CET1236INData Raw: 20 4b 45 59 2d 2d 2d 2d 2d 0a 73 69 67 6e 69 6e 67 2d 6b 65 79 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 47 4a 41 6f 47 42 41 4e 32 63 31 50 4f 4b 69 6e 58 70 36 66 38 69 49 61 66 73 37
                                                                                                              Data Ascii: KEY-----signing-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAN2c1POKinXp6f8iIafs7TblvP1/fyZeRIELC9ZUx0skJDaSD7o2JmKUQ3AJYC85p9L3xPVT5VUq8TEi3kef/yjzG5h2seSx6b1IdJCTTrZ9Fm+tVS7Ckl/nqvFYO/TrP7gVVtwWR6XhaihQms5Qdol2HaeWpLUnRwKynjN6txSzAgMBAAE=
                                                                                                              Nov 3, 2024 09:36:15.841228008 CET424INData Raw: 34 41 31 35 46 31 32 43 33 32 41 33 36 46 45 30 46 32 20 24 38 31 45 44 46 42 43 38 46 36 46 35 43 37 43 46 30 41 44 44 35 46 38 45 30 38 42 43 38 46 41 42 41 30 34 30 38 39 43 36 20 24 38 34 44 33 36 31 42 37 33 36 41 38 43 44 31 45 38 38 31 38
                                                                                                              Data Ascii: 4A15F12C32A36FE0F2 $81EDFBC8F6F5C7CF0ADD5F8E08BC8FABA04089C6 $84D361B736A8CD1E8818D0FC186892E91AB76881 $A7C7EB2A0DFB2E3FFFC12B7756707433DD550F9E $B34CC9056250847D1980F08285B01CF0B718C0B6 $E4D1F25DFBE484208866BA4A1A958B73127CB0AD $E8663924FE2AA
                                                                                                              Nov 3, 2024 09:36:15.841239929 CET1236INData Raw: 54 43 20 2d 20 31 34 77 6e 74 51 38 63 42 64 6e 68 55 56 66 59 6d 44 6a 58 7a 36 50 62 70 53 53 58 38 6e 43 74 6b 72 0a 6e 74 6f 72 2d 6f 6e 69 6f 6e 2d 6b 65 79 20 4e 4a 64 51 61 44 61 39 43 2b 4b 58 43 44 6a 35 79 44 56 70 43 52 63 4b 4a 68 43
                                                                                                              Data Ascii: TC - 14wntQ8cBdnhUVfYmDjXz6PbpSSX8nCtkrntor-onion-key NJdQaDa9C+KXCDj5yDVpCRcKJhCnXaFW7fc+oq+AlXsreject 0.0.0.0/8:*reject 169.254.0.0/16:*reject 127.0.0.0/8:*reject 192.168.0.0/16:*reject 10.0.0.0/8:*reject 172.16.0.0/12:*reject 162.24
                                                                                                              Nov 3, 2024 09:36:15.841252089 CET382INData Raw: 38 0a 72 65 6a 65 63 74 20 2a 3a 2a 0a 74 75 6e 6e 65 6c 6c 65 64 2d 64 69 72 2d 73 65 72 76 65 72 0a 72 6f 75 74 65 72 2d 73 69 67 2d 65 64 32 35 35 31 39 20 43 4e 7a 69 33 76 42 69 38 58 4a 39 73 76 76 79 58 73 6f 58 74 56 54 4e 6b 6f 61 6a 69
                                                                                                              Data Ascii: 8reject *:*tunnelled-dir-serverrouter-sig-ed25519 CNzi3vBi8XJ9svvyXsoXtVTNkoajijndORs+ebSDuOj1DXB5T3s94LxkVCAaBzc4K3iQc95msO6/g42BKTr4BQrouter-signature-----BEGIN SIGNATURE-----WD/1i/+r9ZJaE55QhkxtyWFEmBJ2OU1kBXxo3V6yz2//x8ZJjtNgPhhJbRy6


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              9192.168.2.74979245.66.35.11807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:27.339319944 CET92OUTGET /tor/server/fp/bc97dbf322e999ee1ff0fa1ff433dc1432757415 HTTP/1.0
                                                                                                              Host: 45.66.35.11
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:
                                                                                                              Nov 3, 2024 09:36:28.374439955 CET1236INHTTP/1.0 200 OK
                                                                                                              Date: Sun, 03 Nov 2024 08:36:28 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              X-Your-Address-Is: 96.44.151.123
                                                                                                              Content-Encoding: identity
                                                                                                              Expires: Tue, 05 Nov 2024 08:36:28 GMT
                                                                                                              Data Raw: 72 6f 75 74 65 72 20 45 6d 65 72 61 6c 64 31 34 35 20 32 33 2e 31 32 39 2e 36 34 2e 31 34 35 20 34 34 33 20 30 20 30 0a 69 64 65 6e 74 69 74 79 2d 65 64 32 35 35 31 39 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 41 51 51 41 42 31 62 39 41 5a 66 65 5a 49 62 56 42 37 2b 48 7a 75 52 6f 4f 66 4a 52 38 49 53 4d 2b 2f 47 67 59 6d 6e 2f 44 43 42 5a 30 74 61 4e 46 79 72 2b 41 51 41 67 42 41 44 2b 53 35 7a 4c 0a 6b 43 44 4e 6e 34 49 6e 51 58 62 61 67 2b 72 39 30 63 6f 37 47 73 56 4b 48 2b 77 62 56 55 6e 5a 4a 39 52 44 57 77 4d 31 68 74 61 63 6e 50 76 54 39 56 2f 57 59 69 6e 77 35 49 48 33 45 38 79 68 0a 65 64 48 43 4b 75 70 6b 53 71 78 68 59 50 74 55 42 33 66 79 31 61 48 48 6d 2b 46 58 39 68 37 4b 30 65 53 38 59 42 64 44 70 4e 63 47 6a 53 53 71 53 30 47 39 38 4e 76 2b 75 67 59 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 6d 61 73 74 65 72 2d 6b 65 79 2d 65 64 32 35 35 31 39 20 2f 6b 75 63 79 35 41 67 7a 5a 2b 43 4a 30 46 [TRUNCATED]
                                                                                                              Data Ascii: router Emerald145 23.129.64.145 443 0 0identity-ed25519-----BEGIN ED25519 CERT-----AQQAB1b9AZfeZIbVB7+HzuRoOfJR8ISM+/GgYmn/DCBZ0taNFyr+AQAgBAD+S5zLkCDNn4InQXbag+r90co7GsVKH+wbVUnZJ9RDWwM1htacnPvT9V/WYinw5IH3E8yhedHCKupkSqxhYPtUB3fy1aHHm+FX9h7K0eS8YBdDpNcGjSSqS0G98Nv+ugY=-----END ED25519 CERT-----master-key-ed25519 /kucy5AgzZ+CJ0F22oPq/dHKOxrFSh/sG1VJ2SfUQ1sor-address [2620:18c:0:192::145]:443platform Tor 0.4.8.13 on Linuxproto Conflux=1 Cons=1-2 Desc=1-2 DirCache=2 FlowCtrl=1-2 HSDir=2 HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-4published 2024-11-02 19:21:30fingerprint BC97 DBF3 22E9 99EE 1FF0 FA1F F433 DC14 3275 7415uptime 326526bandwidth 1073741824 1073741824 8129083extra-info-digest D36B0E7E3FC076A5B0915C949CB517037C800188 mDaOMJ5PB+qAnVw1ikP5dh4wHC/Z/Jk7OECTEATtmnsonion-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBANBuwmgAxYPtneTOx2Q9prNTyV6rISVEAMV83klMT4YHu9DfjanQXyBQFGpn3XLtl78KUXXE/foofO+u1UtsO3jDvPXg36NLWjYRpD1fuzb7xAElpVJEFOME/PdUMXF8yeMc [TRUNCATED]
                                                                                                              Nov 3, 2024 09:36:28.374551058 CET212INData Raw: 41 67 4d 42 41 41 45 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 73 69 67 6e 69 6e 67 2d 6b 65 79 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d
                                                                                                              Data Ascii: AgMBAAE=-----END RSA PUBLIC KEY-----signing-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBALPVlkY0WY4t7ODS6ADy3YbMM0I5ROgP+F3hVqSNGi7qke1+kwCnDaePYlDw4cmm2WyrTQcGTYmmY5JpZqRBntohtVaRUP8lHGMrqhSxwYUmBdYx6TIP9yXIi
                                                                                                              Nov 3, 2024 09:36:28.374561071 CET1236INData Raw: 56 65 4d 59 50 4f 53 4e 67 67 66 4e 7a 52 4e 2b 46 41 47 49 4a 34 6c 6d 6b 51 42 56 48 70 6e 54 2f 6f 52 70 71 32 7a 6c 67 30 74 43 6b 6a 46 68 6c 2f 4c 41 67 4d 42 41 41 45 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45
                                                                                                              Data Ascii: VeMYPOSNggfNzRN+FAGIJ4lmkQBVHpnT/oRpq2zlg0tCkjFhl/LAgMBAAE=-----END RSA PUBLIC KEY-----onion-key-crosscert-----BEGIN CROSSCERT-----p7dJzWzyOOF/YF4ZlXdlpRIEdkMZqSawjI/DZXSONrYh4sz3E/Y0rJYvoMyekuciL7D8is1w/P3MeRvtwc0KmqruuRAWwgUeAC/RHCCrYe+
                                                                                                              Nov 3, 2024 09:36:28.374577999 CET1236INData Raw: 37 38 20 24 36 35 36 39 44 35 33 32 35 39 37 36 36 38 43 38 39 33 44 43 30 36 46 39 30 46 33 38 30 33 45 46 32 42 36 42 35 36 45 42 20 24 36 36 36 33 34 46 31 35 33 32 35 43 41 39 31 46 34 41 44 43 46 45 35 34 45 35 41 34 45 38 41 42 37 41 41 37
                                                                                                              Data Ascii: 78 $6569D532597668C893DC06F90F3803EF2B6B56EB $66634F15325CA91F4ADCFE54E5A4E8AB7AA7DE01 $686486E748AA8C360A57E81E4ED915479740AF61 $692AC07ABF55C7A0773A6074FC70D683C854288F $6BEE6EBDCBBCC3EE4221BE9C27F2C23ABD132C7B $70A13CDB17390CF32966845EDA4D5
                                                                                                              Nov 3, 2024 09:36:28.374588966 CET1236INData Raw: 35 46 37 45 38 44 44 43 41 37 39 31 35 37 46 41 33 38 30 31 41 43 31 39 45 39 20 24 44 42 43 46 37 32 32 35 45 30 45 44 38 35 44 33 37 39 42 44 43 43 43 42 43 39 33 43 42 43 42 42 37 30 30 39 32 43 35 30 20 24 44 43 36 36 38 36 43 32 37 45 34 43
                                                                                                              Data Ascii: 5F7E8DDCA79157FA3801AC19E9 $DBCF7225E0ED85D379BDCCCBC93CBCBB70092C50 $DC6686C27E4C5D7B617D5EF1869C406C6A7D52D7 $DF3A86517CDB466EFAE87D27E14D69BD662C9020 $E6D2E710A0A150564BDE01CE19CD2A0F6A630953 $E7DDAD77B20AF425B4A5E75797DCFF90FC1395C1 $F18FB
                                                                                                              Nov 3, 2024 09:36:28.374598026 CET208INData Raw: 55 52 45 2d 2d 2d 2d 2d 0a 41 37 32 58 65 51 4d 79 67 37 4b 76 39 6a 68 6b 76 75 4e 6b 6b 77 61 2f 55 4e 77 74 64 39 61 7a 64 6b 36 56 6e 67 71 57 59 75 69 6c 52 2f 72 44 6e 65 68 58 69 57 6f 32 4c 73 4a 6c 63 49 75 35 0a 65 52 53 76 30 4a 78 4c
                                                                                                              Data Ascii: URE-----A72XeQMyg7Kv9jhkvuNkkwa/UNwtd9azdk6VngqWYuilR/rDnehXiWo2LsJlcIu5eRSv0JxLbssk+NDsht86GGq/HrPGgeyn6/RbrAG42TmPG0bJqPjTIls0pE14HKvvAF1Kawpvg6qai4WWRwbgC9ppIr07VKb6jhQ7Aw/2gi8=-----END SIGNATURE-----


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              10192.168.2.76108845.66.35.11807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:39.893393040 CET92OUTGET /tor/server/fp/ce4c88b2ca700655ac0cc98f093973ea86caee4d HTTP/1.0
                                                                                                              Host: 45.66.35.11
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:
                                                                                                              Nov 3, 2024 09:36:40.930845976 CET1236INHTTP/1.0 200 OK
                                                                                                              Date: Sun, 03 Nov 2024 08:36:40 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              X-Your-Address-Is: 96.44.151.123
                                                                                                              Content-Encoding: identity
                                                                                                              Expires: Tue, 05 Nov 2024 08:36:40 GMT
                                                                                                              Data Raw: 72 6f 75 74 65 72 20 76 65 72 73 65 64 30 33 20 39 34 2e 31 34 33 2e 31 33 37 2e 32 31 33 20 34 34 33 20 30 20 30 0a 69 64 65 6e 74 69 74 79 2d 65 64 32 35 35 31 39 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 41 51 51 41 42 31 64 6c 41 52 43 65 65 5a 55 67 46 2f 68 45 6a 46 6c 65 57 44 6f 35 62 46 54 74 52 35 30 53 51 45 6e 38 76 4c 55 45 64 4b 61 4b 34 4e 42 34 41 51 41 67 42 41 42 37 59 57 38 49 0a 74 61 55 48 2f 6f 59 67 51 38 65 2b 32 75 6c 38 74 48 54 55 61 79 69 54 45 54 30 6d 70 57 51 42 4a 4f 68 48 49 42 73 53 33 69 2f 51 74 62 75 59 34 6f 5a 76 6a 35 46 70 51 31 68 4f 68 30 6a 74 0a 4c 68 6c 69 37 72 58 6b 2f 53 64 4b 52 79 66 2f 4e 65 75 72 69 71 6c 54 6c 44 44 34 77 39 58 62 78 78 6f 39 51 2f 4b 64 57 37 72 30 35 7a 73 69 75 30 74 4d 37 6d 55 52 38 67 30 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 6d 61 73 74 65 72 2d 6b 65 79 2d 65 64 32 35 35 31 39 20 65 32 46 76 43 4c 57 6c 42 2f 36 47 49 45 50 48 [TRUNCATED]
                                                                                                              Data Ascii: router versed03 94.143.137.213 443 0 0identity-ed25519-----BEGIN ED25519 CERT-----AQQAB1dlARCeeZUgF/hEjFleWDo5bFTtR50SQEn8vLUEdKaK4NB4AQAgBAB7YW8ItaUH/oYgQ8e+2ul8tHTUayiTET0mpWQBJOhHIBsS3i/QtbuY4oZvj5FpQ1hOh0jtLhli7rXk/SdKRyf/NeuriqlTlDD4w9Xbxxo9Q/KdW7r05zsiu0tM7mUR8g0=-----END ED25519 CERT-----master-key-ed25519 e2FvCLWlB/6GIEPHvtrpfLR01GsokxE9JqVkASToRyAplatform Tor 0.4.8.12 on Linuxproto Conflux=1 Cons=1-2 Desc=1-2 DirCache=2 FlowCtrl=1-2 HSDir=2 HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-4published 2024-11-02 18:54:46fingerprint CE4C 88B2 CA70 0655 AC0C C98F 0939 73EA 86CA EE4Duptime 1426228bandwidth 419430400 524288000 20504045extra-info-digest 40853348A2421CFA76D843089C75C380C996EF22 y8RUh4eDrCaCJ9KBwEMedgu0cubDd16coKeSdNtztvwonion-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAOmsEi6fQGXTOVyy97L+BB/mp1DHFBueAKcqPpNVmisgHxaQ6lpgF64LVR4HHX2DsQVVaqkx+W/3ThKV31XRmOiNOhhxpX3bMF2/FfxvPdFFw4jFt/34wCTElwRkE3Pfdr2oE/uL8lRL1u779VurPvnlsDtx4duv52Dtac3U47 [TRUNCATED]
                                                                                                              Nov 3, 2024 09:36:40.930869102 CET212INData Raw: 73 69 67 6e 69 6e 67 2d 6b 65 79 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 47 4a 41 6f 47 42 41 4b 75 76 4c 46 4a 48 54 69 50 52 2b 47 33 66 59 66 52 69 67 4f 4e 47 51 58 4b 68 4a 5a 54
                                                                                                              Data Ascii: signing-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAKuvLFJHTiPR+G3fYfRigONGQXKhJZTUwRI/4aWs4OVoOWbeUm9XNSMSehEBatNu75GG5hKt8zDJhnLbqkRnKbvmsxBMiBCrHeX6PLmhgrlBSdI3X3omVYm5M7ECNWYMyUjI5ubLTUhLImJnFypUl3GvuwHu+bR
                                                                                                              Nov 3, 2024 09:36:40.930879116 CET1145INData Raw: 35 34 2b 33 52 70 59 32 6f 47 71 71 4c 41 67 4d 42 41 41 45 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 6f 6e 69 6f 6e 2d 6b 65 79 2d 63 72 6f 73 73 63 65 72 74 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20
                                                                                                              Data Ascii: 54+3RpY2oGqqLAgMBAAE=-----END RSA PUBLIC KEY-----onion-key-crosscert-----BEGIN CROSSCERT-----EWhhi9xW4qjkf99mcGA21xpRVEf9Th2kcMuXWaxjyQaA3UFe3NGlfImpv1t4gAok0ml3rWpH59eRht3DJ7010hVA3vJ1boBC9DVcqYfZVdrVgCZCLOZesaS6qisR69cAaDiPqYMl062y+YU6


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              11192.168.2.761148193.23.244.244807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:52.743741035 CET95OUTGET /tor/server/fp/56344dee34d3343090d00ad88ce2d58b50712c81 HTTP/1.0
                                                                                                              Host: 193.23.244.244
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              12192.168.2.76115545.66.35.11807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:36:53.789678097 CET92OUTGET /tor/server/fp/56344dee34d3343090d00ad88ce2d58b50712c81 HTTP/1.0
                                                                                                              Host: 45.66.35.11
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:
                                                                                                              Nov 3, 2024 09:36:54.834112883 CET1236INHTTP/1.0 200 OK
                                                                                                              Date: Sun, 03 Nov 2024 08:36:54 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              X-Your-Address-Is: 96.44.151.123
                                                                                                              Content-Encoding: identity
                                                                                                              Expires: Tue, 05 Nov 2024 08:36:54 GMT
                                                                                                              Data Raw: 72 6f 75 74 65 72 20 67 68 35 64 34 68 35 36 73 34 36 38 72 37 38 34 73 33 32 20 35 31 2e 31 35 2e 39 36 2e 32 20 34 34 33 20 30 20 30 0a 69 64 65 6e 74 69 74 79 2d 65 64 32 35 35 31 39 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 41 51 51 41 42 31 5a 32 41 5a 58 65 42 6a 4d 42 6f 33 31 44 4b 4f 47 63 70 4e 69 76 49 71 53 38 6b 38 62 63 36 4c 48 77 77 6b 41 78 71 6f 48 4f 61 32 6e 59 41 51 41 67 42 41 41 68 34 38 66 67 0a 71 59 67 4e 6c 34 71 56 70 76 4c 38 39 67 2f 69 6e 32 4c 5a 72 64 71 6c 73 57 31 61 37 71 61 36 76 71 6c 38 76 67 73 76 49 45 31 71 4a 74 6e 32 59 48 63 4f 72 59 71 63 55 4a 78 62 35 73 73 45 0a 4d 43 41 78 34 36 6f 6f 37 52 67 63 75 64 63 2b 55 48 43 49 54 4a 4e 36 74 59 55 78 52 70 37 46 36 51 77 78 66 77 5a 67 52 76 68 79 74 64 6a 6d 7a 59 4a 53 6e 65 47 53 70 67 77 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 6d 61 73 74 65 72 2d 6b 65 79 2d 65 64 32 35 35 31 39 20 49 65 50 48 34 4b 6d 49 44 [TRUNCATED]
                                                                                                              Data Ascii: router gh5d4h56s468r784s32 51.15.96.2 443 0 0identity-ed25519-----BEGIN ED25519 CERT-----AQQAB1Z2AZXeBjMBo31DKOGcpNivIqS8k8bc6LHwwkAxqoHOa2nYAQAgBAAh48fgqYgNl4qVpvL89g/in2LZrdqlsW1a7qa6vql8vgsvIE1qJtn2YHcOrYqcUJxb5ssEMCAx46oo7Rgcudc+UHCITJN6tYUxRp7F6QwxfwZgRvhytdjmzYJSneGSpgw=-----END ED25519 CERT-----master-key-ed25519 IePH4KmIDZeKlaby/PYP4p9i2a3apbFtWu6mur6pfL4or-address [2001:bc8:1640:777:dc00:ff:fe12:d075]:443platform Tor 0.4.9.0-alpha-dev on Linuxproto Conflux=1 Cons=1-2 Desc=1-3 DirCache=2 FlowCtrl=1-2 HSDir=2 HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-3 Padding=2 Relay=2-4published 2024-11-02 17:14:01fingerprint 5634 4DEE 34D3 3430 90D0 0AD8 8CE2 D58B 5071 2C81uptime 316831bandwidth 8388608 10485760 7951663extra-info-digest 65B4C6DFCDCD73F19FA6E002A91416AAEF4F32B2 kQ5/eRuXw7ams1Q5S/NwMVcL1AlAYG34MXEamcoIDVUonion-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAKvwxsxno5p+pU+fOZXUoYkE9PyINuk3R6h2JHnUjPSl/5ZDTSK8dpvKMowvlVpjUmELQDcaHsmO47SwULWGtwvreZS4A/xXNTpZ4NAA8us [TRUNCATED]
                                                                                                              Nov 3, 2024 09:36:54.834167004 CET212INData Raw: 34 65 2f 38 66 45 72 45 31 33 49 74 54 67 6e 37 46 41 46 31 6a 65 48 58 49 70 41 67 4d 42 41 41 45 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 73 69 67 6e 69 6e 67 2d 6b 65 79 0a 2d 2d 2d 2d 2d 42
                                                                                                              Data Ascii: 4e/8fErE13ItTgn7FAF1jeHXIpAgMBAAE=-----END RSA PUBLIC KEY-----signing-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBALH4qfKQTiH0T/ORmZJQa5RR6BATGoKnqSEgVu/GIY17OTmMt3KCWCmX49yKo4ATyLeMIMZsoANwqmNygPhMHB5LKKwesnSz
                                                                                                              Nov 3, 2024 09:36:54.834630966 CET1070INData Raw: 4c 7a 65 41 31 6b 6f 46 63 2b 2f 38 56 6c 4e 70 4e 43 52 42 76 51 42 43 0a 52 46 71 44 53 56 5a 4c 45 56 35 64 37 51 36 37 78 31 36 57 6c 6e 38 35 55 34 6f 42 43 68 7a 51 36 4a 62 76 6d 59 51 65 42 55 77 74 68 4c 59 59 62 63 4e 37 41 67 4d 42 41
                                                                                                              Data Ascii: LzeA1koFc+/8VlNpNCRBvQBCRFqDSVZLEV5d7Q67x16Wln85U4oBChzQ6JbvmYQeBUwthLYYbcN7AgMBAAE=-----END RSA PUBLIC KEY-----onion-key-crosscert-----BEGIN CROSSCERT-----UElxTkmnR/f7Xsd/2Wz3+oyX6Ugs7W3/mwLXm4z4MIg2d+OGti/LeJccMvh0e9ADKQMQD8DRR0hCYCFRy


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              13192.168.2.76121645.66.35.11807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:06.635143995 CET92OUTGET /tor/server/fp/1934cd4c10d261285a7ec042468d521f82c282c3 HTTP/1.0
                                                                                                              Host: 45.66.35.11
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:
                                                                                                              Nov 3, 2024 09:37:07.688112974 CET1236INHTTP/1.0 200 OK
                                                                                                              Date: Sun, 03 Nov 2024 08:37:07 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              X-Your-Address-Is: 96.44.151.123
                                                                                                              Content-Encoding: identity
                                                                                                              Expires: Tue, 05 Nov 2024 08:37:07 GMT
                                                                                                              Data Raw: 72 6f 75 74 65 72 20 6d 61 6e 69 6c 61 74 72 65 65 20 31 32 39 2e 31 35 30 2e 35 36 2e 32 32 30 20 34 34 33 20 30 20 30 0a 69 64 65 6e 74 69 74 79 2d 65 64 32 35 35 31 39 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 41 51 51 41 42 31 66 55 41 51 39 62 49 6d 66 50 32 67 68 4f 59 42 47 53 4a 52 43 35 39 50 50 4e 54 33 53 72 44 4e 53 33 78 35 55 54 6d 44 72 39 67 52 68 6a 41 51 41 67 42 41 42 35 53 5a 30 4e 0a 6a 36 35 56 38 36 33 49 70 42 74 47 42 37 7a 6b 72 52 42 38 51 6b 68 4c 55 37 68 39 6c 75 4a 52 4e 65 4f 74 4b 45 39 32 6c 71 47 65 4a 55 70 53 4d 41 62 4d 73 33 6f 7a 66 34 71 44 55 55 59 39 0a 71 6a 37 52 43 65 4a 35 77 76 5a 34 6e 6c 50 66 42 68 71 32 43 50 68 79 6e 50 4d 5a 41 56 77 71 36 2b 76 36 48 74 4d 34 6c 66 43 5a 44 79 78 6e 74 62 73 47 59 4c 38 50 6e 51 67 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 6d 61 73 74 65 72 2d 6b 65 79 2d 65 64 32 35 35 31 39 20 65 55 6d 64 44 59 2b 75 56 66 4f 74 79 4b [TRUNCATED]
                                                                                                              Data Ascii: router manilatree 129.150.56.220 443 0 0identity-ed25519-----BEGIN ED25519 CERT-----AQQAB1fUAQ9bImfP2ghOYBGSJRC59PPNT3SrDNS3x5UTmDr9gRhjAQAgBAB5SZ0Nj65V863IpBtGB7zkrRB8QkhLU7h9luJRNeOtKE92lqGeJUpSMAbMs3ozf4qDUUY9qj7RCeJ5wvZ4nlPfBhq2CPhynPMZAVwq6+v6HtM4lfCZDyxntbsGYL8PnQg=-----END ED25519 CERT-----master-key-ed25519 eUmdDY+uVfOtyKQbRge85K0QfEJIS1O4fZbiUTXjrSgor-address [2603:c024:450e:8332:f3cd:d4e3:9b7:b6ed]:443platform Tor 0.4.8.10 on Linuxproto Conflux=1 Cons=1-2 Desc=1-2 DirCache=2 FlowCtrl=1-2 HSDir=2 HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-4published 2024-11-02 23:20:05fingerprint 1934 CD4C 10D2 6128 5A7E C042 468D 521F 82C2 82C3uptime 733760bandwidth 20971520 26214400 1001185extra-info-digest 797D3CDC9CB3D10DAD421DFCD94136AFA0EADEF2 DRaJRru0g/bgtYDnqU1mhFa9OU0CwU8FsokjUYWWh2gonion-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAJ69M0jDydfk6SNng8YARkoApODIzfc1B76CEBJiA3OSZzClb+iU5dAIqtHrOmbKTQ/fyRRHaM3X4627qKBsgTdI/7BmTMqg/rdXJUeT+p1SkBOhSRivT [TRUNCATED]
                                                                                                              Nov 3, 2024 09:37:07.688184977 CET1236INData Raw: 7a 63 54 2b 62 4b 6b 43 36 55 44 69 39 61 33 6a 41 67 4d 42 41 41 45 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 73 69 67 6e 69 6e 67 2d 6b 65 79 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50
                                                                                                              Data Ascii: zcT+bKkC6UDi9a3jAgMBAAE=-----END RSA PUBLIC KEY-----signing-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAMn9o7KE8BFFkVOHsdVWecgCuidtKWgFq/rO5l7vco8NkPEk7jtUd/XLO+WXMsOodRDaf64SB7zrNCUXCBKYJ18zngSEmWDmf8W5FHWMJenAZOhE+feiXk4MWHXG3Ow2E1SwePoe
                                                                                                              Nov 3, 2024 09:37:07.688198090 CET48INData Raw: 51 68 4b 46 6a 69 34 44 64 64 61 61 4b 39 6d 6f 71 73 71 62 76 55 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 53 49 47 4e 41 54 55 52 45 2d 2d 2d 2d 2d 0a
                                                                                                              Data Ascii: QhKFji4DddaaK9moqsqbvU=-----END SIGNATURE-----


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              14192.168.2.761241193.23.244.244807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:19.464097023 CET95OUTGET /tor/server/fp/d902fc5803124514d6812910ca0ebc833c86c1b2 HTTP/1.0
                                                                                                              Host: 193.23.244.244
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              15192.168.2.761242193.23.244.244807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:20.532143116 CET95OUTGET /tor/server/fp/d902fc5803124514d6812910ca0ebc833c86c1b2 HTTP/1.0
                                                                                                              Host: 193.23.244.244
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              16192.168.2.761243193.23.244.244807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:21.605853081 CET95OUTGET /tor/server/fp/d902fc5803124514d6812910ca0ebc833c86c1b2 HTTP/1.0
                                                                                                              Host: 193.23.244.244
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              17192.168.2.76124445.66.35.11807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:22.888400078 CET92OUTGET /tor/server/fp/6b0be2e6cddaf3521c2c02c42bac1d2397271d4b HTTP/1.0
                                                                                                              Host: 45.66.35.11
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              18192.168.2.761245193.23.244.244807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:23.974859953 CET95OUTGET /tor/server/fp/6b0be2e6cddaf3521c2c02c42bac1d2397271d4b HTTP/1.0
                                                                                                              Host: 193.23.244.244
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              19192.168.2.76124645.66.35.11807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:25.070224047 CET92OUTGET /tor/server/fp/6b0be2e6cddaf3521c2c02c42bac1d2397271d4b HTTP/1.0
                                                                                                              Host: 45.66.35.11
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              20192.168.2.761247193.23.244.244807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:26.117424011 CET95OUTGET /tor/server/fp/e9ce2bf105b852f9cac70fa2793e7f3cb22aeffb HTTP/1.0
                                                                                                              Host: 193.23.244.244
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              21192.168.2.761248216.218.219.41807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:27.188112020 CET95OUTGET /tor/server/fp/e9ce2bf105b852f9cac70fa2793e7f3cb22aeffb HTTP/1.0
                                                                                                              Host: 216.218.219.41
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:
                                                                                                              Nov 3, 2024 09:37:27.946302891 CET1236INHTTP/1.0 200 OK
                                                                                                              Date: Sun, 03 Nov 2024 08:37:27 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              X-Your-Address-Is: 96.44.151.123
                                                                                                              Content-Encoding: identity
                                                                                                              Expires: Tue, 05 Nov 2024 08:37:27 GMT
                                                                                                              Data Raw: 72 6f 75 74 65 72 20 52 6f 6d 75 6c 75 73 20 31 38 35 2e 32 32 35 2e 32 32 36 2e 31 38 32 20 34 34 33 20 30 20 30 0a 69 64 65 6e 74 69 74 79 2d 65 64 32 35 35 31 39 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 41 51 51 41 42 31 62 36 41 62 39 61 46 48 35 57 67 43 6f 41 65 4b 66 31 47 45 4a 69 58 38 6b 4f 73 58 52 54 51 78 6d 47 6c 61 77 78 6b 59 72 77 4f 79 61 35 41 51 41 67 42 41 44 6c 57 69 49 66 0a 72 45 75 75 6b 2f 42 69 43 4d 54 73 47 75 75 58 7a 74 62 61 39 54 43 34 46 4b 7a 45 32 48 44 63 5a 56 5a 76 43 71 64 65 4e 6f 75 62 64 4b 73 68 62 4f 6d 52 4f 2f 64 65 6a 39 63 6e 4e 2b 76 59 0a 70 69 42 74 46 4a 5a 69 4d 46 2b 47 4c 44 66 47 47 6e 7a 6a 49 48 4e 7a 4e 2f 31 4c 66 69 31 61 53 39 71 47 74 63 7a 4b 51 6b 75 73 30 39 6f 2b 58 47 78 62 4a 53 65 6c 4d 67 59 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 6d 61 73 74 65 72 2d 6b 65 79 2d 65 64 32 35 35 31 39 20 35 56 6f 69 48 36 78 4c 72 70 50 77 59 67 6a 45 [TRUNCATED]
                                                                                                              Data Ascii: router Romulus 185.225.226.182 443 0 0identity-ed25519-----BEGIN ED25519 CERT-----AQQAB1b6Ab9aFH5WgCoAeKf1GEJiX8kOsXRTQxmGlawxkYrwOya5AQAgBADlWiIfrEuuk/BiCMTsGuuXztba9TC4FKzE2HDcZVZvCqdeNoubdKshbOmRO/dej9cnN+vYpiBtFJZiMF+GLDfGGnzjIHNzN/1Lfi1aS9qGtczKQkus09o+XGxbJSelMgY=-----END ED25519 CERT-----master-key-ed25519 5VoiH6xLrpPwYgjE7Brrl87W2vUwuBSsxNhw3GVWbwoplatform Tor 0.4.8.12 on Linuxproto Conflux=1 Cons=1-2 Desc=1-2 DirCache=2 FlowCtrl=1-2 HSDir=2 HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-4published 2024-11-03 00:53:45fingerprint E9CE 2BF1 05B8 52F9 CAC7 0FA2 793E 7F3C B22A EFFBuptime 64896bandwidth 73400320 104857600 13599744extra-info-digest 73758049C38352C33E6EF080EF516DCC6848B84F sS/EpyJF/vkUZfOgpZaOfa25qhNllUvct5YQjT89qsYonion-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAKP7OFrSdP5q2nczDuLTpH4DtFNs2ouwcHCmCerCK477DINnCIJen8+VYnvusAXvu7DdkLyS+EiGNrjNlEcH8+pgqMfzDL+OF18ew1IcZQb3Idho6gB8O1kWxMSHqx6UTV+PoSvwFmSYknKUvLimloniYmGgOLWPixE98qWE0kWhA [TRUNCATED]
                                                                                                              Nov 3, 2024 09:37:27.946330070 CET212INData Raw: 6e 69 6e 67 2d 6b 65 79 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 47 4a 41 6f 47 42 41 4c 7a 6f 38 4b 30 61 44 38 2f 2f 56 71 46 34 72 48 54 69 53 53 33 50 6d 59 7a 44 69 75 6e 69 55 57
                                                                                                              Data Ascii: ning-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBALzo8K0aD8//VqF4rHTiSS3PmYzDiuniUWLFMAjCvBiffH+WXiVCnFNHz/H4ctjt7m/m6neYCoQMzhgQaWnohWxzY+RB9pDEt574Fv0yx8z8OffHlACbTKFupI87Fd5+ybBZIib+X9QksQ8yBsWZtmglJHIHuEUnA6
                                                                                                              Nov 3, 2024 09:37:27.946350098 CET1236INData Raw: 2b 42 74 35 47 76 31 69 63 42 41 67 4d 42 41 41 45 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 6f 6e 69 6f 6e 2d 6b 65 79 2d 63 72 6f 73 73 63 65 72 74 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 52 4f
                                                                                                              Data Ascii: +Bt5Gv1icBAgMBAAE=-----END RSA PUBLIC KEY-----onion-key-crosscert-----BEGIN CROSSCERT-----n1tlfy0/N0PPZdtmb+pP9DG17nZb2qkN3EmigW306bJZnRA7qWebBYGBU4zaekqPDz70YT7uUF8TN2cZuP/3VEDvPgJcrI+M/Q1l1d7PNuTebnUjRAZvgMV3NCuOm6utMubyMUca3oghlgJ6UTm
                                                                                                              Nov 3, 2024 09:37:27.946362972 CET615INData Raw: 30 38 36 2d 32 30 38 37 0a 61 63 63 65 70 74 20 2a 3a 32 30 39 35 2d 32 30 39 36 0a 61 63 63 65 70 74 20 2a 3a 33 31 32 38 0a 61 63 63 65 70 74 20 2a 3a 33 33 38 39 0a 61 63 63 65 70 74 20 2a 3a 34 36 34 33 0a 61 63 63 65 70 74 20 2a 3a 35 31 39
                                                                                                              Data Ascii: 086-2087accept *:2095-2096accept *:3128accept *:3389accept *:4643accept *:5190accept *:5222-5223accept *:5900accept *:6660-6669accept *:6679accept *:6697accept *:8000accept *:8443accept *:8008accept *:8080accept *:10000reject *


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              22192.168.2.761253216.218.219.41807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:40.181996107 CET95OUTGET /tor/server/fp/144449bb1eca24bea5d332ce8bf43ef4b642af55 HTTP/1.0
                                                                                                              Host: 216.218.219.41
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:
                                                                                                              Nov 3, 2024 09:37:40.951200962 CET1236INHTTP/1.0 200 OK
                                                                                                              Date: Sun, 03 Nov 2024 08:37:40 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              X-Your-Address-Is: 96.44.151.123
                                                                                                              Content-Encoding: identity
                                                                                                              Expires: Tue, 05 Nov 2024 08:37:40 GMT
                                                                                                              Data Raw: 72 6f 75 74 65 72 20 52 44 50 64 6f 74 53 48 20 34 35 2e 39 34 2e 33 31 2e 32 39 20 34 34 33 20 30 20 30 0a 69 64 65 6e 74 69 74 79 2d 65 64 32 35 35 31 39 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 41 51 51 41 42 31 69 52 41 66 44 51 6d 58 67 6b 71 38 30 33 37 66 56 67 6e 36 56 7a 55 70 61 70 45 42 56 76 67 78 4f 6c 70 30 44 70 31 68 73 42 61 43 4d 7a 41 51 41 67 42 41 43 68 69 69 79 6b 0a 70 53 66 6a 72 74 64 38 4c 57 4e 54 57 33 70 78 2b 79 4e 41 48 64 55 53 44 30 42 72 65 37 4f 71 32 2b 78 43 4a 43 41 62 36 4e 76 77 6d 41 4b 30 42 6e 4c 79 4b 4b 54 71 75 5a 46 72 73 35 38 33 0a 58 4e 67 41 32 62 67 68 55 59 71 61 4c 55 63 56 76 35 65 37 77 53 43 70 69 33 4e 30 4d 7a 38 30 2f 65 47 48 6d 69 31 50 68 4d 2b 31 6c 57 6f 63 43 72 5a 56 57 55 69 53 6b 77 77 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 6d 61 73 74 65 72 2d 6b 65 79 2d 65 64 32 35 35 31 39 20 6f 59 6f 73 70 4b 55 6e 34 36 37 58 66 43 31 6a 55 31 74 [TRUNCATED]
                                                                                                              Data Ascii: router RDPdotSH 45.94.31.29 443 0 0identity-ed25519-----BEGIN ED25519 CERT-----AQQAB1iRAfDQmXgkq8037fVgn6VzUpapEBVvgxOlp0Dp1hsBaCMzAQAgBAChiiykpSfjrtd8LWNTW3px+yNAHdUSD0Bre7Oq2+xCJCAb6NvwmAK0BnLyKKTquZFrs583XNgA2bghUYqaLUcVv5e7wSCpi3N0Mz80/eGHmi1PhM+1lWocCrZVWUiSkww=-----END ED25519 CERT-----master-key-ed25519 oYospKUn467XfC1jU1t6cfsjQB3VEg9Aa3uzqtvsQiQplatform Tor 0.4.8.12 on Linuxproto Conflux=1 Cons=1-2 Desc=1-2 DirCache=2 FlowCtrl=1-2 HSDir=2 HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-4published 2024-11-02 16:25:22fingerprint 1444 49BB 1ECA 24BE A5D3 32CE 8BF4 3EF4 B642 AF55uptime 2678567bandwidth 1073741824 1073741824 20571153extra-info-digest 201A35AD2A5213BCC517BFE050EC9870DE8CB11C LB8TzXozfvfDuNa++GkPDyQ023k8m4d1LgYSRkb7YGoonion-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAJgTn8XZSNt2NxWCQd3QTxZ6SusaRMYKvJpZry7AvmJ4dZERE+LMx3qvTprGp53Y0atbNfzVvygFKLtlCor7cbBWJ1zmLoYHoGoakCfOkIt8kd1j/2JgdkwBfCh5YMCYQDpf726xieNrGJzzg9CCigggCf4EgpQArzCOSCssAaW [TRUNCATED]
                                                                                                              Nov 3, 2024 09:37:40.951252937 CET1236INData Raw: 69 67 6e 69 6e 67 2d 6b 65 79 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 47 4a 41 6f 47 42 41 4f 33 30 52 4d 4d 54 79 31 55 75 66 73 61 46 33 47 79 55 59 67 4c 54 44 70 38 32 44 48 69 74
                                                                                                              Data Ascii: igning-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAO30RMMTy1UufsaF3GyUYgLTDp82DHitfXbGORQerZmxlHoWDBU73FSBMUGEPCZqc600H8dCO7Fb0BDBM7UzOwpwms3q5r5a2J9gbhqWyoJaCVE+/KZt3UYcDJj3Tdt+XP1nnl8g5k/413xbMMWeOdJpEkv7WDue6wtMiV7X6RD1AgMBAAE=-----END R
                                                                                                              Nov 3, 2024 09:37:40.951263905 CET1236INData Raw: 45 36 33 39 31 42 39 20 24 31 31 44 36 33 36 45 33 45 44 35 44 46 42 38 34 38 33 32 30 39 33 45 43 30 41 33 32 44 44 32 38 45 35 46 44 35 33 44 34 20 24 31 34 34 34 34 39 42 42 31 45 43 41 32 34 42 45 41 35 44 33 33 32 43 45 38 42 46 34 33 45 46
                                                                                                              Data Ascii: E6391B9 $11D636E3ED5DFB84832093EC0A32DD28E5FD53D4 $144449BB1ECA24BEA5D332CE8BF43EF4B642AF55 $1593DDBBA63CA98F42B6703EEC2B44418590C9FF $1614D53DBF379F07D70E677E3B165C38B35F8EEE $1BE94D4D67673C5C58B0B050F70C613280B94F24 $1C02C700307525BA73C378D3
                                                                                                              Nov 3, 2024 09:37:40.951273918 CET1236INData Raw: 33 31 42 37 33 38 34 32 34 42 42 34 44 34 44 41 43 36 42 32 38 36 45 31 31 43 34 46 46 31 43 20 24 35 31 42 42 38 35 43 30 33 45 37 45 41 46 46 41 31 36 42 42 46 43 31 38 44 38 39 46 38 38 42 39 41 37 39 41 43 30 30 38 20 24 35 32 42 39 33 32 33
                                                                                                              Data Ascii: 31B738424BB4D4DAC6B286E11C4FF1C $51BB85C03E7EAFFA16BBFC18D89F88B9A79AC008 $52B93233B875F8D29C1F0A17B92031D7157E937C $551CACBEC2858EA42CA3ECDCF29B5730EAF1D1CF $56FA20C8947BC2E8A3E739F99CFEB31F9EB894E7 $5B09373926D14C1082A3CFBD1BCE834AF9328A84 $
                                                                                                              Nov 3, 2024 09:37:40.951284885 CET1236INData Raw: 46 31 37 31 30 30 37 33 32 39 31 44 39 20 24 37 44 43 43 32 38 45 46 32 36 39 42 38 44 33 41 36 46 36 35 33 39 31 46 36 45 37 43 43 32 34 43 32 37 35 32 33 38 31 37 20 24 37 45 31 37 45 44 38 41 35 32 34 45 46 36 34 31 31 35 38 39 37 35 43 41 38
                                                                                                              Data Ascii: F1710073291D9 $7DCC28EF269B8D3A6F65391F6E7CC24C27523817 $7E17ED8A524EF641158975CA824F8FC6CEAD981B $805C0D963BB0D13B931F21E4A5B3CDEB10807C3D $810B0E7A93F8ACFB9E3467866C051C0948C64BD0 $8D68000F8717C8E83C2AD9016C98AB51064ACF61 $8F9D26D3406BD22BF2
                                                                                                              Nov 3, 2024 09:37:40.951296091 CET1236INData Raw: 46 35 39 35 32 35 35 30 30 46 39 44 34 37 32 39 36 35 44 39 38 38 33 42 36 31 41 46 43 39 42 31 38 34 35 37 39 20 24 43 30 35 30 41 46 32 39 36 46 32 44 32 34 44 37 33 30 30 42 35 36 36 32 44 30 46 42 45 32 42 32 37 32 39 31 45 45 31 31 20 24 43
                                                                                                              Data Ascii: F59525500F9D472965D9883B61AFC9B184579 $C050AF296F2D24D7300B5662D0FBE2B27291EE11 $C3F9572611FF1084615219D8CE3AE6848C1DCCAD $C4317FCCE5840D9D7257D15F00EF08716EB2EF3E $C4BCFDDBE61A9F06F978F58F6DF23BA260DECB10 $C8E0596BD66DD561C142E5C8C2808859B29A
                                                                                                              Nov 3, 2024 09:37:40.951308966 CET520INData Raw: 2e 73 68 20 70 72 6f 6f 66 3a 75 72 69 2d 72 73 61 20 61 62 75 73 65 3a 61 62 75 73 65 5b 5d 61 73 32 31 30 35 35 38 2e 6e 65 74 20 63 69 69 73 73 76 65 72 73 69 6f 6e 3a 32 20 74 72 61 66 66 69 63 61 63 63 74 3a 75 6e 6d 65 74 65 72 65 64 0a 6e
                                                                                                              Data Ascii: .sh proof:uri-rsa abuse:abuse[]as210558.net ciissversion:2 trafficacct:unmeteredntor-onion-key isTeCW6J1SrK1ct4yrqMkko55YBzgOj95LK0V3j8p20reject *:*tunnelled-dir-serverrouter-sig-ed25519 +s17Py7cE62fWfZCRmFHrRnx/o6b5FJVIoYnPXfNcXMmLQpwZJ1Q


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              23192.168.2.761258193.23.244.244807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:52.781804085 CET95OUTGET /tor/server/fp/d6ebf64a4335f44f975eca23c6d89a795b78daff HTTP/1.0
                                                                                                              Host: 193.23.244.244
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              24192.168.2.76125945.66.35.11807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:53.846019030 CET92OUTGET /tor/server/fp/d6ebf64a4335f44f975eca23c6d89a795b78daff HTTP/1.0
                                                                                                              Host: 45.66.35.11
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:
                                                                                                              Nov 3, 2024 09:37:54.897089958 CET1236INHTTP/1.0 200 OK
                                                                                                              Date: Sun, 03 Nov 2024 08:37:54 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              X-Your-Address-Is: 96.44.151.123
                                                                                                              Content-Encoding: identity
                                                                                                              Expires: Tue, 05 Nov 2024 08:37:54 GMT
                                                                                                              Data Raw: 72 6f 75 74 65 72 20 68 61 72 6f 6c 64 20 31 33 34 2e 31 39 35 2e 31 39 38 2e 36 35 20 34 34 33 20 30 20 30 0a 69 64 65 6e 74 69 74 79 2d 65 64 32 35 35 31 39 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 41 51 51 41 42 31 63 5a 41 56 52 64 2b 44 73 58 71 31 43 4b 54 71 78 6b 54 46 71 47 32 44 44 5a 6e 6d 32 34 6a 52 47 72 32 64 6c 75 66 74 48 4d 38 4d 6e 42 41 51 41 67 42 41 42 79 42 79 6c 68 0a 33 31 35 4c 57 39 6a 37 72 79 76 4d 6d 62 55 79 66 33 4f 65 64 31 51 4d 39 30 38 47 66 31 2b 51 64 48 45 4c 33 52 62 2b 69 59 57 2f 69 43 2f 64 4b 46 4e 4d 4b 67 76 54 52 41 75 36 4c 43 64 4c 0a 34 72 72 65 5a 7a 6a 65 48 65 6a 69 47 2b 77 39 36 73 77 45 69 74 6c 4b 66 71 6b 46 61 53 78 4c 6f 58 61 38 65 6c 39 2f 68 79 2f 70 64 37 72 54 57 30 44 2b 76 70 71 31 71 67 30 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 6d 61 73 74 65 72 2d 6b 65 79 2d 65 64 32 35 35 31 39 20 63 67 63 70 59 64 39 65 53 31 76 59 2b 36 38 72 7a 4a [TRUNCATED]
                                                                                                              Data Ascii: router harold 134.195.198.65 443 0 0identity-ed25519-----BEGIN ED25519 CERT-----AQQAB1cZAVRd+DsXq1CKTqxkTFqG2DDZnm24jRGr2dluftHM8MnBAQAgBAByBylh315LW9j7ryvMmbUyf3Oed1QM908Gf1+QdHEL3Rb+iYW/iC/dKFNMKgvTRAu6LCdL4rreZzjeHejiG+w96swEitlKfqkFaSxLoXa8el9/hy/pd7rTW0D+vpq1qg0=-----END ED25519 CERT-----master-key-ed25519 cgcpYd9eS1vY+68rzJm1Mn9znndUDPdPBn9fkHRxC90platform Tor 0.4.8.9 on Linuxproto Conflux=1 Cons=1-2 Desc=1-2 DirCache=2 FlowCtrl=1-2 HSDir=2 HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-4published 2024-11-03 01:49:02fingerprint D6EB F64A 4335 F44F 975E CA23 C6D8 9A79 5B78 DAFFuptime 8942637bandwidth 1073741824 1073741824 7008277extra-info-digest B7F3F57F5F70125E701AD2A54CF52885C91009FD VoY9+ANmgYxSzIWCnPey4Ke8Pie7SZTkFa8BQPoL/3Qonion-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAMaqNCmJ6pWjzHiHPpQ4y01msb/M12CMScpsDin2ntfCUFWOzXxTVhiOQHHTPQvlY3IXsgwI9f8YdwlRfDpNHE8d965klu0ibBXaUuHkT+o5Rj/6UbozbXLoXz9XBjuRxAgEx6ldGK3P2ZWLr42UXRaMavZ62At6kVxWVkxapJy7 [TRUNCATED]
                                                                                                              Nov 3, 2024 09:37:54.897109985 CET764INData Raw: 67 6e 69 6e 67 2d 6b 65 79 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 47 4a 41 6f 47 42 41 4c 4a 66 4c 44 4b 67 50 53 4a 37 62 4e 59 55 53 79 45 73 78 66 35 4c 4f 78 49 64 72 61 4e 2f 50
                                                                                                              Data Ascii: gning-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBALJfLDKgPSJ7bNYUSyEsxf5LOxIdraN/PD5zlOZGNLc7UkIDoCAAl9yH4lnA59JxSn+A//eTGT5cHJuAmle/uk8iPB49VySoFuDdZDcTV9cLRq2qyq3tYgMpJVYMsVeAQ2+YyZ+wX8ZPDvpUUoBlFGbZJk0cM0TtcW+ygHHPgkYjAgMBAAE=-----END RS


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              25192.168.2.76126045.66.35.11807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:54.903104067 CET92OUTGET /tor/server/fp/7502c6382100a6ff1d40dc3546733116ffd66576 HTTP/1.0
                                                                                                              Host: 45.66.35.11
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              26192.168.2.761261193.23.244.244807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:55.984292030 CET95OUTGET /tor/server/fp/7502c6382100a6ff1d40dc3546733116ffd66576 HTTP/1.0
                                                                                                              Host: 193.23.244.244
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              27192.168.2.761262193.23.244.244807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:57.049597025 CET95OUTGET /tor/server/fp/7502c6382100a6ff1d40dc3546733116ffd66576 HTTP/1.0
                                                                                                              Host: 193.23.244.244
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              28192.168.2.761263216.218.219.41807288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Nov 3, 2024 09:37:58.135570049 CET95OUTGET /tor/server/fp/d7316bf7fd633dd7474b18c33e1d5fdeb04d26a7 HTTP/1.0
                                                                                                              Host: 216.218.219.41
                                                                                                              Data Raw: 00
                                                                                                              Data Ascii:
                                                                                                              Nov 3, 2024 09:37:58.896753073 CET1236INHTTP/1.0 200 OK
                                                                                                              Date: Sun, 03 Nov 2024 08:37:58 GMT
                                                                                                              Content-Type: text/plain
                                                                                                              X-Your-Address-Is: 96.44.151.123
                                                                                                              Content-Encoding: identity
                                                                                                              Expires: Tue, 05 Nov 2024 08:37:58 GMT
                                                                                                              Data Raw: 72 6f 75 74 65 72 20 4e 75 63 6c 65 61 72 53 68 61 63 6b 20 31 35 38 2e 36 39 2e 32 30 35 2e 32 34 37 20 34 34 33 20 30 20 30 0a 69 64 65 6e 74 69 74 79 2d 65 64 32 35 35 31 39 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 41 51 51 41 42 31 59 55 41 53 59 70 50 45 61 71 76 41 6b 52 32 34 70 75 34 4b 71 70 57 4a 48 67 6a 77 6d 70 65 53 6d 77 7a 61 4a 4c 64 61 51 48 33 45 45 46 41 51 41 67 42 41 42 4a 49 70 6f 63 0a 7a 6b 53 64 6c 71 74 6f 53 48 65 2f 6c 5a 4d 55 2b 35 47 43 67 36 39 4c 2f 53 58 32 33 75 6b 50 39 41 35 63 31 6c 50 77 74 5a 51 68 66 6c 66 78 63 6c 65 49 78 45 72 69 4e 4d 69 55 4c 33 61 75 0a 6a 48 53 42 37 67 39 2b 51 70 58 59 44 53 6d 31 6c 39 64 4c 48 47 6e 36 57 32 61 51 49 6b 2f 45 75 4a 32 5a 77 67 68 45 78 37 36 57 46 59 52 74 2f 30 37 51 2b 65 71 30 38 41 63 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 45 44 32 35 35 31 39 20 43 45 52 54 2d 2d 2d 2d 2d 0a 6d 61 73 74 65 72 2d 6b 65 79 2d 65 64 32 35 35 31 39 20 53 53 4b 61 48 4d 35 45 6e 5a 61 72 [TRUNCATED]
                                                                                                              Data Ascii: router NuclearShack 158.69.205.247 443 0 0identity-ed25519-----BEGIN ED25519 CERT-----AQQAB1YUASYpPEaqvAkR24pu4KqpWJHgjwmpeSmwzaJLdaQH3EEFAQAgBABJIpoczkSdlqtoSHe/lZMU+5GCg69L/SX23ukP9A5c1lPwtZQhflfxcleIxEriNMiUL3aujHSB7g9+QpXYDSm1l9dLHGn6W2aQIk/EuJ2ZwghEx76WFYRt/07Q+eq08Ac=-----END ED25519 CERT-----master-key-ed25519 SSKaHM5EnZaraEh3v5WTFPuRgoOvS/0l9t7pD/QOXNYor-address [2607:5300:201:3000::da8]:443platform Tor 0.4.8.13 on Linuxproto Conflux=1 Cons=1-2 Desc=1-2 DirCache=2 FlowCtrl=1-2 HSDir=2 HSIntro=4-5 HSRend=1-2 Link=1-5 LinkAuth=1,3 Microdesc=1-2 Padding=2 Relay=1-4published 2024-11-03 07:50:27fingerprint D731 6BF7 FD63 3DD7 474B 18C3 3E1D 5FDE B04D 26A7uptime 2bandwidth 10240000 12288000 7736320extra-info-digest 0342EC4D89BB0E872CDC5EC655A9DBD42D6EBE73 3BF+aDxc2paXGBaNl8saSbQVThd1WN9tzJlPPMPAV3gonion-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBAMBUXrPuPhu0obHDZ0Uo2UeyVltI4dEK2IdLRa/hTyHZOo3mUjgMHpotxjSdK0zc3BcoVRUBS9LvGMtQydAatDzSlRgPdMz8zyCX0/JUdbOPT9wphiIud8v/RMVgCyy7o++jwj [TRUNCATED]
                                                                                                              Nov 3, 2024 09:37:58.896769047 CET1236INData Raw: 4d 42 41 41 45 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 73 69 67 6e 69 6e 67 2d 6b 65 79 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 47
                                                                                                              Data Ascii: MBAAE=-----END RSA PUBLIC KEY-----signing-key-----BEGIN RSA PUBLIC KEY-----MIGJAoGBALoP649ohp89ugh4Wz1+x3MMqDeb9jZziUH9/MQz3kCGuAJsrWAnZuL/5+9W2HG9HQ12p0pt5NXsGInzbZNpnh6ZQPhmSJ/fjc/1rm7dw2r1zs4BRr8U2xSacKrQjv5ITaZnjaOm4YKgdzdMQx51C7r6uJ
                                                                                                              Nov 3, 2024 09:37:58.896778107 CET42INData Raw: 59 55 58 32 44 56 73 73 37 35 44 65 67 76 57 63 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 53 49 47 4e 41 54 55 52 45 2d 2d 2d 2d 2d 0a
                                                                                                              Data Ascii: YUX2DVss75DegvWc=-----END SIGNATURE-----


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.749700104.26.12.2054437288C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-11-03 08:36:06 UTC39OUTGET / HTTP/1.0
                                                                                                              Host: api.ipify.org
                                                                                                              2024-11-03 08:36:06 UTC1OUTData Raw: 00
                                                                                                              Data Ascii:


                                                                                                              Click to jump to process

                                                                                                              Click to jump to process

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Click to jump to process

                                                                                                              Target ID:0
                                                                                                              Start time:03:35:59
                                                                                                              Start date:03/11/2024
                                                                                                              Path:C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\Payload 94.75 (4).225.exe"
                                                                                                              Imagebase:0x400000
                                                                                                              File size:624'143 bytes
                                                                                                              MD5 hash:987A79C800F109491DCBFBC589F940F2
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: Windows_Trojan_Kronos_cdd2e2c5, Description: Strings used by the Kronos banking trojan and variants., Source: 00000000.00000002.2509988419.0000000005900000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2509245363.0000000005340000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Windows_Trojan_Kronos_cdd2e2c5, Description: Strings used by the Kronos banking trojan and variants., Source: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2509423119.00000000053E9000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                              Reputation:low
                                                                                                              Has exited:false

                                                                                                              Target ID:7
                                                                                                              Start time:03:36:01
                                                                                                              Start date:03/11/2024
                                                                                                              Path:C:\Users\user\AppData\Local\Temp\GetX64BTIT.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Users\user~1\AppData\Local\Temp\GetX64BTIT.exe"
                                                                                                              Imagebase:0x7ff688410000
                                                                                                              File size:3'584 bytes
                                                                                                              MD5 hash:B4CD27F2B37665F51EB9FE685EC1D373
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Antivirus matches:
                                                                                                              • Detection: 58%, ReversingLabs
                                                                                                              Reputation:moderate
                                                                                                              Has exited:true

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:8.7%
                                                                                                                Dynamic/Decrypted Code Coverage:95.9%
                                                                                                                Signature Coverage:13.9%
                                                                                                                Total number of Nodes:1523
                                                                                                                Total number of Limit Nodes:97
                                                                                                                execution_graph 29960 53e97ee 29961 53e97f5 29960->29961 29964 53e9a86 29961->29964 29965 53e9a95 29964->29965 29968 53ea226 29965->29968 29969 53ea241 29968->29969 29970 53ea24a CreateToolhelp32Snapshot 29969->29970 29971 53ea266 Module32First 29969->29971 29970->29969 29970->29971 29972 53e9a85 29971->29972 29973 53ea275 29971->29973 29975 53e9ee5 29973->29975 29976 53e9f10 29975->29976 29977 53e9f59 29976->29977 29978 53e9f21 VirtualAlloc 29976->29978 29977->29977 29978->29977 29979 586aad2 29984 586aaac 29979->29984 29992 586aaf7 29984->29992 29995 586f498 29992->29995 29996 586f4d7 29995->29996 29997 586ab02 29996->29997 29999 586f841 29996->29999 30000 586f856 ordered_message_processor 29999->30000 30003 586f5cb 30000->30003 30004 586f5d5 30003->30004 30005 586f5e9 30003->30005 30004->30005 30007 586aa04 30004->30007 30005->29997 30008 586aa14 send 30007->30008 30009 586aa10 30007->30009 30008->30009 30009->30005 30010 5868cf0 30013 586fb3a CryptAcquireContextA CryptAcquireContextA 30010->30013 30012 5868cfa 30013->30012 30014 401698 GetTickCount 30015 4016aa 30014->30015 30017 4016cf ExitProcess 30015->30017 30018 4017bf 30015->30018 30019 4017d2 30018->30019 30027 4017f6 30018->30027 30020 4017d7 30019->30020 30021 401818 30019->30021 30023 401810 30020->30023 30024 4017dd 30020->30024 30063 4019ce GetProcessHeap RtlAllocateHeap VirtualFree VirtualFree 30021->30063 30022 401834 30022->30015 30055 401da7 30023->30055 30024->30027 30028 401800 30024->30028 30029 4017e6 30024->30029 30027->30022 30033 4017bf 10 API calls 30027->30033 30047 40191e 30028->30047 30031 4017f8 30029->30031 30032 4017eb 30029->30032 30036 401857 30031->30036 30032->30027 30062 401cf8 GetProcessHeap RtlAllocateHeap LoadLibraryA 30032->30062 30033->30027 30037 401869 30036->30037 30046 40190d 30036->30046 30064 4016d8 30037->30064 30039 401876 30040 401897 VirtualAlloc 30039->30040 30039->30046 30041 4018b7 VirtualAlloc 30040->30041 30042 4018c8 30040->30042 30041->30042 30045 4018e0 30042->30045 30080 401f3e VirtualFree VirtualFree 30042->30080 30081 4010e9 GetProcessHeap RtlFreeHeap 30045->30081 30046->30027 30048 401930 30047->30048 30053 401949 30047->30053 30049 4016d8 4 API calls 30048->30049 30050 401936 30049->30050 30051 4019b5 30050->30051 30050->30053 30089 4010e9 GetProcessHeap RtlFreeHeap 30050->30089 30090 401f3e VirtualFree VirtualFree 30051->30090 30053->30027 30056 401f22 30055->30056 30059 401dbd 30055->30059 30056->30027 30057 401f24 30091 401f3e VirtualFree VirtualFree 30057->30091 30059->30056 30059->30057 30060 4014da LoadLibraryA 30059->30060 30061 401ecf FreeLibrary 30059->30061 30060->30059 30061->30059 30062->30027 30063->30027 30082 401100 GetProcessHeap RtlAllocateHeap 30064->30082 30066 4016ef 30083 401100 GetProcessHeap RtlAllocateHeap 30066->30083 30068 40175a 30084 4010e9 GetProcessHeap RtlFreeHeap 30068->30084 30070 40176f 30085 401100 GetProcessHeap RtlAllocateHeap 30070->30085 30072 401777 30073 4017a7 30072->30073 30074 40178e 30072->30074 30087 4010e9 GetProcessHeap RtlFreeHeap 30073->30087 30086 4010e9 GetProcessHeap RtlFreeHeap 30074->30086 30077 401799 30077->30039 30078 4017ac 30088 4010e9 GetProcessHeap RtlFreeHeap 30078->30088 30080->30045 30081->30046 30082->30066 30083->30068 30084->30070 30085->30072 30086->30077 30087->30078 30088->30077 30089->30051 30090->30053 30091->30056 30092 534003c 30093 5340049 30092->30093 30105 5340df8 SetErrorMode SetErrorMode 30093->30105 30097 5340238 VirtualAlloc 30098 5340265 30097->30098 30099 53402ce VirtualProtect 30098->30099 30101 534030b 30099->30101 30100 5340439 VirtualFree 30104 53404be LoadLibraryA 30100->30104 30101->30100 30103 53408c7 30104->30103 30106 5340223 30105->30106 30107 5340d90 30106->30107 30108 5340dad 30107->30108 30109 5340db6 30108->30109 30110 5340dbb GetPEB 30108->30110 30109->30097 30111 5340ddc 30110->30111 30111->30097 30112 51bd392 30115 51bd3c0 VirtualProtect VirtualProtect 30112->30115 30114 51bd54a 30114->30114 30115->30114 30116 585b55a 30117 585b55f 30116->30117 30118 585b577 30117->30118 30119 585b56b 30117->30119 30163 585b462 30118->30163 30347 5863fe5 LoadLibraryA GetProcAddress GetProcAddress 30119->30347 30122 585b576 30122->30118 30124 585b60e 30126 585b589 30167 58663fd GetModuleHandleA ExpandEnvironmentStringsW 30126->30167 30130 585b593 30193 585549e 30130->30193 30135 585b5c7 30213 585b2c1 memset memset 30135->30213 30139 585b5b7 30349 586677d _vsnwprintf 30139->30349 30148 585b5e7 30307 585cb01 InitializeCriticalSection InitializeCriticalSection CreateEventW 30148->30307 30154 585b5f6 30323 585c03c CreateEventW InitializeCriticalSection 30154->30323 30156 585b5fb 30324 585c497 30156->30324 30160 585b605 30329 5863948 30160->30329 30351 585b40d GetModuleHandleA 30163->30351 30166 5863da7 GetProcessHeap 30166->30126 30356 5864141 CreateFileW 30167->30356 30170 586643f 30376 5866206 strcmp GetModuleHandleA 30170->30376 30171 585b58e 30176 5865c55 30171->30176 30173 5866445 30377 5864379 30173->30377 30177 5865c6d 30176->30177 30384 58659ca GetModuleHandleA 30177->30384 30181 5865c9c memset 30394 5865765 30181->30394 30187 5865ced __fprintf_l 30188 586677d _vsnwprintf 30187->30188 30189 5865d13 30188->30189 30190 5865d1e ExpandEnvironmentStringsW 30189->30190 30430 5862340 30190->30430 30465 58553bb 30193->30465 30201 58554be 30202 5866a54 30201->30202 30203 586677d _vsnwprintf 30202->30203 30204 5866a89 30203->30204 30205 5866a98 10 API calls 30204->30205 30206 5866b49 SetLastError OpenMutexW 30204->30206 30209 5866b21 LocalFree 30205->30209 30210 5866b28 30205->30210 30207 5866b76 CloseHandle 30206->30207 30208 5866b64 GetLastError 30206->30208 30212 585b59f 30207->30212 30208->30212 30209->30210 30211 5866b2e GetLastError 30210->30211 30210->30212 30211->30212 30212->30124 30212->30135 30348 5863f96 GetPEB 30212->30348 30214 585b2fa 30213->30214 30517 586615f 30214->30517 30217 586615f 22 API calls 30218 585b335 30217->30218 30219 585b347 wcslen 30218->30219 30220 585b36b 30218->30220 30221 585b356 30219->30221 30222 585b3b4 CoCreateGuid 30220->30222 30223 585b377 30220->30223 30221->30220 30226 585b35c wcslen 30221->30226 30224 585b3c6 StringFromGUID2 30222->30224 30225 585b3a6 30222->30225 30228 586677d _vsnwprintf 30223->30228 30224->30225 30227 585b3dc 30224->30227 30225->30124 30236 585b0a5 30225->30236 30226->30220 30526 5865fdb 30227->30526 30229 585b396 30228->30229 30537 58667e0 _vsnprintf RtlInitUnicodeString RtlUnicodeStringToAnsiString RtlFreeAnsiString 30229->30537 30233 5865fdb 22 API calls 30234 585b3fc 30233->30234 30234->30229 30235 585b404 ExitProcess 30234->30235 30237 585b0be 30236->30237 30238 585b0d4 ExpandEnvironmentStringsW 30237->30238 30239 586677d _vsnwprintf 30238->30239 30240 585b10a 30239->30240 30241 586677d _vsnwprintf 30240->30241 30242 585b120 RtlDosPathNameToNtPathName_U 30241->30242 30243 586677d _vsnwprintf 30242->30243 30244 585b144 wcsstr wcsstr wcsstr 30243->30244 30245 586677d _vsnwprintf 30244->30245 30246 585b182 RtlFreeAnsiString 30245->30246 30247 585b19a 30246->30247 30248 5865f3f 16 API calls 30247->30248 30249 585b1b1 30248->30249 30250 586677d _vsnwprintf 30249->30250 30251 585b1c3 30250->30251 30252 5865f3f 16 API calls 30251->30252 30253 585b1d8 30252->30253 30254 586677d _vsnwprintf 30253->30254 30255 585b1ea 30254->30255 30256 5865f3f 16 API calls 30255->30256 30257 585b210 30256->30257 30258 586677d _vsnwprintf 30257->30258 30259 585b222 30258->30259 30260 5865f3f 16 API calls 30259->30260 30261 585b237 30260->30261 30262 586677d _vsnwprintf 30261->30262 30263 585b249 30262->30263 30264 5865f3f 16 API calls 30263->30264 30265 585b26f 30264->30265 30266 586677d _vsnwprintf 30265->30266 30267 585b281 30266->30267 30268 5865f3f 16 API calls 30267->30268 30269 585b2a4 30268->30269 30270 586677d _vsnwprintf 30269->30270 30271 585b2b6 30270->30271 30272 5866b83 30271->30272 30273 5866a54 17 API calls 30272->30273 30274 5866bb3 30273->30274 30275 5866bcf 30274->30275 30276 5866bb8 30274->30276 30279 586677d _vsnwprintf 30275->30279 30277 5866bc1 CloseHandle 30276->30277 30278 5866bc8 ExitProcess 30276->30278 30277->30278 30280 5866bf4 30279->30280 30281 586677d _vsnwprintf 30280->30281 30282 5866c08 11 API calls 30281->30282 30283 5866ca2 LocalFree 30282->30283 30284 5866ca9 30282->30284 30283->30284 30285 586677d _vsnwprintf 30284->30285 30286 585b5dd 30285->30286 30287 5862966 30286->30287 30603 58537b0 30287->30603 30289 586297a InitializeCriticalSection 30604 58587b4 30289->30604 30292 586674e _vsnprintf 30293 585b5e2 30292->30293 30294 58680ef 30293->30294 30295 5868103 30294->30295 30296 586677d _vsnwprintf 30295->30296 30297 586811d LoadLibraryW 30296->30297 30298 5864141 14 API calls 30297->30298 30301 586813a 30298->30301 30299 5868145 30299->30148 30301->30299 30302 5868195 30301->30302 30304 586817b 30301->30304 30610 5864399 strcmp 30301->30610 30303 5864379 2 API calls 30302->30303 30305 5868186 30303->30305 30611 5864487 memset 30304->30611 30305->30148 30308 585b5ec 30307->30308 30309 585cb33 CreateThread 30307->30309 30310 585bf8e 30308->30310 30309->30308 30612 585c83d WaitForSingleObject 30309->30612 30311 585bfa3 30310->30311 30312 586677d _vsnwprintf 30311->30312 30313 585bfc2 30312->30313 30634 5862a64 _chkstk 30313->30634 30315 585bfd1 30316 58549d3 6 API calls 30315->30316 30317 585bff6 30315->30317 30316->30317 30318 586674e _vsnprintf 30317->30318 30319 585c011 30318->30319 30641 585beb6 CreateThread 30319->30641 30322 585863d 27 API calls 2 library calls 30322->30154 30323->30156 30325 585c4a2 30324->30325 30327 585b600 30324->30327 30326 585c4aa CreateThread 30325->30326 30325->30327 30326->30327 31020 585c41d GetModuleHandleW SetWindowsHookExA 30326->31020 30328 5853fba 13 API calls 30327->30328 30328->30160 30330 586396b 30329->30330 31027 5862c74 GetTickCount 30330->31027 30333 58587b4 5 API calls 30334 58639a4 30333->30334 30335 586674e _vsnprintf 30334->30335 30336 58639ba 30335->30336 30337 58549d3 6 API calls 30336->30337 30338 58639f3 30337->30338 31030 5869294 30338->31030 30340 5863a31 30341 5863a40 30340->30341 31055 5869048 27 API calls error_info_injector 30340->31055 31033 586906e 30341->31033 30344 5863a48 31042 58637de 30344->31042 30347->30122 30348->30139 30350 58667a1 30349->30350 30350->30135 30352 585b424 30351->30352 30354 585b428 30351->30354 30352->30124 30352->30166 30354->30352 30355 5864399 strcmp 30354->30355 30355->30354 30357 5864174 GetFileSize 30356->30357 30358 586429e 30356->30358 30359 5864287 CloseHandle 30357->30359 30360 5864187 30357->30360 30358->30170 30358->30171 30359->30358 30361 5864296 30359->30361 30380 5863db4 RtlAllocateHeap 30360->30380 30383 5863df7 RtlFreeHeap 30361->30383 30364 586418d 30364->30359 30365 5864199 ReadFile 30364->30365 30365->30359 30366 58641b3 30365->30366 30366->30359 30367 58641e0 GetCurrentProcess VirtualAllocEx 30366->30367 30367->30359 30369 5864202 __fprintf_l 30367->30369 30368 5864271 GetCurrentProcess VirtualFreeEx 30368->30359 30369->30368 30381 58640a4 memset __fprintf_l 30369->30381 30371 5864232 30371->30368 30372 5864250 30371->30372 30382 5863fe5 LoadLibraryA GetProcAddress GetProcAddress 30372->30382 30374 5864256 30374->30368 30375 586425b 30374->30375 30375->30359 30376->30173 30378 5864380 GetCurrentProcess VirtualFreeEx 30377->30378 30379 5864398 30377->30379 30378->30379 30379->30171 30380->30364 30381->30371 30382->30374 30383->30358 30385 58659e6 30384->30385 30386 58659f8 GetProcAddress 30384->30386 30389 58659f1 30385->30389 30432 58658af GetVersionExW 30385->30432 30386->30385 30388 5865b1b 30390 5865b22 AllocateAndInitializeSid 30388->30390 30389->30388 30391 5865b77 FreeSid 30390->30391 30392 5865b62 CheckTokenMembership 30390->30392 30391->30181 30392->30391 30393 5865b74 30392->30393 30393->30391 30395 5862340 30394->30395 30396 586578c CreateFileA 30395->30396 30397 58657ac memset memset DeviceIoControl 30396->30397 30398 58658a8 30396->30398 30399 58657f7 30397->30399 30400 5865893 CloseHandle 30397->30400 30418 58549d3 30398->30418 30399->30400 30433 5863dc7 30399->30433 30400->30398 30401 58658a1 30400->30401 30440 5863df7 RtlFreeHeap 30401->30440 30405 58658a7 30405->30398 30406 5865828 30406->30400 30407 5865837 strlen 30406->30407 30416 586585d 30406->30416 30408 5863dc7 2 API calls 30407->30408 30412 5865847 30408->30412 30409 5865867 strlen 30410 5863dc7 2 API calls 30409->30410 30411 5865877 30410->30411 30413 5865882 30411->30413 30417 586588d 30411->30417 30412->30416 30438 5862d30 tolower isspace isprint isprint isspace 30412->30438 30439 5862d30 tolower isspace isprint isprint isspace 30413->30439 30416->30409 30416->30417 30417->30400 30442 58537b0 30418->30442 30420 58549db strlen 30443 58548c7 30420->30443 30422 58549f1 30451 5854966 30422->30451 30425 586682b RtlInitAnsiString RtlAnsiStringToUnicodeString 30426 5866856 30425->30426 30427 5866852 30425->30427 30428 586677d _vsnwprintf 30426->30428 30427->30187 30429 5866864 RtlFreeAnsiString 30428->30429 30429->30187 30431 586236b ExpandEnvironmentStringsW 30430->30431 30431->30130 30432->30389 30435 5863dd1 30433->30435 30436 5863ddf DeviceIoControl 30435->30436 30437 5863dc9 Sleep 30435->30437 30441 5863db4 RtlAllocateHeap 30435->30441 30436->30400 30436->30406 30437->30435 30438->30416 30439->30417 30440->30405 30441->30435 30442->30420 30444 58548ec 30443->30444 30445 5854900 memcpy 30444->30445 30446 585493e memcpy 30444->30446 30460 58541e0 memset 30445->30460 30446->30422 30450 5854918 30450->30446 30461 58541e0 memset 30450->30461 30452 585497e 30451->30452 30453 58548c7 3 API calls 30452->30453 30454 58549a2 30453->30454 30455 58548c7 3 API calls 30454->30455 30456 58549af 30455->30456 30457 58549bb memset 30456->30457 30462 58537d4 30457->30462 30460->30450 30461->30450 30463 58537de sprintf 30462->30463 30463->30463 30464 58537fb 30463->30464 30464->30425 30495 5855294 30465->30495 30468 58553e6 30472 58553f5 30468->30472 30469 5855294 16 API calls 30470 58553cf 30469->30470 30470->30468 30507 5862424 11 API calls moneypunct 30470->30507 30473 5855294 16 API calls 30472->30473 30474 5855400 30473->30474 30475 585543f 30474->30475 30476 5855294 16 API calls 30474->30476 30485 585544d 30475->30485 30477 585540f 30476->30477 30477->30475 30478 5855294 16 API calls 30477->30478 30479 585541b 30478->30479 30479->30475 30480 5855294 16 API calls 30479->30480 30481 5855427 30480->30481 30481->30475 30482 5855294 16 API calls 30481->30482 30483 5855433 30482->30483 30483->30475 30484 5855294 16 API calls 30483->30484 30484->30475 30512 5855335 GetPEB 30485->30512 30488 5855335 12 API calls 30489 5855461 30488->30489 30490 5855335 12 API calls 30489->30490 30491 585546e 30489->30491 30490->30491 30492 585547c GetTickCount 30491->30492 30493 585548e Sleep 30492->30493 30494 5855499 GetTickCount 30492->30494 30493->30493 30493->30494 30494->30201 30508 5863db4 RtlAllocateHeap 30495->30508 30497 58552ae 30498 58552b7 NtQuerySystemInformation 30497->30498 30499 585532d 30497->30499 30500 58552cf 30498->30500 30499->30468 30499->30469 30504 58552e0 NtQuerySystemInformation 30500->30504 30506 58552f9 30500->30506 30509 5863de0 RtlReAllocateHeap 30500->30509 30501 5855320 30511 5863df7 RtlFreeHeap 30501->30511 30504->30500 30506->30501 30510 5862424 11 API calls moneypunct 30506->30510 30507->30468 30508->30497 30509->30500 30510->30506 30511->30499 30513 5855344 30512->30513 30514 585535e 30513->30514 30516 5862424 11 API calls moneypunct 30513->30516 30514->30488 30514->30491 30516->30513 30538 5865f3f 30517->30538 30519 58661b9 30522 585b315 30519->30522 30555 5865d58 30519->30555 30520 5866185 30520->30519 30549 5865d6a 30520->30549 30522->30217 30523 586619e 30523->30519 30552 5866145 30523->30552 30527 5865ff3 30526->30527 30528 5865f3f 16 API calls 30527->30528 30535 585b3ea 30527->30535 30529 5866012 30528->30529 30530 586604e 30529->30530 30531 5865d6a 2 API calls 30529->30531 30533 5865d58 NtClose 30530->30533 30530->30535 30532 586602b 30531->30532 30532->30530 30534 5866032 wcslen 30532->30534 30533->30535 30592 5865da4 RtlInitUnicodeString 30534->30592 30535->30233 30537->30225 30539 5865f51 30538->30539 30541 5865f75 30538->30541 30542 586677d _vsnwprintf 30539->30542 30540 5865fd7 30540->30520 30541->30540 30558 5865b86 30541->30558 30548 5865f70 30542->30548 30545 586682b 4 API calls 30546 5865fb4 30545->30546 30547 586677d _vsnwprintf 30546->30547 30547->30548 30548->30520 30577 5866679 RtlInitUnicodeString 30549->30577 30551 5865d80 NtCreateKey 30551->30523 30578 5865dd8 RtlInitUnicodeString 30552->30578 30556 5865d5f NtClose 30555->30556 30557 5865d69 30555->30557 30556->30557 30557->30522 30559 5865ba7 GetCurrentProcess OpenProcessToken 30558->30559 30572 5865c4d 30558->30572 30560 5865c1c 30559->30560 30561 5865bbe GetTokenInformation GetLastError 30559->30561 30562 5865c35 30560->30562 30563 5865c2c CloseHandle 30560->30563 30561->30560 30564 5865bdf 30561->30564 30565 5865c43 30562->30565 30566 5865c3a LocalFree 30562->30566 30563->30562 30567 5863dc7 2 API calls 30564->30567 30565->30572 30576 5863df7 RtlFreeHeap 30565->30576 30566->30565 30568 5865be7 GetTokenInformation 30567->30568 30568->30560 30570 5865bfd ConvertSidToStringSidA 30568->30570 30570->30560 30571 5865c0c 30570->30571 30574 586674e _vsnprintf 30571->30574 30572->30540 30572->30545 30575 5866770 30574->30575 30575->30560 30576->30572 30577->30551 30588 5863db4 RtlAllocateHeap 30578->30588 30580 5865e1a NtQueryValueKey 30581 5865df9 30580->30581 30585 5865e36 __fprintf_l 30580->30585 30581->30580 30582 5865e79 30581->30582 30589 5863de0 RtlReAllocateHeap 30581->30589 30591 5863df7 RtlFreeHeap 30582->30591 30587 5865e6f 30585->30587 30590 5863df7 RtlFreeHeap 30585->30590 30587->30519 30588->30581 30589->30581 30590->30587 30591->30587 30595 58662e9 30592->30595 30596 58662f7 30595->30596 30599 58661e2 LdrInitializeThunk 30596->30599 30601 58661f4 30599->30601 30602 58661fd 30601->30602 30603->30289 30605 58587bc 30604->30605 30606 58548c7 3 API calls 30605->30606 30607 58587cb 30606->30607 30608 5854966 5 API calls 30607->30608 30609 58587d2 30608->30609 30609->30292 30610->30301 30611->30305 30613 585c97c ExitThread 30612->30613 30615 585c85b 30612->30615 30614 585c951 ResetEvent WaitForSingleObject 30614->30615 30617 585c978 30614->30617 30615->30614 30616 585c884 EnterCriticalSection 30615->30616 30619 585c8e9 LeaveCriticalSection 30615->30619 30624 585c8cc memcmp 30615->30624 30625 585c933 LeaveCriticalSection 30615->30625 30626 586766b 8 API calls 30615->30626 30627 58414b0 10 API calls 30615->30627 30628 5867271 30615->30628 30632 5841500 GetProcessHeap RtlFreeHeap GetProcessHeap RtlFreeHeap moneypunct 30615->30632 30616->30615 30617->30613 30619->30615 30620 585c8f9 EnterCriticalSection 30619->30620 30620->30615 30624->30615 30625->30615 30626->30615 30627->30615 30629 5867277 30628->30629 30630 586727d 30628->30630 30633 5865649 GetProcessHeap RtlFreeHeap 30629->30633 30630->30615 30632->30615 30633->30630 30644 5855f12 30634->30644 30636 5862a95 30648 58627ff CreateFileW 30636->30648 30640 5862ab6 30640->30315 30642 585b5f1 30641->30642 30643 585bece CloseHandle 30641->30643 30663 585be9a 30641->30663 30642->30322 30643->30642 30645 5855f40 memcpy memcpy memcpy 30644->30645 30646 5855f3d 30644->30646 30647 5855f85 30645->30647 30646->30645 30647->30636 30649 5862897 30648->30649 30650 586282b GetFileSize 30648->30650 30649->30640 30660 5865649 GetProcessHeap RtlFreeHeap 30649->30660 30651 586283a 30650->30651 30652 5862869 CloseHandle 30650->30652 30661 5865632 GetProcessHeap RtlAllocateHeap 30651->30661 30653 5862877 30652->30653 30654 5862889 30652->30654 30653->30649 30654->30649 30662 5865649 GetProcessHeap RtlFreeHeap 30654->30662 30656 5862843 30656->30652 30657 586284b ReadFile 30656->30657 30657->30652 30659 586285d 30657->30659 30659->30652 30660->30640 30661->30656 30662->30653 30666 583f8a0 30663->30666 30665 585beb1 30667 583f8af 30666->30667 30668 583f8b4 30666->30668 30730 583e4d0 30667->30730 30737 583e960 30668->30737 30671 583f8d4 30672 583f8d8 30671->30672 30673 583f906 30671->30673 30674 583f90d 30671->30674 30672->30665 30844 5840910 18 API calls moneypunct 30673->30844 30845 5840890 18 API calls moneypunct 30674->30845 30677 583f90b 30714 583fa94 30677->30714 30747 58433c0 30677->30747 30678 583faa4 30682 583fab7 CloseHandle 30678->30682 30683 583faca 30678->30683 30680 583e4d0 15 API calls 30680->30678 30681 583f92f 30684 583f937 30681->30684 30685 583f964 30681->30685 30682->30683 30686 583fac2 30682->30686 30687 583fad4 OpenEventA 30683->30687 30846 5845380 InitializeCriticalSection Sleep InitializeCriticalSection GetProcessHeap RtlAllocateHeap 30684->30846 30757 5844f40 EnterCriticalSection 30685->30757 30686->30687 30690 583faf6 30687->30690 30691 583fae8 SetEvent CloseHandle 30687->30691 30690->30665 30691->30690 30692 583f970 30759 5844e70 30692->30759 30693 583f93c 30847 5845380 InitializeCriticalSection Sleep InitializeCriticalSection GetProcessHeap RtlAllocateHeap 30693->30847 30696 583f978 30698 583fa2b 30696->30698 30775 583e7e0 30696->30775 30697 583f946 30699 5844f40 2 API calls 30697->30699 30851 5844e10 DeleteCriticalSection 30698->30851 30702 583f957 30699->30702 30702->30685 30704 583fa30 30706 583fa8e 30704->30706 30710 583fa41 EnterCriticalSection 30704->30710 30711 583fa79 30704->30711 30705 583fa1a 30850 5848710 8 API calls 30705->30850 30852 586561b GetProcessHeap RtlFreeHeap 30706->30852 30710->30711 30712 583fa55 LeaveCriticalSection DeleteCriticalSection 30710->30712 30711->30706 30713 583fa83 LeaveCriticalSection 30711->30713 30712->30706 30713->30706 30714->30678 30714->30680 30715 583fa1f 30715->30698 30717 583f9a0 CreateEventA 30718 583fa15 30717->30718 30720 583f9b5 CreateEventA 30717->30720 30849 583e8a0 6 API calls 30718->30849 30721 583f9e9 GetLastError 30720->30721 30722 583f9c8 30720->30722 30723 583f9f4 30721->30723 30798 583f7e0 CreateToolhelp32Snapshot 30722->30798 30848 583e400 InterlockedDecrement SetEvent 30723->30848 30726 583f9cd 30810 583f2f0 QueryPerformanceFrequency 30726->30810 30728 583f9f9 WaitForSingleObject CloseHandle 30728->30718 30853 583e430 memset 30730->30853 30732 583e4e9 PathCombineA 30733 583e430 12 API calls 30732->30733 30734 583e506 PathCombineA 30733->30734 30735 583e430 12 API calls 30734->30735 30736 583e51d PathCombineA 30735->30736 30736->30668 30738 583e969 30737->30738 30739 583e96e 30737->30739 30740 583e4d0 15 API calls 30738->30740 30741 583e981 CreateMutexA 30739->30741 30742 583e9c6 30739->30742 30740->30739 30741->30742 30743 583e999 GetLastError 30741->30743 30742->30671 30744 583e9a6 30743->30744 30745 583e9ac 30743->30745 30744->30671 30745->30742 30746 583e9b5 CloseHandle 30745->30746 30746->30742 30748 58433d0 EnterCriticalSection 30747->30748 30749 58433dc 30747->30749 30748->30749 30750 58433e0 30749->30750 30751 5843408 30749->30751 30752 58433e4 LeaveCriticalSection DeleteCriticalSection 30750->30752 30753 584342d 30750->30753 30751->30753 30754 584340c InitializeCriticalSection EnterCriticalSection 30751->30754 30752->30681 30755 5843456 30753->30755 30756 584344b LeaveCriticalSection 30753->30756 30754->30753 30755->30681 30756->30755 30758 5844f79 LeaveCriticalSection 30757->30758 30758->30692 30760 5844eb0 inet_addr 30759->30760 30761 5844e83 30759->30761 30763 5844ec7 30760->30763 30867 5845380 InitializeCriticalSection Sleep InitializeCriticalSection GetProcessHeap RtlAllocateHeap 30761->30867 30766 5844ef9 Sleep 30763->30766 30768 58485e0 41 API calls 30763->30768 30772 5844ef4 30763->30772 30773 5844f1a 30763->30773 30764 5844e88 30868 5845380 InitializeCriticalSection Sleep InitializeCriticalSection GetProcessHeap RtlAllocateHeap 30764->30868 30766->30763 30769 5844f08 30766->30769 30767 5844e92 30770 5844f40 2 API calls 30767->30770 30768->30763 30769->30696 30771 5844ea3 30770->30771 30771->30760 30869 5848710 8 API calls 30772->30869 30773->30696 30870 583e650 30775->30870 30778 583e829 30780 583e833 GetNativeSystemInfo 30778->30780 30781 583e898 30778->30781 30783 583e893 30780->30783 30784 583e85f 30780->30784 30781->30705 30792 583f650 memset GetVersionExA 30781->30792 30782 583e814 GetProcessHeap HeapFree 30919 5841bf0 GetModuleHandleA GetProcAddress 30782->30919 30915 583e540 GetCurrentProcess WriteProcessMemory 30783->30915 30887 583e760 30784->30887 30790 583e87e GetProcessHeap RtlFreeHeap 30902 5841f30 30790->30902 30793 583f6b1 GetNativeSystemInfo 30792->30793 30794 583f6a7 30792->30794 30795 583f6d8 GetCurrentProcessId 30793->30795 30796 583f6e8 30793->30796 30794->30793 30977 583ea50 30795->30977 30796->30717 30796->30718 30799 583f810 Process32FirstW 30798->30799 30800 583f804 CloseHandle 30798->30800 30801 583f822 30799->30801 30802 583f890 CloseHandle 30799->30802 30800->30726 30803 583f830 GetCurrentProcessId 30801->30803 30802->30726 30804 583f83a lstrcmpiW 30803->30804 30805 583f84c Process32NextW 30803->30805 30804->30805 30806 583f86c OpenProcess 30804->30806 30805->30803 30807 583f85e CloseHandle 30805->30807 30808 583f885 TerminateProcess 30806->30808 30809 583f88e 30806->30809 30807->30726 30808->30809 30809->30802 30821 583f333 30810->30821 30811 583f38a QueryPerformanceCounter QueryPerformanceCounter 30813 5845950 26 API calls 30811->30813 30813->30821 30814 583f347 InterlockedIncrement CreateThread 30815 583f383 CloseHandle 30814->30815 30816 583f366 InterlockedDecrement 30814->30816 31004 583f1e0 30814->31004 30815->30811 30816->30811 30817 583f375 SetEvent 30816->30817 30817->30811 30818 583f3c5 Sleep 30818->30821 30819 583f3b9 WaitForSingleObject 30819->30821 30820 583f555 GetProcessHeap RtlReAllocateHeap 30820->30821 30839 583f474 30820->30839 30821->30811 30821->30818 30821->30819 30821->30820 30822 583f59b GetProcessHeap HeapAlloc 30821->30822 30826 583f5de memcpy 30821->30826 30827 583f5ff WaitForSingleObject 30821->30827 30829 583f45a memset 30821->30829 30821->30839 30982 5845950 30821->30982 30822->30821 30825 583f5b4 Sleep GetProcessHeap HeapAlloc 30822->30825 30824 583f570 Sleep GetProcessHeap HeapReAlloc 30824->30824 30824->30839 30825->30821 30825->30825 30826->30821 30827->30821 30828 583f611 30827->30828 30831 583f630 30828->30831 30832 583f625 GetProcessHeap HeapFree 30828->30832 30830 583f47a WideCharToMultiByte 30829->30830 30829->30839 30830->30839 30834 583f643 CloseHandle 30831->30834 30835 583f638 GetProcessHeap HeapFree 30831->30835 30832->30831 30834->30723 30835->30834 30836 583f4cb InterlockedIncrement CreateThread 30837 583f4ea InterlockedDecrement 30836->30837 30838 583f52d CloseHandle 30836->30838 31017 583f140 92 API calls moneypunct 30836->31017 30837->30839 30840 583f4f9 SetEvent 30837->30840 30838->30839 30839->30821 30839->30822 30839->30824 30839->30836 30842 583f525 Sleep 30839->30842 30843 583f51c WaitForSingleObject 30839->30843 31000 583eba0 19 API calls 30839->31000 31001 583fcf0 Sleep memset WideCharToMultiByte GetProcessHeap RtlAllocateHeap 30839->31001 31002 586561b GetProcessHeap RtlFreeHeap 30839->31002 30840->30839 30842->30839 30843->30839 30844->30677 30845->30677 30846->30693 30847->30697 30848->30728 30849->30705 30850->30715 30851->30704 30852->30714 30856 583fe50 30853->30856 30857 583fe99 30856->30857 30859 583fe61 30856->30859 30858 583fea5 GetModuleHandleA GetProcAddress 30857->30858 30861 583febe GetModuleHandleA GetProcAddress 30858->30861 30859->30859 30860 583fe6d GetModuleHandleA GetProcAddress 30859->30860 30862 583fe92 30860->30862 30863 583fedb 30861->30863 30862->30858 30864 583ff04 GetModuleHandleA GetProcAddress 30863->30864 30865 583e456 memset StringFromGUID2 WideCharToMultiByte 30863->30865 30866 583ff25 30864->30866 30865->30732 30866->30864 30866->30865 30867->30764 30868->30767 30869->30766 30920 583e5c0 GetProcessHeap RtlAllocateHeap 30870->30920 30872 583e6c6 30872->30778 30879 5842200 GetCurrentProcess VirtualAllocEx 30872->30879 30873 583e664 30873->30872 30874 583e6b5 GetProcessHeap HeapFree 30873->30874 30925 58454d0 GetProcessHeap RtlAllocateHeap 30873->30925 30874->30872 30876 583e683 30876->30874 30877 583e6b0 30876->30877 30878 583e69c GetProcessHeap HeapFree 30876->30878 30877->30874 30878->30874 30880 5842276 memcpy 30879->30880 30881 5842250 VirtualAllocEx 30879->30881 30884 58422f3 30880->30884 30885 584229b memcpy 30880->30885 30882 5842274 30881->30882 30883 584226d 30881->30883 30882->30880 30883->30782 30884->30782 30885->30884 30929 583e6d0 GetProcessHeap HeapAlloc 30887->30929 30889 583e774 30890 583e7d6 30889->30890 30891 583e7c5 GetProcessHeap HeapFree 30889->30891 30892 58454d0 5 API calls 30889->30892 30890->30783 30896 5842130 GetCurrentProcess VirtualAllocEx 30890->30896 30891->30890 30893 583e793 30892->30893 30893->30891 30894 583e7c0 30893->30894 30895 583e7ac GetProcessHeap HeapFree 30893->30895 30894->30891 30895->30891 30897 5842174 30896->30897 30898 584217b memcpy 30896->30898 30897->30790 30899 58421f4 30898->30899 30900 584219d memcpy 30898->30900 30899->30790 30900->30899 30934 5841c50 30902->30934 30904 5841f55 GetProcessHeap HeapAlloc 30905 5841f79 30904->30905 30906 5841f9a 30904->30906 30907 5841f80 Sleep GetProcessHeap HeapAlloc 30905->30907 30908 5841fa5 ExpandEnvironmentStringsW 30906->30908 30914 5841fd4 30906->30914 30907->30906 30907->30907 30942 5841cf0 CreateFileW 30908->30942 30910 5841fdf GetProcessHeap HeapFree 30911 5841feb DeleteFileW GetProcessHeap HeapFree 30910->30911 30911->30783 30914->30910 30914->30911 30916 583e584 30915->30916 30917 583e57c 30915->30917 30916->30917 30918 583e58e GetCurrentProcess WriteProcessMemory 30916->30918 30917->30781 30918->30917 30919->30778 30921 583e60a memcpy 30920->30921 30922 583e5ed 30920->30922 30924 583e628 30921->30924 30923 583e5f0 Sleep GetProcessHeap HeapAlloc 30922->30923 30923->30921 30923->30923 30924->30873 30926 5845504 30925->30926 30927 58454ea 30925->30927 30926->30876 30928 58454f0 Sleep GetProcessHeap HeapAlloc 30927->30928 30928->30926 30928->30928 30930 583e71a memcpy 30929->30930 30931 583e6fd 30929->30931 30933 583e738 30930->30933 30932 583e700 Sleep GetProcessHeap HeapAlloc 30931->30932 30932->30930 30932->30932 30933->30889 30935 58454d0 5 API calls 30934->30935 30936 5841c66 30935->30936 30937 5841cc2 GetProcessHeap HeapFree 30936->30937 30938 58454d0 5 API calls 30936->30938 30937->30904 30940 5841c9c 30938->30940 30940->30937 30941 5841cb2 GetProcessHeap HeapFree 30940->30941 30941->30937 30943 5841d15 WriteFile 30942->30943 30944 5841d3b 30942->30944 30945 5841d34 CloseHandle 30943->30945 30946 5841d2a 30943->30946 30944->30914 30948 5841df0 memset CreateProcessW 30944->30948 30945->30944 30946->30945 30947 5841d2f 30946->30947 30947->30945 30949 5841e43 30948->30949 30950 5841e3c 30948->30950 30951 58454d0 5 API calls 30949->30951 30950->30914 30952 5841e4d ExpandEnvironmentStringsW 30951->30952 30953 5841e70 Sleep 30952->30953 30961 5841d50 CreateFileW 30953->30961 30955 5841e8e 30955->30953 30956 5841eb2 30955->30956 30957 5841ead DeleteFileW GetProcessHeap HeapFree CloseHandle CloseHandle 30955->30957 30973 5865649 GetProcessHeap RtlFreeHeap 30955->30973 30974 5865649 GetProcessHeap RtlFreeHeap 30956->30974 30957->30914 30962 5841d77 GetFileSize 30961->30962 30972 5841de4 30961->30972 30963 5841d86 30962->30963 30964 5841db8 CloseHandle 30962->30964 30975 5865632 GetProcessHeap RtlAllocateHeap 30963->30975 30965 5841dc4 30964->30965 30966 5841dda 30964->30966 30965->30955 30966->30972 30976 5865649 GetProcessHeap RtlFreeHeap 30966->30976 30968 5841d8d 30968->30964 30969 5841d96 ReadFile 30968->30969 30969->30964 30971 5841dab 30969->30971 30971->30964 30972->30955 30973->30955 30974->30957 30975->30968 30976->30972 30978 583ea83 OpenProcess 30977->30978 30979 583ea5d GetModuleHandleA GetProcAddress 30977->30979 30980 583ea7d 30978->30980 30981 583ea98 NtQueryInformationProcess 30978->30981 30979->30978 30979->30980 30980->30796 30981->30980 30983 5845960 30982->30983 30984 584597b 30982->30984 31003 5845510 GetProcessHeap HeapReAlloc Sleep GetProcessHeap HeapReAlloc 30983->31003 30986 58454d0 5 API calls 30984->30986 30988 5845988 30986->30988 30987 584596e 30987->30988 30989 5845ab3 30988->30989 30990 584599b GetModuleHandleA GetProcAddress NtQuerySystemInformation 30988->30990 30989->30814 30991 5845aa5 30990->30991 30997 58459c9 30990->30997 30991->30814 30992 58459e1 GetProcessHeap RtlReAllocateHeap 30993 58459fb 30992->30993 30992->30997 30996 5845a00 Sleep GetProcessHeap HeapReAlloc 30993->30996 30994 5845a34 30995 5845a39 GetProcessHeap HeapAlloc 30994->30995 30994->30997 30998 5845a50 Sleep GetProcessHeap HeapAlloc 30994->30998 30995->30994 30996->30996 30996->30997 30997->30989 30997->30992 30997->30994 30997->30995 30999 5845a77 GetModuleHandleA GetProcAddress NtQuerySystemInformation 30997->30999 30998->30994 30998->30998 30999->30991 30999->30997 31000->30839 31001->30839 31002->30839 31003->30987 31005 5845950 26 API calls 31004->31005 31006 583f203 31005->31006 31007 583f2a9 InterlockedDecrement 31006->31007 31014 583f223 31006->31014 31008 583f2c4 31007->31008 31009 583f2b8 SetEvent 31007->31009 31010 583f2d7 31008->31010 31011 583f2c8 GetProcessHeap RtlFreeHeap 31008->31011 31009->31008 31011->31010 31013 5845850 memset WideCharToMultiByte 31013->31014 31014->31013 31016 583f2a3 31014->31016 31018 583eba0 19 API calls 31014->31018 31019 583f090 98 API calls 31014->31019 31016->31007 31018->31014 31019->31014 31021 585c445 31020->31021 31022 585c48f ExitThread 31020->31022 31023 585c477 GetMessageW 31021->31023 31026 585c463 TranslateMessage DispatchMessageW 31021->31026 31024 585c486 UnhookWindowsHookEx 31023->31024 31025 585c44d WaitForSingleObject 31023->31025 31024->31022 31025->31021 31025->31024 31026->31023 31056 5862c4d GetTickCount RtlRandom 31027->31056 31029 5862c80 31029->30333 31057 5869864 31030->31057 31032 5869299 31032->30340 31070 5865604 GetProcessHeap RtlAllocateHeap 31033->31070 31035 5869079 31036 586909b 31035->31036 31084 586a3ff strlen 31035->31084 31071 586b2cc 31036->31071 31038 5869094 31085 5868d06 6 API calls 31038->31085 31051 58637fa 31042->31051 31045 586390f GetTickCount 31052 58638a5 31045->31052 31046 586392d Sleep 31046->31051 31048 5863855 GetTickCount 31048->31051 31050 5863879 Sleep 31050->31048 31050->31051 31051->31045 31051->31046 31051->31048 31051->31050 31051->31052 31417 5862f9f 31051->31417 31425 585381f EnterCriticalSection 31051->31425 31428 5863202 31051->31428 31052->31046 31052->31051 31456 5863541 205 API calls moneypunct 31052->31456 31457 5866877 7 API calls moneypunct 31052->31457 31054 58638b3 GetTickCount 31054->31051 31055->30341 31056->31029 31058 5869871 LoadLibraryA GetProcAddress 31057->31058 31059 5869e7f 31057->31059 31060 5869896 LoadLibraryA GetProcAddress 31058->31060 31059->31032 31061 58698ba 49 API calls 31060->31061 31062 5869c2d LoadLibraryA 31061->31062 31063 5869bfa GetProcAddress GetProcAddress GetProcAddress 31061->31063 31064 5869c42 15 API calls 31062->31064 31065 5869d41 LoadLibraryA 31062->31065 31063->31062 31064->31065 31066 5869d50 GetProcAddress 31065->31066 31067 5869d61 LoadLibraryA 31065->31067 31066->31067 31068 5869d76 15 API calls 31067->31068 31069 5869e75 31067->31069 31068->31069 31069->31059 31070->31035 31086 5865604 GetProcessHeap RtlAllocateHeap 31071->31086 31073 586b2de ordered_message_processor 31074 586b306 31073->31074 31087 586e8f5 31073->31087 31091 586ac1d GetProcessHeap RtlAllocateHeap GetProcessHeap RtlFreeHeap memmove 31074->31091 31076 586b32c 31092 586561b GetProcessHeap RtlFreeHeap 31076->31092 31079 586b33f 31093 5865604 GetProcessHeap RtlAllocateHeap 31079->31093 31081 586b346 31082 58690a8 31081->31082 31094 586c35e 58 API calls 31081->31094 31082->30344 31084->31038 31085->31036 31086->31073 31088 586e928 31087->31088 31095 586ea62 31088->31095 31091->31076 31092->31079 31093->31081 31094->31082 31096 586ea7b ordered_message_processor 31095->31096 31100 586ea97 ordered_message_processor 31096->31100 31121 5871b59 strlen GetFileAttributesA 31096->31121 31102 5869f36 GetProcessHeap RtlFreeHeap error_info_injector 31100->31102 31105 586eb94 31100->31105 31106 586eb67 ordered_message_processor 31100->31106 31110 586a3ff strlen 31100->31110 31111 586ebd8 31100->31111 31116 586f0cd 31100->31116 31122 5871c84 10 API calls 31100->31122 31123 586ff48 time 31100->31123 31102->31100 31128 5869f36 31105->31128 31106->31105 31127 5871d2b 8 API calls 31106->31127 31110->31100 31114 586ebef 31111->31114 31113 5869f36 error_info_injector 2 API calls 31113->31114 31114->31113 31115 586ec34 31114->31115 31131 586ec3f 31114->31131 31115->31100 31257 586ea30 31116->31257 31120 586f0f5 31120->31100 31121->31100 31122->31100 31124 586ff60 31123->31124 31125 586ff65 31123->31125 31387 5871efd WSAStartup 31124->31387 31125->31100 31127->31105 31416 586561b GetProcessHeap RtlFreeHeap 31128->31416 31130 5869f3e 31130->31074 31132 586ecb2 31131->31132 31133 586ec50 31131->31133 31174 586bed3 31132->31174 31133->31132 31134 586ec60 31133->31134 31161 586abd9 31134->31161 31138 586ecdd inet_ntoa 31149 5869eea 31138->31149 31141 586ecf2 ordered_message_processor 31152 5871d94 31141->31152 31142 586ec92 31167 586ac95 31142->31167 31144 586ec9c 31144->31138 31147 5869f36 error_info_injector 2 API calls 31148 586ed27 31147->31148 31148->31114 31177 586a0c8 31149->31177 31151 5869f06 31151->31141 31185 586a7ff 31152->31185 31158 5871de8 31217 586a847 GetProcessHeap RtlFreeHeap closesocket error_info_injector 31158->31217 31160 586ed1c 31160->31147 31241 586b39b 31161->31241 31163 586ac14 31166 586ef83 6 API calls moneypunct 31163->31166 31164 586abfd 31164->31163 31249 586acb5 GetProcessHeap RtlAllocateHeap GetProcessHeap RtlFreeHeap memmove 31164->31249 31166->31142 31253 586561b GetProcessHeap RtlFreeHeap 31167->31253 31169 586aca0 31254 586561b GetProcessHeap RtlFreeHeap 31169->31254 31171 586aca8 31255 586561b GetProcessHeap RtlFreeHeap 31171->31255 31173 586acb0 31173->31144 31256 586bffa 31174->31256 31176 586beea CryptGenRandom 31176->31144 31178 586a0d7 strlen 31177->31178 31179 586a0e3 31177->31179 31178->31179 31182 586a2a1 31179->31182 31181 586a0ed 31181->31151 31183 586b9ae GetProcessHeap RtlAllocateHeap GetProcessHeap RtlFreeHeap memmove 31182->31183 31184 586a2b5 31183->31184 31184->31181 31186 586a810 31185->31186 31187 586a827 WSAStartup atexit 31186->31187 31188 586a843 31186->31188 31187->31188 31189 586a8bc gethostbyname 31188->31189 31190 586a8d5 31189->31190 31191 586a932 31189->31191 31190->31191 31192 586a8db htons 31190->31192 31191->31158 31198 5871e06 31191->31198 31218 586bc33 31192->31218 31194 586a903 socket 31194->31191 31195 586a920 connect 31194->31195 31195->31191 31196 586a943 31195->31196 31196->31191 31197 586a94a setsockopt 31196->31197 31197->31191 31219 586a3ff strlen 31198->31219 31200 5871e22 31220 586a184 _vsnprintf 31200->31220 31202 5871e2b 31223 586a9ee 31202->31223 31207 5871e6e 31235 586a213 31207->31235 31209 5871ea4 31210 5869f36 error_info_injector 2 API calls 31209->31210 31211 5871eac 31210->31211 31211->31158 31212 5871e75 31212->31209 31238 586a420 31212->31238 31214 5871e94 31215 5869f36 error_info_injector 2 API calls 31214->31215 31215->31209 31217->31160 31219->31200 31221 586a2a1 GetProcessHeap RtlAllocateHeap GetProcessHeap RtlFreeHeap memmove 31220->31221 31222 586a1b2 _vsnprintf 31221->31222 31222->31202 31225 586aa04 send 31223->31225 31226 586be71 send 31223->31226 31224 586aa00 31227 5869654 _chkstk 31224->31227 31225->31224 31226->31224 31230 586966c 31227->31230 31228 58696ab 31234 586a3ff strlen 31228->31234 31229 586a043 6 API calls 31229->31230 31230->31228 31230->31229 31231 586a995 recv 31230->31231 31232 586a8aa closesocket 31230->31232 31233 586be58 recv send memmove 31230->31233 31231->31230 31232->31230 31233->31230 31234->31207 31236 586a4fe memchr memcmp 31235->31236 31237 586a247 31236->31237 31237->31212 31239 5869eea 6 API calls 31238->31239 31240 586a433 31239->31240 31240->31214 31242 586b3e0 31241->31242 31243 586b3b2 31241->31243 31242->31164 31250 5865604 GetProcessHeap RtlAllocateHeap 31243->31250 31245 586b3c4 31251 586abbc memmove 31245->31251 31247 586b3d5 31252 586561b GetProcessHeap RtlFreeHeap 31247->31252 31249->31164 31250->31245 31251->31247 31252->31242 31253->31169 31254->31171 31255->31173 31256->31176 31289 586e869 31257->31289 31260 5871721 31294 586a3ff strlen 31260->31294 31262 5871745 31263 586a420 6 API calls 31262->31263 31264 5871755 31263->31264 31295 586a2cf 31264->31295 31267 5869f36 error_info_injector 2 API calls 31278 5871764 ordered_message_processor 31267->31278 31268 5871a5e 31268->31120 31269 586a2cf 8 API calls 31269->31278 31270 58717ed 31320 5869f1b 31270->31320 31273 5869eea 6 API calls 31273->31278 31274 5869f1b 2 API calls 31275 58717fd 31274->31275 31275->31120 31276 5869ff8 7 API calls 31276->31278 31277 586a3ff strlen 31277->31278 31278->31268 31278->31269 31278->31270 31278->31273 31278->31276 31278->31277 31282 5869f36 GetProcessHeap RtlFreeHeap error_info_injector 31278->31282 31284 5869f1b GetProcessHeap RtlFreeHeap 31278->31284 31286 586ff48 20 API calls 31278->31286 31287 586a3ae sscanf 31278->31287 31298 586f1aa 31278->31298 31305 5865604 GetProcessHeap RtlAllocateHeap 31278->31305 31306 586bf28 31278->31306 31313 586f06f 31278->31313 31325 586561b GetProcessHeap RtlFreeHeap 31278->31325 31326 586ff88 sscanf _mkgmtime 31278->31326 31282->31278 31284->31278 31286->31278 31287->31278 31290 586e872 31289->31290 31291 586e883 31290->31291 31293 586561b GetProcessHeap RtlFreeHeap 31290->31293 31291->31260 31293->31290 31294->31262 31327 586a639 31295->31327 31348 5871eb3 31298->31348 31300 586f1d3 31351 586b9ae 31300->31351 31302 586f1e4 31303 5871eb3 CryptStringToBinaryA 31302->31303 31304 586f1fc 31303->31304 31304->31278 31305->31278 31307 586a420 6 API calls 31306->31307 31308 586bf42 31307->31308 31363 586a3ff strlen 31308->31363 31310 586bf4d inet_addr 31364 586bef5 31310->31364 31373 586e886 31313->31373 31317 586f0a4 31379 586561b GetProcessHeap RtlFreeHeap 31317->31379 31319 586f0ac 31319->31278 31381 5869e8c 31320->31381 31324 5869f31 31324->31274 31325->31278 31326->31278 31329 586a653 31327->31329 31330 5869eea 6 API calls 31329->31330 31332 5869f36 error_info_injector 2 API calls 31329->31332 31333 586a6ee 31329->31333 31334 586a306 31329->31334 31342 586a4fe 31329->31342 31345 586a43a 31329->31345 31330->31329 31332->31329 31335 5869eea 6 API calls 31333->31335 31334->31267 31336 586a71a 31335->31336 31337 5869f36 error_info_injector 2 API calls 31336->31337 31338 586a72e 31337->31338 31339 586a43a 4 API calls 31338->31339 31340 586a739 31339->31340 31341 5869f36 error_info_injector 2 API calls 31340->31341 31341->31334 31343 586bc59 memchr memcmp 31342->31343 31344 586a522 31343->31344 31344->31329 31346 586a536 GetProcessHeap RtlAllocateHeap GetProcessHeap RtlFreeHeap 31345->31346 31347 586a44f 31346->31347 31347->31329 31349 5871ec2 CryptStringToBinaryA 31348->31349 31350 5871ec0 31348->31350 31349->31300 31350->31349 31352 586b9c4 31351->31352 31353 586b9cd 31351->31353 31352->31353 31355 586b958 31352->31355 31353->31302 31356 586b96b 31355->31356 31357 586b993 31355->31357 31358 5865604 GetProcessHeap RtlAllocateHeap 31356->31358 31357->31353 31359 586b979 31358->31359 31360 586bce6 memmove 31359->31360 31361 586b98b 31360->31361 31362 586561b moneypunct GetProcessHeap RtlFreeHeap 31361->31362 31362->31357 31363->31310 31369 586b48f 31364->31369 31366 586bf1f 31366->31278 31368 586bf0b 31368->31366 31372 586c099 GetProcessHeap RtlAllocateHeap GetProcessHeap RtlFreeHeap memmove 31368->31372 31370 586b9ae GetProcessHeap RtlAllocateHeap GetProcessHeap RtlFreeHeap memmove 31369->31370 31371 586b4ad 31370->31371 31371->31368 31372->31368 31374 586b958 5 API calls 31373->31374 31375 586e8a8 31374->31375 31376 586e8bd 31375->31376 31380 586ea1a GetProcessHeap RtlAllocateHeap GetProcessHeap RtlFreeHeap memmove 31375->31380 31378 586f03b GetProcessHeap RtlAllocateHeap GetProcessHeap RtlFreeHeap 31376->31378 31378->31317 31379->31319 31380->31375 31382 5869e95 31381->31382 31383 5869ea6 31382->31383 31386 586561b GetProcessHeap RtlFreeHeap 31382->31386 31385 586561b GetProcessHeap RtlFreeHeap 31383->31385 31385->31324 31386->31382 31388 5871f35 31387->31388 31389 5871f31 31387->31389 31391 5871f46 memset 31388->31391 31389->31125 31392 5871f7f getaddrinfo 31391->31392 31408 5872086 31391->31408 31403 5871fa4 31392->31403 31393 5871fab socket 31394 5871fe2 freeaddrinfo 31393->31394 31395 5871fc1 connect 31393->31395 31396 5871feb freeaddrinfo 31394->31396 31395->31396 31397 5871fd2 closesocket 31395->31397 31396->31403 31397->31403 31398 5872004 recv 31399 5872032 closesocket 31398->31399 31398->31403 31399->31403 31401 5869f36 error_info_injector 2 API calls 31401->31403 31403->31392 31403->31393 31403->31396 31403->31398 31403->31401 31405 587208f 31403->31405 31403->31408 31409 586a043 31403->31409 31414 586a3ff strlen 31403->31414 31415 586a453 memcmp 31403->31415 31406 5872153 _mkgmtime 31405->31406 31407 5869f36 error_info_injector 2 API calls 31406->31407 31407->31408 31408->31389 31410 586a053 strlen 31409->31410 31411 586a05f 31409->31411 31410->31411 31412 586b9ae 5 API calls 31411->31412 31413 586a07f 31412->31413 31413->31403 31414->31403 31415->31403 31416->31130 31458 5869323 31417->31458 31420 5862fc7 inet_addr 31421 5862fda 31420->31421 31422 5863017 gethostname 31421->31422 31424 5862fe4 31421->31424 31423 5863027 gethostbyname 31422->31423 31422->31424 31423->31424 31424->31051 31426 5853835 31425->31426 31427 585383b LeaveCriticalSection 31425->31427 31426->31427 31427->31051 31429 5863216 31428->31429 31669 5867622 strlen 31429->31669 31433 5863249 31434 58632c2 GetComputerNameA 31433->31434 31435 58632f1 lstrcatA 31434->31435 31436 58632fb lstrcpyA 31434->31436 31437 5863303 lstrlenA GetUserNameA 31435->31437 31436->31437 31438 5863333 lstrcatA 31437->31438 31439 5863341 lstrlenA 31437->31439 31438->31439 31440 586335d 31439->31440 31675 58538ac GetForegroundWindow GetWindowTextA 31440->31675 31443 5863387 lstrcpyA 31444 5863395 lstrlenA 31443->31444 31445 58633ae 31444->31445 31677 5863063 _chkstk 31445->31677 31447 58633f8 31449 5867271 moneypunct 2 API calls 31447->31449 31448 58633ee 31448->31447 31693 5857fee 1447 API calls 31448->31693 31450 586342d 31449->31450 31451 5867271 moneypunct 2 API calls 31450->31451 31452 5863435 31451->31452 31454 5867271 moneypunct 2 API calls 31452->31454 31455 586343d 31454->31455 31455->31051 31456->31054 31457->31051 31459 5869eea 6 API calls 31458->31459 31460 5869340 ordered_message_processor 31459->31460 31505 5868d43 31460->31505 31463 5869f36 error_info_injector 2 API calls 31464 5869364 ordered_message_processor 31463->31464 31568 586a3ff strlen 31464->31568 31466 5869382 31569 586a4ca 31466->31569 31469 5869393 31573 5865604 GetProcessHeap RtlAllocateHeap 31469->31573 31470 58693ce 31589 5865604 GetProcessHeap RtlAllocateHeap 31470->31589 31473 58693d5 ordered_message_processor 31476 58693cc ordered_message_processor 31473->31476 31590 586a7cb 7 API calls 31473->31590 31474 586939d ordered_message_processor 31474->31476 31574 586aa70 31474->31574 31579 586a3ff strlen 31476->31579 31479 586943c 31480 586a184 7 API calls 31479->31480 31481 5869445 31480->31481 31504 586a9ee send 31481->31504 31482 5869460 31483 5869654 10 API calls 31482->31483 31484 5869474 31483->31484 31485 586951a 31484->31485 31591 586a3ff strlen 31484->31591 31488 5869f36 error_info_injector 2 API calls 31485->31488 31487 586949d 31489 586a213 2 API calls 31487->31489 31490 5869531 31488->31490 31495 58694a5 31489->31495 31491 5869f36 error_info_injector 2 API calls 31490->31491 31493 5869539 31491->31493 31492 58694d6 31592 58697fe GetProcessHeap RtlAllocateHeap 31492->31592 31580 586901d 31493->31580 31495->31492 31498 586a420 6 API calls 31495->31498 31496 5862fc0 31496->31420 31496->31421 31500 58694c5 31498->31500 31499 58694e9 31501 58694f8 memcpy 31499->31501 31502 5869f36 error_info_injector 2 API calls 31500->31502 31503 5869f36 error_info_injector 2 API calls 31501->31503 31502->31492 31503->31485 31504->31482 31506 586a420 6 API calls 31505->31506 31507 5868d5b 31506->31507 31593 586a3ff strlen 31507->31593 31509 5868d8e 31510 586a213 2 API calls 31509->31510 31511 5868d95 31510->31511 31513 5868d9d 31511->31513 31601 586a3ff strlen 31511->31601 31514 586a420 6 API calls 31513->31514 31515 5868dc8 31514->31515 31516 5869f36 error_info_injector 2 API calls 31515->31516 31517 5868dd9 31516->31517 31594 586a3ff strlen 31517->31594 31519 5868df7 31520 586a213 2 API calls 31519->31520 31521 5868dfe 31520->31521 31522 586a420 6 API calls 31521->31522 31523 5868e2c 31522->31523 31524 5869f36 error_info_injector 2 API calls 31523->31524 31525 5868e3c 31524->31525 31595 586a3ff strlen 31525->31595 31527 5868e4d 31528 586a213 2 API calls 31527->31528 31529 5868e54 31528->31529 31530 5869eea 6 API calls 31529->31530 31533 5868e5c 31529->31533 31531 5868e7c 31530->31531 31602 5869f5e memcmp 31531->31602 31535 5868eee 31533->31535 31538 5869f36 error_info_injector 2 API calls 31533->31538 31534 5868e89 31537 5868e8f 31534->31537 31541 5869eea 6 API calls 31534->31541 31536 5868efd 31535->31536 31539 5869f36 error_info_injector 2 API calls 31535->31539 31596 586a7a8 sscanf 31536->31596 31604 586a3ff strlen 31537->31604 31538->31535 31539->31536 31542 5868eac 31541->31542 31603 5869f5e memcmp 31542->31603 31544 5868f3d 31597 586a3ff strlen 31544->31597 31547 5868f05 31547->31544 31550 586a420 6 API calls 31547->31550 31548 5868f4e 31598 586a265 31548->31598 31552 5868f2d 31550->31552 31555 5869f36 error_info_injector 2 API calls 31552->31555 31554 5868f71 31606 586a573 31554->31606 31555->31544 31556 5868f5c 31557 586a420 6 API calls 31556->31557 31559 5868fa8 31557->31559 31560 5869f36 error_info_injector 2 API calls 31559->31560 31561 5868fb9 31560->31561 31563 5868fc1 31561->31563 31609 586a3ff strlen 31561->31609 31564 586a420 6 API calls 31563->31564 31565 5868fe7 31564->31565 31566 5869f36 error_info_injector 2 API calls 31565->31566 31567 5868ff8 31566->31567 31567->31463 31568->31466 31570 586938a 31569->31570 31571 586a4de 31569->31571 31570->31469 31570->31470 31614 586a453 memcmp 31571->31614 31573->31474 31615 586aa32 31574->31615 31579->31479 31581 5869f36 error_info_injector 2 API calls 31580->31581 31582 5869028 31581->31582 31583 5869f36 error_info_injector 2 API calls 31582->31583 31584 5869030 31583->31584 31585 5869f36 error_info_injector 2 API calls 31584->31585 31586 5869038 31585->31586 31587 5869f36 error_info_injector 2 API calls 31586->31587 31588 5869040 31587->31588 31589->31473 31590->31476 31591->31487 31592->31499 31593->31509 31594->31519 31595->31527 31596->31547 31597->31548 31599 586a573 memcmp 31598->31599 31600 5868f55 31599->31600 31600->31556 31605 586a3ff strlen 31600->31605 31601->31513 31602->31534 31603->31537 31604->31533 31605->31554 31610 586bd1f 31606->31610 31608 586a597 31608->31556 31609->31563 31611 586bd3c 31610->31611 31612 586bd2c 31610->31612 31611->31608 31612->31611 31613 586bd6a memcmp 31612->31613 31613->31611 31613->31612 31614->31570 31616 586a7ff 2 API calls 31615->31616 31617 586aa4e 31616->31617 31625 586bda9 31617->31625 31620 586ab0b 31621 586a8bc 5 API calls 31620->31621 31622 586ab2e 31621->31622 31624 586aaa3 31622->31624 31649 586be3f 31622->31649 31624->31476 31630 586f2c7 31625->31630 31631 586f2e1 31630->31631 31645 58697fe GetProcessHeap RtlAllocateHeap 31631->31645 31633 586f2f6 31646 58697fe GetProcessHeap RtlAllocateHeap 31633->31646 31635 586f2ff 31636 586bdc9 31635->31636 31637 586f31d atexit 31635->31637 31638 586f7a4 31636->31638 31637->31636 31639 586a420 6 API calls 31638->31639 31640 586f7c1 31639->31640 31641 5869f36 error_info_injector 2 API calls 31640->31641 31642 586f7d2 31641->31642 31647 586f715 memset 31642->31647 31645->31633 31646->31635 31648 586aa65 31647->31648 31648->31620 31652 586f614 31649->31652 31653 586f841 ordered_message_processor send 31652->31653 31654 586f61e 31653->31654 31655 586be47 31654->31655 31656 586f5cb ordered_message_processor send 31654->31656 31655->31624 31657 586f62c 31656->31657 31657->31655 31659 586f63b 31657->31659 31661 586f648 31659->31661 31660 586f841 ordered_message_processor send 31660->31661 31661->31660 31662 586f6f3 31661->31662 31665 586a995 31661->31665 31668 586bce6 memmove 31661->31668 31662->31655 31666 586a9a5 recv 31665->31666 31667 586a9a1 31665->31667 31666->31667 31667->31661 31694 5867524 31669->31694 31672 586754c strlen 31673 58671ea 5 API calls 31672->31673 31674 5867566 31673->31674 31674->31433 31676 58538c8 31675->31676 31676->31443 31676->31444 31678 586307b 31677->31678 31710 5857c3e 31678->31710 31680 58631cf 31681 5867271 moneypunct 2 API calls 31680->31681 31683 58631fa 31681->31683 31682 5863086 31686 5863166 31682->31686 31718 5863db4 RtlAllocateHeap 31682->31718 31683->31448 31685 58630c5 31719 5861855 31685->31719 31686->31680 31723 58696b5 31686->31723 31690 5855f12 3 API calls 31692 5863130 31690->31692 31691 58630db 31691->31690 31691->31692 31746 5863df7 RtlFreeHeap 31692->31746 31693->31447 31695 5867530 31694->31695 31696 5867536 31694->31696 31707 5865649 GetProcessHeap RtlFreeHeap 31695->31707 31700 58671ea 31696->31700 31699 586323c 31699->31672 31701 5867211 31700->31701 31702 58671f9 31700->31702 31704 5867239 memcpy 31701->31704 31709 58671cd GetProcessHeap HeapReAlloc 31701->31709 31708 5865632 GetProcessHeap RtlAllocateHeap 31702->31708 31704->31699 31705 586720c 31705->31704 31707->31696 31708->31705 31709->31705 31711 5862c74 3 API calls 31710->31711 31712 5857c49 31711->31712 31713 586674e _vsnprintf 31712->31713 31714 5857c64 31713->31714 31715 586674e _vsnprintf 31714->31715 31716 5857c74 memcpy 31715->31716 31716->31682 31718->31685 31720 586183a 31719->31720 31747 58617a8 memset 31720->31747 31724 5869eea 6 API calls 31723->31724 31725 58696d2 ordered_message_processor 31724->31725 31726 5868d43 12 API calls 31725->31726 31727 58696ee 31726->31727 31728 5869f36 error_info_injector 2 API calls 31727->31728 31729 58696f6 31728->31729 31730 5869eea 6 API calls 31729->31730 31731 586971d ordered_message_processor 31730->31731 31787 586a3ff strlen 31731->31787 31733 586976c 31734 586a4ca memcmp 31733->31734 31735 5869774 31734->31735 31788 586af66 31735->31788 31737 5869789 31738 5869f36 error_info_injector 2 API calls 31737->31738 31739 5869791 31738->31739 31741 58697a4 31739->31741 31799 58692ab 13 API calls error_info_injector 31739->31799 31742 5869f36 error_info_injector 2 API calls 31741->31742 31743 58697c3 31742->31743 31744 586901d 2 API calls 31743->31744 31745 58697ce 31744->31745 31745->31686 31746->31686 31748 58617d7 31747->31748 31757 58617d0 31747->31757 31758 586178d 31748->31758 31753 5861827 31765 585d349 31753->31765 31754 5861810 31755 585d349 2 API calls 31754->31755 31755->31757 31757->31691 31769 5861243 31758->31769 31761 5861338 31763 586134f 31761->31763 31764 5861375 31761->31764 31763->31764 31782 5860aaa 22 API calls 31763->31782 31764->31753 31764->31754 31766 585d359 31765->31766 31767 585d354 31765->31767 31766->31767 31783 585d335 31766->31783 31767->31757 31770 5861259 31769->31770 31775 586126d 31770->31775 31777 585d322 31770->31777 31773 58612e2 31774 585d349 2 API calls 31773->31774 31773->31775 31774->31775 31775->31757 31775->31761 31781 5865632 GetProcessHeap RtlAllocateHeap 31777->31781 31779 585d332 31779->31775 31780 5860c7c memset memset memset 31779->31780 31780->31773 31781->31779 31782->31763 31786 5865649 GetProcessHeap RtlFreeHeap 31783->31786 31785 585d340 31785->31767 31786->31785 31787->31733 31789 586af77 31788->31789 31790 586afc3 31788->31790 31789->31790 31796 586af82 31789->31796 31800 586acfe 31789->31800 31790->31737 31794 586afd6 31797 5869f36 error_info_injector 2 API calls 31794->31797 31795 5869f36 error_info_injector 2 API calls 31795->31796 31796->31789 31796->31790 31796->31794 31796->31795 31808 586afec 116 API calls 2 library calls 31796->31808 31809 586accd 31796->31809 31798 586afea 31797->31798 31798->31790 31799->31741 31806 586ad12 ordered_message_processor 31800->31806 31801 586adb2 31801->31789 31805 586accd 27 API calls 31805->31806 31806->31801 31806->31805 31807 586ea62 48 API calls 31806->31807 31817 586ae7d 31806->31817 31836 586ac1d GetProcessHeap RtlAllocateHeap GetProcessHeap RtlFreeHeap memmove 31806->31836 31837 586eba8 GetProcessHeap RtlFreeHeap GetProcessHeap HeapFree error_info_injector 31806->31837 31807->31806 31808->31796 31810 586ace7 31809->31810 31811 586acd8 31809->31811 31923 586c470 31810->31923 31922 586d064 26 API calls moneypunct 31811->31922 31818 586abd9 5 API calls 31817->31818 31819 586ae9f 31818->31819 31838 586ac50 31819->31838 31824 586ac95 2 API calls 31825 586aeca 31824->31825 31826 586af05 31825->31826 31847 586ab9b 31825->31847 31863 586561b GetProcessHeap RtlFreeHeap 31826->31863 31830 586af15 31864 586561b GetProcessHeap RtlFreeHeap 31830->31864 31834 586af1d 31834->31806 31836->31806 31837->31806 31865 5870137 31838->31865 31840 586ac8c 31843 586ee88 31840->31843 31841 586ac75 31841->31840 31842 58700c5 5 API calls 31841->31842 31842->31841 31844 586aec2 31843->31844 31845 586eeb0 31843->31845 31844->31824 31845->31844 31846 58700c5 5 API calls 31845->31846 31846->31845 31848 586bed3 CryptGenRandom 31847->31848 31849 586abac 31848->31849 31849->31826 31850 58700c5 31849->31850 31873 5870107 31850->31873 31853 586adf9 31854 586ae07 31853->31854 31856 586ae4d 31853->31856 31876 586c037 31854->31876 31921 586d752 84 API calls 31856->31921 31860 586ae2a 31862 586ae1a 31860->31862 31920 586c672 81 API calls 31860->31920 31862->31826 31863->31830 31864->31834 31866 587017f 31865->31866 31867 587014f 31865->31867 31866->31841 31868 5865604 GetProcessHeap RtlAllocateHeap 31867->31868 31869 5870163 31868->31869 31870 587007c memmove 31869->31870 31871 5870174 31870->31871 31872 586561b moneypunct GetProcessHeap RtlFreeHeap 31871->31872 31872->31866 31874 587019d GetProcessHeap RtlAllocateHeap GetProcessHeap RtlFreeHeap memmove 31873->31874 31875 586aefd 31874->31875 31875->31853 31877 586c043 31876->31877 31878 586ae13 31876->31878 31879 586bfad 27 API calls 31877->31879 31878->31862 31880 586c4f0 31878->31880 31879->31878 31881 586c505 31880->31881 31882 586c510 31881->31882 31883 586c470 26 API calls 31881->31883 31884 586cd58 EnterCriticalSection LeaveCriticalSection SetEvent 31882->31884 31883->31882 31885 586c521 31884->31885 31886 5865604 GetProcessHeap RtlAllocateHeap 31885->31886 31887 586c531 31886->31887 31888 586c586 31887->31888 31889 586c545 inet_ntoa 31887->31889 31890 586e594 TerminateThread CloseHandle 31888->31890 31891 5869eea 6 API calls 31889->31891 31892 586c59d 31890->31892 31897 586c558 ordered_message_processor 31891->31897 31893 586c5b2 31892->31893 31894 5869f36 error_info_injector GetProcessHeap RtlFreeHeap 31892->31894 31895 586c5bd 31893->31895 31896 586c5cb 31893->31896 31894->31893 31898 586cd13 6 API calls 31895->31898 31899 586cd58 EnterCriticalSection LeaveCriticalSection SetEvent 31896->31899 31902 586aa70 19 API calls 31897->31902 31900 586c5c6 31898->31900 31901 586c5dd 31899->31901 31900->31860 31903 586ccd3 6 API calls 31901->31903 31902->31888 31904 586c5e4 31903->31904 31905 586ca6a 7 API calls 31904->31905 31906 586c5eb 31905->31906 31907 586ca1a 7 API calls 31906->31907 31908 586c5f2 31907->31908 31909 586ca4e 7 API calls 31908->31909 31910 586c5f9 31909->31910 31911 586cbb6 21 API calls 31910->31911 31912 586c600 31911->31912 31913 5865604 GetProcessHeap RtlAllocateHeap 31912->31913 31914 586c607 31913->31914 31915 586e594 TerminateThread CloseHandle 31914->31915 31916 586c637 31915->31916 31917 587002a CreateThread 31916->31917 31918 586c652 31917->31918 31919 586cddc 12 API calls 31918->31919 31919->31900 31920->31862 31921->31862 31939 586c752 31923->31939 31926 586c4a0 31929 586c752 2 API calls 31926->31929 31927 586c489 31944 586cddc 12 API calls 31927->31944 31932 586c4a5 31929->31932 31930 586c49e 31931 586acf5 31930->31931 31931->31796 31932->31931 31945 586cd58 31932->31945 31934 586c4e1 31954 586cd13 31934->31954 31937 586c4bc 31937->31934 31952 586e5b6 6 API calls moneypunct 31937->31952 31953 586d6cd 25 API calls error_info_injector 31937->31953 31964 586f27b EnterCriticalSection 31939->31964 31941 586c762 31965 586f2b5 LeaveCriticalSection 31941->31965 31943 586c482 31943->31926 31943->31927 31944->31930 31966 586f27b EnterCriticalSection 31945->31966 31947 586cd85 31968 586f2b5 LeaveCriticalSection 31947->31968 31948 586cd68 31948->31947 31967 58701c9 SetEvent 31948->31967 31951 586cd8d 31951->31937 31952->31937 31953->31937 31955 586cd1f 31954->31955 31963 586cd3f 31954->31963 31969 586e594 31955->31969 31957 586cd58 3 API calls 31959 586cd53 31957->31959 31959->31931 31960 586cd35 31962 586e594 2 API calls 31960->31962 31962->31963 31963->31957 31964->31941 31965->31943 31966->31948 31967->31947 31968->31951 31970 586e5a4 31969->31970 31971 586cd27 31969->31971 31970->31971 31972 586ffed TerminateThread CloseHandle 31970->31972 31971->31960 31973 586fff8 WaitForSingleObject 31971->31973 31972->31971 31973->31960

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,LoadLibraryA,?,053E5F08,?,05869299,05863A31,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},00000026), ref: 0586987F
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0586988C
                                                                                                                • LoadLibraryA.KERNEL32(msvcrt.dll,?,05869299,05863A31,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},00000026), ref: 0586989D
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 058698AB
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateFileA), ref: 058698C5
                                                                                                                • GetProcAddress.KERNEL32(00000000,WriteFile), ref: 058698D6
                                                                                                                • GetProcAddress.KERNEL32(00000000,SetFilePointer), ref: 058698E7
                                                                                                                • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 058698F8
                                                                                                                • GetProcAddress.KERNEL32(00000000,vsnprintf), ref: 05869909
                                                                                                                • GetProcAddress.KERNEL32(00000000,strlen), ref: 0586991A
                                                                                                                • GetProcAddress.KERNEL32(00000000,ExitProcess), ref: 0586992B
                                                                                                                • GetProcAddress.KERNEL32(00000000,HeapAlloc), ref: 0586993C
                                                                                                                • GetProcAddress.KERNEL32(00000000,HeapReAlloc), ref: 0586994D
                                                                                                                • GetProcAddress.KERNEL32(00000000,HeapFree), ref: 0586995E
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessHeap), ref: 0586996F
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetStdHandle), ref: 05869980
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetConsoleScreenBufferInfo), ref: 05869991
                                                                                                                • GetProcAddress.KERNEL32(00000000,SetConsoleTextAttribute), ref: 058699A2
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLocalTime), ref: 058699B3
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetTickCount), ref: 058699C4
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetFileAttributesA), ref: 058699D5
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlushFileBuffers), ref: 058699E6
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetFileSize), ref: 058699F7
                                                                                                                • GetProcAddress.KERNEL32(00000000,ReadFile), ref: 05869A08
                                                                                                                • GetProcAddress.KERNEL32(00000000,FindFirstFileA), ref: 05869A19
                                                                                                                • GetProcAddress.KERNEL32(00000000,FindNextFileA), ref: 05869A2A
                                                                                                                • GetProcAddress.KERNEL32(00000000,WaitForSingleObject), ref: 05869A3B
                                                                                                                • GetProcAddress.KERNEL32(00000000,SetEvent), ref: 05869A4C
                                                                                                                • GetProcAddress.KERNEL32(00000000,ResetEvent), ref: 05869A5D
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateEventA), ref: 05869A6E
                                                                                                                • GetProcAddress.KERNEL32(00000000,WaitForMultipleObjects), ref: 05869A7F
                                                                                                                • GetProcAddress.KERNEL32(00000000,InitializeCriticalSection), ref: 05869A90
                                                                                                                • GetProcAddress.KERNEL32(00000000,DeleteCriticalSection), ref: 05869AA1
                                                                                                                • GetProcAddress.KERNEL32(00000000,EnterCriticalSection), ref: 05869AB2
                                                                                                                • GetProcAddress.KERNEL32(00000000,LeaveCriticalSection), ref: 05869AC3
                                                                                                                • GetProcAddress.KERNEL32(00000000,Sleep), ref: 05869AD4
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateThread), ref: 05869AE5
                                                                                                                • GetProcAddress.KERNEL32(00000000,TerminateThread), ref: 05869AF6
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetCurrentThread), ref: 05869B07
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetCurrentThreadId), ref: 05869B18
                                                                                                                • GetProcAddress.KERNEL32(00000000,sscanf), ref: 05869B2A
                                                                                                                • GetProcAddress.KERNEL32(00000000,sprintf), ref: 05869B3C
                                                                                                                • GetProcAddress.KERNEL32(00000000,vprintf), ref: 05869B4D
                                                                                                                • GetProcAddress.KERNEL32(00000000,sscanf), ref: 05869B5A
                                                                                                                • GetProcAddress.KERNEL32(00000000,vsnprintf), ref: 05869B6B
                                                                                                                • GetProcAddress.KERNEL32(00000000,sprintf), ref: 05869B78
                                                                                                                • GetProcAddress.KERNEL32(00000000,atexit), ref: 05869B89
                                                                                                                • GetProcAddress.KERNEL32(00000000,memchr), ref: 05869B9A
                                                                                                                • GetProcAddress.KERNEL32(00000000,memcmp), ref: 05869BAB
                                                                                                                • GetProcAddress.KERNEL32(00000000,memmove), ref: 05869BBC
                                                                                                                • GetProcAddress.KERNEL32(00000000,time), ref: 05869BCD
                                                                                                                • GetProcAddress.KERNEL32(00000000,_mkgmtime), ref: 05869BDE
                                                                                                                • LoadLibraryA.KERNEL32(crypt32.dll,?,05869299,05863A31,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},00000026), ref: 05869BEE
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptStringToBinaryA), ref: 05869C00
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptBinaryToStringA), ref: 05869C11
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptDecodeObject), ref: 05869C22
                                                                                                                • LoadLibraryA.KERNEL32(ws2_32.dll,?,05869299,05863A31,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},00000026), ref: 05869C32
                                                                                                                • GetProcAddress.KERNEL32(00000000,socket), ref: 05869C48
                                                                                                                • GetProcAddress.KERNEL32(00000000,connect), ref: 05869C59
                                                                                                                • GetProcAddress.KERNEL32(00000000,send), ref: 05869C6A
                                                                                                                • GetProcAddress.KERNEL32(00000000,recv), ref: 05869C7B
                                                                                                                • GetProcAddress.KERNEL32(00000000,closesocket), ref: 05869C8C
                                                                                                                • GetProcAddress.KERNEL32(00000000,htons), ref: 05869C9D
                                                                                                                • GetProcAddress.KERNEL32(00000000,gethostbyname), ref: 05869CAE
                                                                                                                • GetProcAddress.KERNEL32(00000000,WSAStartup), ref: 05869CBF
                                                                                                                • GetProcAddress.KERNEL32(00000000,WSACleanup), ref: 05869CD0
                                                                                                                • GetProcAddress.KERNEL32(00000000,inet_ntoa), ref: 05869CE1
                                                                                                                • GetProcAddress.KERNEL32(00000000,inet_addr), ref: 05869CF2
                                                                                                                • GetProcAddress.KERNEL32(00000000,setsockopt), ref: 05869D03
                                                                                                                • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 05869D14
                                                                                                                • GetProcAddress.KERNEL32(00000000,freeaddrinfo), ref: 05869D25
                                                                                                                • GetProcAddress.KERNEL32(00000000,shutdown), ref: 05869D36
                                                                                                                • LoadLibraryA.KERNELBASE(secur32.dll,?,05869299,05863A31,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},00000026), ref: 05869D46
                                                                                                                • GetProcAddress.KERNELBASE(00000000,InitSecurityInterfaceA), ref: 05869D56
                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll,?,05869299,05863A31,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},00000026), ref: 05869D66
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 05869D7C
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptGenRandom), ref: 05869D8D
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 05869D9E
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptSetKeyParam), ref: 05869DAF
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptEncrypt), ref: 05869DC0
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptDecrypt), ref: 05869DD1
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptHashData), ref: 05869DE2
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptGetHashParam), ref: 05869DF3
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptDestroyHash), ref: 05869E04
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptCreateHash), ref: 05869E15
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptImportKey), ref: 05869E26
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptDuplicateHash), ref: 05869E37
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptSetHashParam), ref: 05869E48
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptDestroyKey), ref: 05869E59
                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptExportKey), ref: 05869E6A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                • String ID: CloseHandle$CreateEventA$CreateFileA$CreateThread$CryptAcquireContextA$CryptBinaryToStringA$CryptCreateHash$CryptDecodeObject$CryptDecrypt$CryptDestroyHash$CryptDestroyKey$CryptDuplicateHash$CryptEncrypt$CryptExportKey$CryptGenRandom$CryptGetHashParam$CryptHashData$CryptImportKey$CryptReleaseContext$CryptSetHashParam$CryptSetKeyParam$CryptStringToBinaryA$DeleteCriticalSection$EnterCriticalSection$ExitProcess$FindFirstFileA$FindNextFileA$FlushFileBuffers$GetConsoleScreenBufferInfo$GetCurrentThread$GetCurrentThreadId$GetFileAttributesA$GetFileSize$GetLocalTime$GetProcAddress$GetProcessHeap$GetStdHandle$GetTickCount$HeapAlloc$HeapFree$HeapReAlloc$InitSecurityInterfaceA$InitializeCriticalSection$LeaveCriticalSection$LoadLibraryA$ReadFile$ResetEvent$SetConsoleTextAttribute$SetEvent$SetFilePointer$Sleep$TerminateThread$WSACleanup$WSAStartup$WaitForMultipleObjects$WaitForSingleObject$WriteFile$_mkgmtime$advapi32.dll$atexit$closesocket$connect$crypt32.dll$freeaddrinfo$getaddrinfo$gethostbyname$htons$inet_addr$inet_ntoa$kernel32.dll$memchr$memcmp$memmove$msvcrt.dll$recv$secur32.dll$send$setsockopt$shutdown$socket$sprintf$sscanf$strlen$time$vprintf$vsnprintf$ws2_32.dll
                                                                                                                • API String ID: 2238633743-361264007
                                                                                                                • Opcode ID: 85b87b532bc9a2a5a1ffd16553430626cd3b57e19aef3b10fe6e9c283d2e72eb
                                                                                                                • Instruction ID: 52773183edc4ed5689ed07cd7c78de2c7c52a458d99294787b7bcb8c066ba9a9
                                                                                                                • Opcode Fuzzy Hash: 85b87b532bc9a2a5a1ffd16553430626cd3b57e19aef3b10fe6e9c283d2e72eb
                                                                                                                • Instruction Fuzzy Hash: 60E15771B63304EFE7046FB5A94FC2A7EECAA9DA017414416BD07D2612EEB9B440DF60

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                  • Part of subcall function 05866A54: GetSidLengthRequired.ADVAPI32(00000001), ref: 05866A9A
                                                                                                                  • Part of subcall function 05866A54: LocalAlloc.KERNEL32(00000040,00000000), ref: 05866AA3
                                                                                                                  • Part of subcall function 05866A54: InitializeSid.ADVAPI32(00000000,?,00000001), ref: 05866AB1
                                                                                                                  • Part of subcall function 05866A54: GetSidSubAuthority.ADVAPI32(00000000,00000000), ref: 05866AB9
                                                                                                                  • Part of subcall function 05866A54: InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 05866AC6
                                                                                                                  • Part of subcall function 05866A54: SetSecurityDescriptorGroup.ADVAPI32(?,00000000,00000001), ref: 05866AD2
                                                                                                                  • Part of subcall function 05866A54: SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 05866ADF
                                                                                                                  • Part of subcall function 05866A54: memset.NTDLL ref: 05866AEC
                                                                                                                  • Part of subcall function 05866A54: SetLastError.KERNEL32(00000000), ref: 05866B05
                                                                                                                  • Part of subcall function 05866A54: CreateMutexW.KERNELBASE(0000000C,00000001,?), ref: 05866B14
                                                                                                                  • Part of subcall function 05866A54: LocalFree.KERNEL32(00000000), ref: 05866B22
                                                                                                                  • Part of subcall function 05866A54: GetLastError.KERNEL32 ref: 05866B2E
                                                                                                                • CloseHandle.KERNEL32(0000010C), ref: 05866BC2
                                                                                                                • ExitProcess.KERNEL32 ref: 05866BC9
                                                                                                                • GetSidLengthRequired.ADVAPI32(00000001), ref: 05866C0C
                                                                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 05866C15
                                                                                                                • InitializeSid.ADVAPI32(00000000,?,00000001), ref: 05866C23
                                                                                                                • GetSidSubAuthority.ADVAPI32(00000000,00000000), ref: 05866C2B
                                                                                                                • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 05866C38
                                                                                                                • SetSecurityDescriptorGroup.ADVAPI32(?,00000000,00000001), ref: 05866C44
                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 05866C51
                                                                                                                • memset.NTDLL ref: 05866C5E
                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,?), ref: 05866C80
                                                                                                                • SetEvent.KERNEL32(00000000), ref: 05866C8C
                                                                                                                • ResetEvent.KERNEL32 ref: 05866C98
                                                                                                                • LocalFree.KERNEL32(00000000), ref: 05866CA3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DescriptorSecurity$InitializeLocal$Event$AllocAuthorityCreateDaclErrorFreeGroupLastLengthRequiredmemset$CloseExitHandleMutexProcessReset
                                                                                                                • String ID: %sR$34fbdedc$34fbdedcR$C:\Users\user\AppData\Roaming$C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}$Global\%s${66FC1451-ED27-40BE-95A1-9AB6A43B0723}
                                                                                                                • API String ID: 686227620-3031048297
                                                                                                                • Opcode ID: 530c3c6ca3386d45614627586e6bbe7a0a252b204d65eec5cda1f7bb8522ce2c
                                                                                                                • Instruction ID: 245b18264e3e4524812cfada34a5adc36de72044c6a0dc15e6aa38195275ce23
                                                                                                                • Opcode Fuzzy Hash: 530c3c6ca3386d45614627586e6bbe7a0a252b204d65eec5cda1f7bb8522ce2c
                                                                                                                • Instruction Fuzzy Hash: 80315372951248FFDB10ABE6AC4EDEE7FBCEB55601F040055FE06E2141EA74AA44CB71

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,NtQuerySystemInformation,00000005,00000000,?,771B2F30,00000000,771ADF40,00000000,?,?,0583F3A8,?), ref: 058459B2
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 058459B9
                                                                                                                • NtQuerySystemInformation.NTDLL(?,?,0583F3A8,?), ref: 058459BF
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00008000,771B2F30,?,?,0583F3A8,?), ref: 058459EE
                                                                                                                • RtlReAllocateHeap.NTDLL(00000000,?,?,0583F3A8,?), ref: 058459F1
                                                                                                                • Sleep.KERNEL32(00000032,?,?,0583F3A8,?), ref: 05845A02
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00008000,00000000,?,?,0583F3A8,?), ref: 05845A0F
                                                                                                                • HeapReAlloc.KERNEL32(00000000,?,?,0583F3A8,?), ref: 05845A12
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,NtQuerySystemInformation,00000005,00000000,?,771B2F30,?,?,0583F3A8,?), ref: 05845A8E
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 05845A95
                                                                                                                • NtQuerySystemInformation.NTDLL(?,?,0583F3A8,?), ref: 05845A9B
                                                                                                                  • Part of subcall function 05845510: GetProcessHeap.KERNEL32(00000000,00000000,00000000,771B2F30,0584596E,00000000,771ADF40,00000000,?,?,0583F3A8,?), ref: 0584551B
                                                                                                                  • Part of subcall function 05845510: HeapReAlloc.KERNEL32(00000000,?,?,0583F3A8,?), ref: 0584551E
                                                                                                                  • Part of subcall function 05845510: Sleep.KERNEL32(00000032,?,?,0583F3A8,?), ref: 0584552A
                                                                                                                  • Part of subcall function 05845510: GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,?,0583F3A8,?), ref: 05845534
                                                                                                                  • Part of subcall function 05845510: HeapReAlloc.KERNEL32(00000000,?,?,0583F3A8,?), ref: 05845537
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$Alloc$AddressHandleInformationModuleProcQuerySleepSystem$Allocate
                                                                                                                • String ID: NtQuerySystemInformation$ntdll.dll
                                                                                                                • API String ID: 469706451-3774135904
                                                                                                                • Opcode ID: faa74461107da79890530212de779d1c1ec2bb2a4f849be35622c2c32905ae64
                                                                                                                • Instruction ID: 9d20a6bf769c5ba4192871fa74d18636396d622f4eb6208eb673ff0f7d19c155
                                                                                                                • Opcode Fuzzy Hash: faa74461107da79890530212de779d1c1ec2bb2a4f849be35622c2c32905ae64
                                                                                                                • Instruction Fuzzy Hash: 0F416D71715619ABEB20DF6A9C8DB6F7F9DAF45611F048065FD09CB240EA70EC008FA1

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 187 58483f0-5848421 ioctlsocket 188 5848427-5848448 WaitForSingleObject 187->188 189 584856b-5848577 WSAGetLastError 187->189 191 584855c-5848569 188->191 192 584844e 188->192 190 584857a-5848597 shutdown closesocket 189->190 193 58485c9-58485d1 190->193 194 5848599-58485ac GetTickCount * 2 190->194 191->190 195 5848454-584847b select 192->195 194->193 196 58485ae 194->196 197 5848545-5848556 WaitForSingleObject 195->197 198 5848481-5848484 195->198 199 58485b0-58485b4 196->199 197->191 197->195 198->189 200 584848a-584849a __WSAFDIsSet 198->200 199->193 201 58485b6-58485c7 Sleep GetTickCount 199->201 200->197 202 58484a0-58484d3 accept 200->202 201->193 201->199 202->197 203 58484d5-58484e4 GetProcessHeap HeapAlloc 202->203 204 58484e6-58484fd Sleep GetProcessHeap HeapAlloc 203->204 205 58484ff-584853c CreateThread 203->205 204->204 204->205 205->197 206 584853e-584853f CloseHandle 205->206 206->197
                                                                                                                APIs
                                                                                                                • ioctlsocket.WS2_32 ref: 05848418
                                                                                                                • WaitForSingleObject.KERNEL32(?,?,?,00000000), ref: 0584843D
                                                                                                                • select.WS2_32(00000000,?,00000000,00000000,?), ref: 05848473
                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 05848493
                                                                                                                • accept.WS2_32(?,?,?), ref: 058484C8
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000018,?,?,?,00000000), ref: 058484D9
                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,00000000), ref: 058484E0
                                                                                                                • Sleep.KERNEL32(00000032,?,?,?,00000000), ref: 058484E8
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000018,?,?,?,00000000), ref: 058484F2
                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,00000000), ref: 058484F9
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,05848370,00000000,00000000,00000000), ref: 05848534
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 0584853F
                                                                                                                • WaitForSingleObject.KERNEL32(?,00000000,?,?,?,00000000), ref: 0584854B
                                                                                                                • WSAGetLastError.WS2_32 ref: 0584856B
                                                                                                                • shutdown.WS2_32(?,00000002), ref: 05848580
                                                                                                                • closesocket.WS2_32(?), ref: 05848587
                                                                                                                • GetTickCount.KERNEL32 ref: 0584859F
                                                                                                                • GetTickCount.KERNEL32 ref: 058485A3
                                                                                                                • Sleep.KERNEL32(0000000A), ref: 058485B8
                                                                                                                • GetTickCount.KERNEL32 ref: 058485BE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$CountTick$AllocObjectProcessSingleSleepWait$CloseCreateErrorHandleLastThreadacceptclosesocketioctlsocketselectshutdown
                                                                                                                • String ID:
                                                                                                                • API String ID: 1362425311-0
                                                                                                                • Opcode ID: 5d7e50bb44065cbbb5ad92b61f979a0fd3034d4e0de2b43dc77e792bfbfd7f63
                                                                                                                • Instruction ID: c66788b6b04cda2d68354e50b0d496f87a5fb7ed4774efcc1dbab28101f64455
                                                                                                                • Opcode Fuzzy Hash: 5d7e50bb44065cbbb5ad92b61f979a0fd3034d4e0de2b43dc77e792bfbfd7f63
                                                                                                                • Instruction Fuzzy Hash: 4B514AB02147059FD320DF65C84DB2ABBE4BB88714F008A1DF99AD62D1EB70E945CF62

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 058485F8
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000024), ref: 05848608
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 05848611
                                                                                                                • Sleep.KERNEL32(00000032), ref: 05848622
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000024), ref: 0584862C
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0584862F
                                                                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 0584863D
                                                                                                                • htons.WS2_32(?), ref: 0584865A
                                                                                                                • bind.WS2_32(00000000,?,00000010), ref: 05848670
                                                                                                                • listen.WS2_32(00000000,000000FF), ref: 05848681
                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 05848693
                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,058483F0,00000000,00000004,00000000), ref: 058486C6
                                                                                                                • ResumeThread.KERNELBASE(00000000), ref: 058486D0
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00000002,00000001,00000000), ref: 058486E4
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 058486E7
                                                                                                                • closesocket.WS2_32(00000000), ref: 058486F3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$AllocCreateThread$EventFreeResumeSleepStartupbindclosesockethtonslistensocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 3671487086-0
                                                                                                                • Opcode ID: 0327d7a3d8a04a9954d1796e7f78ce3a60dac359b8e36726e7267376285de7bb
                                                                                                                • Instruction ID: aaf79a0e91b95e9df607b096a7a740f730460ef5388d9bd51a20ed23ead0c6ef
                                                                                                                • Opcode Fuzzy Hash: 0327d7a3d8a04a9954d1796e7f78ce3a60dac359b8e36726e7267376285de7bb
                                                                                                                • Instruction Fuzzy Hash: 933173716507086BD7209FA99C8EF6ABBA8EF08761F004619FE19D71D0EB7098048FA1

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                  • Part of subcall function 05867622: strlen.NTDLL ref: 0586762B
                                                                                                                  • Part of subcall function 0586754C: strlen.NTDLL ref: 05867555
                                                                                                                • GetComputerNameA.KERNEL32(?,?), ref: 058632D5
                                                                                                                • lstrcatA.KERNEL32(?,05879538), ref: 058632F7
                                                                                                                • lstrcpyA.KERNEL32(?,UNKNOWN/), ref: 05863301
                                                                                                                • lstrlenA.KERNEL32(?), ref: 05863310
                                                                                                                • GetUserNameA.ADVAPI32(?,?), ref: 05863329
                                                                                                                • lstrcatA.KERNEL32(?,UNKNOWN), ref: 0586333F
                                                                                                                • lstrlenA.KERNEL32(?), ref: 05863348
                                                                                                                • lstrcpyA.KERNEL32(?,[NO ACTIVE WINDOWS!],?,?,?,00000001), ref: 05863393
                                                                                                                • lstrlenA.KERNEL32(?,?,?,?,00000001), ref: 0586339C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: lstrlen$Namelstrcatlstrcpystrlen$ComputerUser
                                                                                                                • String ID: ?a=29$UNKNOWN$UNKNOWN/$[NO ACTIVE WINDOWS!]
                                                                                                                • API String ID: 3787893388-208565771
                                                                                                                • Opcode ID: 2b9c3a06f71936483cf5d25f1306c79c15d9d42abb8c437ffaab5c67b0c840e5
                                                                                                                • Instruction ID: 00f672cc38307894862b2eba20c9073c93014ac11293e65d55edf2b55ef4cfb7
                                                                                                                • Opcode Fuzzy Hash: 2b9c3a06f71936483cf5d25f1306c79c15d9d42abb8c437ffaab5c67b0c840e5
                                                                                                                • Instruction Fuzzy Hash: C761CE7290421CAACF05EBE8D859DDEB7BDAF58314F50045AE906F3150EF349A49CBA1

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 05871F5A
                                                                                                                • getaddrinfo.WS2_32(0587ABCC,0587ABBC,?,00000000), ref: 05871F96
                                                                                                                • socket.WS2_32(?,?,?), ref: 05871FB4
                                                                                                                • connect.WS2_32(00000000,?,?), ref: 05871FC8
                                                                                                                • closesocket.WS2_32(00000000), ref: 05871FD3
                                                                                                                • freeaddrinfo.WS2_32(00000000), ref: 05871FE5
                                                                                                                • freeaddrinfo.WS2_32(00000000), ref: 05871FEE
                                                                                                                • recv.WS2_32(00000000,?,00000100,00000000), ref: 05872013
                                                                                                                • closesocket.WS2_32(00000000), ref: 05872033
                                                                                                                • _mkgmtime.MSVCRT(?,00000000,00000000,?,00000016,00000002,?,00000013,00000002,?,00000010,00000002,?,0000000D,00000002,?), ref: 05872192
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: closesocketfreeaddrinfo$_mkgmtimeconnectgetaddrinfomemsetrecvsocket
                                                                                                                • String ID: UTC(NIST)
                                                                                                                • API String ID: 3593595933-1660707934
                                                                                                                • Opcode ID: dc0cf3031b70c1d630a821d75b1efed94bb3d3241ee37c48410c1802ff5606b0
                                                                                                                • Instruction ID: 081c03e2bb106672128325bdf9360c8d5e665bc1d991273fee90a240ef4edfe8
                                                                                                                • Opcode Fuzzy Hash: dc0cf3031b70c1d630a821d75b1efed94bb3d3241ee37c48410c1802ff5606b0
                                                                                                                • Instruction Fuzzy Hash: 78712532A00218EFDB15DBA4CC49EEEBBB9FF08710F104129E916F6190EB759D04CB62

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,771B2F30), ref: 0583F7F8
                                                                                                                • CloseHandle.KERNEL32(00000000,00000002,00000000,771B2F30), ref: 0583F805
                                                                                                                • Process32FirstW.KERNEL32(00000000,0000022C), ref: 0583F818
                                                                                                                • GetCurrentProcessId.KERNEL32(00000000,00000000,00000002,00000000,771B2F30), ref: 0583F830
                                                                                                                • lstrcmpiW.KERNELBASE(MicrosoftEdge.exe,?), ref: 0583F846
                                                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 0583F854
                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 0583F861
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleProcess32$CreateCurrentFirstNextProcessSnapshotToolhelp32lstrcmpi
                                                                                                                • String ID: MicrosoftEdge.exe
                                                                                                                • API String ID: 2630518689-2093670464
                                                                                                                • Opcode ID: dff17be782bd5bd93fd8493e98db1d1fea09f11fd1a0cba4cde14e814c3c987a
                                                                                                                • Instruction ID: 7cd3e4fde1a1ed39db3fa786c2a3862d644968a650f05ad53852d5111e0592a8
                                                                                                                • Opcode Fuzzy Hash: dff17be782bd5bd93fd8493e98db1d1fea09f11fd1a0cba4cde14e814c3c987a
                                                                                                                • Instruction Fuzzy Hash: C711C831D115286ADB2076B9BC4FBED776CEB49220F100691FE09E2190DA75ED448EE6
                                                                                                                APIs
                                                                                                                  • Part of subcall function 058659CA: GetModuleHandleA.KERNEL32(ntdll.dll), ref: 058659DC
                                                                                                                  • Part of subcall function 05865B22: AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,05865C9C), ref: 05865B55
                                                                                                                  • Part of subcall function 05865B22: CheckTokenMembership.ADVAPI32(00000000,?,05865C9C,?,?,?,?,05865C9C), ref: 05865B6A
                                                                                                                  • Part of subcall function 05865B22: FreeSid.ADVAPI32(?,?,?,?,?,05865C9C), ref: 05865B7A
                                                                                                                • memset.NTDLL ref: 05865CAA
                                                                                                                  • Part of subcall function 05865765: CreateFileA.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0586579A
                                                                                                                  • Part of subcall function 05865765: memset.NTDLL ref: 058657B4
                                                                                                                  • Part of subcall function 05865765: memset.NTDLL ref: 058657C0
                                                                                                                  • Part of subcall function 05865765: DeviceIoControl.KERNELBASE(00000000,002D1400,?,0000000C,058EFE74,00000008,00000004,00000000), ref: 058657ED
                                                                                                                  • Part of subcall function 05865765: DeviceIoControl.KERNELBASE(00000000,002D1400,?,0000000C,00000000,058EFE70,00000004,00000000), ref: 05865822
                                                                                                                  • Part of subcall function 05865765: strlen.NTDLL ref: 0586583A
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,C:\Users\user\AppData\Roaming,00000104,?,?,?,?,?,?,?,?,?,?,?,00000020), ref: 05865D36
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,C:\Windows\System32,00000104,?,?,?,?,?,?,?,?,?,?,?,00000020), ref: 05865D4F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset$ControlDeviceEnvironmentExpandStrings$AllocateCheckCreateFileFreeHandleInitializeMembershipModuleTokenstrlen
                                                                                                                • String ID: %ws$34fbdedc$34fbdedca9ab6c8c1b63381b7ae2961b$C:\Users\user\AppData\Roaming$C:\Windows\System32$Kronos
                                                                                                                • API String ID: 3300733758-876351048
                                                                                                                • Opcode ID: 5eee3fa60ab37097fea4855ae9a32ff2a15fb32eb1f2aebf05380b45e93fdd31
                                                                                                                • Instruction ID: 73e67cb55f64f1b3b2711404735fc2dd1a29b633cd5dc82faab49fd76b5d67a2
                                                                                                                • Opcode Fuzzy Hash: 5eee3fa60ab37097fea4855ae9a32ff2a15fb32eb1f2aebf05380b45e93fdd31
                                                                                                                • Instruction Fuzzy Hash: DB2177B2B403097AD710FB69DC47F9A37B89B41610F400555BF45E6141FAB4BE0487A6
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05862C74: GetTickCount.KERNEL32 ref: 05862C74
                                                                                                                • OpenProcessToken.ADVAPI32(?,00000028,?), ref: 05863A71
                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 05863A82
                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,00000000,00000000), ref: 05863AB1
                                                                                                                • CloseHandle.KERNEL32(?), ref: 05863ABA
                                                                                                                Strings
                                                                                                                • %s%s, xrefs: 058639A9
                                                                                                                • {66FC1451-ED27-40BE-95A1-9AB6A43B0723}, xrefs: 05863997
                                                                                                                • SeDebugPrivilege, xrefs: 05863A7B
                                                                                                                • cfa127dbd2d7558ff13f49252e1bac0ccfa127dbd2d7558ff13f4925, xrefs: 058639B0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Token$AdjustCloseCountHandleLookupOpenPrivilegePrivilegesProcessTickValue
                                                                                                                • String ID: %s%s$SeDebugPrivilege$cfa127dbd2d7558ff13f49252e1bac0ccfa127dbd2d7558ff13f4925${66FC1451-ED27-40BE-95A1-9AB6A43B0723}
                                                                                                                • API String ID: 2549014004-3098502416
                                                                                                                • Opcode ID: 2b4c9dcda6d1ee5952c9fec76e96c0b940d68efd8a868e799c24de9c1a70c9c3
                                                                                                                • Instruction ID: a1d6c6959ad52521d6e8734faaa856d0dd4a75558923547c6a072ec4d5212a99
                                                                                                                • Opcode Fuzzy Hash: 2b4c9dcda6d1ee5952c9fec76e96c0b940d68efd8a868e799c24de9c1a70c9c3
                                                                                                                • Instruction Fuzzy Hash: BA417271744348AFDB14EBB8D80ABAE7BB8EB04704F104419FE55E7280EF75AA048B52
                                                                                                                APIs
                                                                                                                • CreateFileA.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0586579A
                                                                                                                • memset.NTDLL ref: 058657B4
                                                                                                                • memset.NTDLL ref: 058657C0
                                                                                                                • DeviceIoControl.KERNELBASE(00000000,002D1400,?,0000000C,058EFE74,00000008,00000004,00000000), ref: 058657ED
                                                                                                                • DeviceIoControl.KERNELBASE(00000000,002D1400,?,0000000C,00000000,058EFE70,00000004,00000000), ref: 05865822
                                                                                                                • strlen.NTDLL ref: 0586583A
                                                                                                                  • Part of subcall function 05863DC7: Sleep.KERNEL32(00000064,05865808,058EFE70,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 05863DCB
                                                                                                                  • Part of subcall function 05862D30: tolower.NTDLL ref: 05862D6D
                                                                                                                  • Part of subcall function 05862D30: isspace.NTDLL ref: 05862D78
                                                                                                                  • Part of subcall function 05862D30: isprint.NTDLL ref: 05862DC1
                                                                                                                  • Part of subcall function 05862D30: isprint.NTDLL ref: 05862DEE
                                                                                                                • strlen.NTDLL ref: 0586586A
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,05865CBE,058EFE74), ref: 05865896
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ControlDeviceisprintmemsetstrlen$CloseCreateFileHandleSleepisspacetolower
                                                                                                                • String ID:
                                                                                                                • API String ID: 1207682690-0
                                                                                                                • Opcode ID: 3987620fced7de7fd245324d71105be4456d0725ca858181cc0d23889ca04649
                                                                                                                • Instruction ID: ae5d9641fdce4ce099a9090f12f3e45bd46f495dbe77ba8a2313e509bbfeb7fe
                                                                                                                • Opcode Fuzzy Hash: 3987620fced7de7fd245324d71105be4456d0725ca858181cc0d23889ca04649
                                                                                                                • Instruction Fuzzy Hash: DB418276A00208BEDB11ABA9DC49DAFBBBCFF45610F540559FD15E7150EB309E01CB61
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000000), ref: 0585C42A
                                                                                                                • SetWindowsHookExA.USER32(0000000D,0585C27E,00000000), ref: 0585C438
                                                                                                                • WaitForSingleObject.KERNEL32(00000000), ref: 0585C454
                                                                                                                • TranslateMessage.USER32(?), ref: 0585C467
                                                                                                                • DispatchMessageW.USER32(?), ref: 0585C471
                                                                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0585C47E
                                                                                                                • UnhookWindowsHookEx.USER32(?), ref: 0585C489
                                                                                                                • ExitThread.KERNEL32 ref: 0585C490
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Message$HookWindows$DispatchExitHandleModuleObjectSingleThreadTranslateUnhookWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 423656988-0
                                                                                                                • Opcode ID: 33e832bdd500ab65c8c7e2506ab58dd72df9702bd2dfd8309eae2def7fdd518b
                                                                                                                • Instruction ID: 1eb2b1e691b31863a70859d323e6e6eb5c989683eed9075aa0e2bdfb0eec28c0
                                                                                                                • Opcode Fuzzy Hash: 33e832bdd500ab65c8c7e2506ab58dd72df9702bd2dfd8309eae2def7fdd518b
                                                                                                                • Instruction Fuzzy Hash: 2F01EC31511628ABDB116BF29C4DDAF7EBDFF09661B100415FD16D2051EA34ED09CEB1
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,NtQueryInformationProcess,?,?,0583F6E8,00000000), ref: 0583EA67
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0583EA6E
                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,0583F6E8,?,?,0583F6E8,00000000), ref: 0583EA8E
                                                                                                                • NtQueryInformationProcess.NTDLL(00000000,0000001A,00000000,00000004,00000000), ref: 0583EAA3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Process$AddressHandleInformationModuleOpenProcQuery
                                                                                                                • String ID: NtQueryInformationProcess$ntdll.dll
                                                                                                                • API String ID: 2032838785-2906145389
                                                                                                                • Opcode ID: 72a2a1a69ada4f04a39fd6147aa82a69df862dd972ce77684d81d6542659cdc9
                                                                                                                • Instruction ID: 5dad3fb37ea49fcfee18dadcaf81e4c45886fad71fe4cccab9fb3d77a7a297e4
                                                                                                                • Opcode Fuzzy Hash: 72a2a1a69ada4f04a39fd6147aa82a69df862dd972ce77684d81d6542659cdc9
                                                                                                                • Instruction Fuzzy Hash: 8EF03170760208EBEB10DBA6EC4BF657B9DFB05705F004154BD08D6280EA71E940DB50
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CountTick$Sleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 4250438611-0
                                                                                                                • Opcode ID: 752f4bccf1b8b1e56bcd286a71d6fe5c2d504db9715a5dc1a2d8798643719f65
                                                                                                                • Instruction ID: 7ca4f54fec64d108311f71e9bbbc1f58eb602c328c0c690568d3d13ae89cbaf6
                                                                                                                • Opcode Fuzzy Hash: 752f4bccf1b8b1e56bcd286a71d6fe5c2d504db9715a5dc1a2d8798643719f65
                                                                                                                • Instruction Fuzzy Hash: 75418A7060830A9FDB14EF68984AB6E7BE5FF85255F00081DEC92D7281DF34DD498BA2
                                                                                                                APIs
                                                                                                                • CryptAcquireContextA.ADVAPI32(058F0C28,00000000,Microsoft Enhanced RSA and AES Cryptographic Provider,00000018,F0000000,?,?,05868CFA), ref: 0586FB4E
                                                                                                                • CryptAcquireContextA.ADVAPI32(058F0C2C,00000000,Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider,0000000D,F0000000,?,?,05868CFA), ref: 0586FB62
                                                                                                                Strings
                                                                                                                • Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider, xrefs: 0586FB57
                                                                                                                • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 0586FB46
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AcquireContextCrypt
                                                                                                                • String ID: Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider$Microsoft Enhanced RSA and AES Cryptographic Provider
                                                                                                                • API String ID: 3951991833-2824478982
                                                                                                                • Opcode ID: 46d42ed5e891e817f5d5701b59f6cd30dd2d6b98a2efe1e5593c596da38a5e5e
                                                                                                                • Instruction ID: 7f9ef127efdf0c7f37351ee0ade5650a87a384260ad52551254613d94bf89142
                                                                                                                • Opcode Fuzzy Hash: 46d42ed5e891e817f5d5701b59f6cd30dd2d6b98a2efe1e5593c596da38a5e5e
                                                                                                                • Instruction Fuzzy Hash: E3D05E32781614BAE2609641AC0FFCB6EBCCBD9F22F000056B601EA181DAE4A905D3B4
                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 0583F667
                                                                                                                • GetVersionExA.KERNEL32(?), ref: 0583F69D
                                                                                                                • GetNativeSystemInfo.KERNELBASE(?), ref: 0583F6B5
                                                                                                                • GetCurrentProcessId.KERNEL32(0583F99C), ref: 0583F6DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CurrentInfoNativeProcessSystemVersionmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3204798122-0
                                                                                                                • Opcode ID: e0a9902bd64fcd2dee604008a19a9fc0288e561dd33d9cdd841fbb95cbf9e8f4
                                                                                                                • Instruction ID: 69a223680818c61378045b969e7b39b367ede6454ef6d34d880ecd5d2f94c012
                                                                                                                • Opcode Fuzzy Hash: e0a9902bd64fcd2dee604008a19a9fc0288e561dd33d9cdd841fbb95cbf9e8f4
                                                                                                                • Instruction Fuzzy Hash: B911E7B1D14309DEDB54DFB5D84AB9EBAF5BB08304F148169E909E2280FB749A44CFA1
                                                                                                                APIs
                                                                                                                • RtlInitUnicodeString.NTDLL(00000050,00000050), ref: 05865DE8
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                • NtQueryValueKey.NTDLL(00000400,00000000,00000001,00000000,00000400,?), ref: 05865E2A
                                                                                                                  • Part of subcall function 05863DF7: RtlFreeHeap.NTDLL(00000000,?,0586429E,?,?,?,?,00000000), ref: 05863E03
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateFreeInitQueryStringUnicodeValue
                                                                                                                • String ID: 34fbdedc
                                                                                                                • API String ID: 3972067343-543241474
                                                                                                                • Opcode ID: 7d7aa808700a47eb2d17987bdf370105ad298aedb8ad49d2fb96a79f396ebb06
                                                                                                                • Instruction ID: ac0a27b4165095159f33c92e00e22b96a620cac659927e0807748222e4fa6e18
                                                                                                                • Opcode Fuzzy Hash: 7d7aa808700a47eb2d17987bdf370105ad298aedb8ad49d2fb96a79f396ebb06
                                                                                                                • Instruction Fuzzy Hash: 79118B7660020ABBDF21AE68DC89DBFBB7DEB44650B504829FD41D7240DA30DD1587A1
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,@ @ ,?,0040176F,00000000,00000000,40201421,00000000,?,?,00063DB6,00000000,00000000,?,00402040,00000020), ref: 004010F1
                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,0040176F,00000000,00000000,40201421,00000000,?,?,00063DB6,00000000,00000000,?,00402040,00000020), ref: 004010F8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2506816323.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_Payload 94.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                • String ID: @ @
                                                                                                                • API String ID: 3859560861-1225436684
                                                                                                                • Opcode ID: 071671eb097aec964f769e798390ec0ca29eb089bc1e6ad2dc581bdaeb782d3d
                                                                                                                • Instruction ID: 38c1d13575816cdedeaa16661178b63128e7228aa6a8c8f93e360e2deb1cd4f1
                                                                                                                • Opcode Fuzzy Hash: 071671eb097aec964f769e798390ec0ca29eb089bc1e6ad2dc581bdaeb782d3d
                                                                                                                • Instruction Fuzzy Hash: F1B0923A044308BBEA002BE1EF4DB893F2CEB0865AF004020F70D950A0CAB29050CBA9
                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 05855484
                                                                                                                • Sleep.KERNELBASE(00000064,?,058ED6D8,058554BE,058ED6D8,00000005,058ED6D8,058ED6D8,058ED6D8,?,0585B598,0586251F,00000000,05863D9E,00000000), ref: 05855490
                                                                                                                • GetTickCount.KERNEL32 ref: 05855499
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CountTick$Sleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 4250438611-0
                                                                                                                • Opcode ID: f5816464877c3e641ce09d480c8328035e35a762c477dd60f16ad18b4c6cf6e7
                                                                                                                • Instruction ID: 9e227d17fe6f79deb01f57bbbc4662330234062593e57c3271095170b4f25f4d
                                                                                                                • Opcode Fuzzy Hash: f5816464877c3e641ce09d480c8328035e35a762c477dd60f16ad18b4c6cf6e7
                                                                                                                • Instruction Fuzzy Hash: 8CC0A9326046285BC9227B2BA809A0EAB25AFC0632B020011ED00E30008A20AC0489E0
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                • NtQuerySystemInformation.NTDLL(00000005,00000000,00000000,00000000), ref: 058552C2
                                                                                                                • NtQuerySystemInformation.NTDLL(00000005,00000000,00000000,00000000), ref: 058552EC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: InformationQuerySystem$AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 167689314-0
                                                                                                                • Opcode ID: b90077662d9ebc7aab5e25881395fdaaea105d384a49f5396df71d95e681fbef
                                                                                                                • Instruction ID: 30ccef7ad558b59b4661dd85e276960b7fffc7b93b3406d5965d6af12945a4cf
                                                                                                                • Opcode Fuzzy Hash: b90077662d9ebc7aab5e25881395fdaaea105d384a49f5396df71d95e681fbef
                                                                                                                • Instruction Fuzzy Hash: D211B276A04304BBDF219AA9EC45FEE7BB9EB85760F604059EE05D7244EA719E40CB10
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509423119.00000000053E9000.00000040.00000020.00020000.00000000.sdmp, Offset: 053E9000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_53e9000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: t
                                                                                                                • API String ID: 0-2238339752
                                                                                                                • Opcode ID: fa73e9223ec169c552718fe0841fb17e430908a2d4abbd5453aa418122c60c17
                                                                                                                • Instruction ID: 55f7655cb316663443832f07ba233ea0afd5e31164687e93c4701e140fc3f8f9
                                                                                                                • Opcode Fuzzy Hash: fa73e9223ec169c552718fe0841fb17e430908a2d4abbd5453aa418122c60c17
                                                                                                                • Instruction Fuzzy Hash: CF92BE9380E3D45FE71387348C6A7A17FB09B23245F4E01EBC485DB6E3E158A91AC766
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05866679: RtlInitUnicodeString.NTDLL(00000001,05865D80), ref: 05866683
                                                                                                                • NtCreateKey.NTDLL(00000001,?,?,00000000,00000000,00000000,00000000), ref: 05865D93
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateInitStringUnicode
                                                                                                                • String ID:
                                                                                                                • API String ID: 3353634757-0
                                                                                                                • Opcode ID: 54dc21e9750e973a483b989a793c45bf3c69080ef32b25d87a4aca1b60ac8bd5
                                                                                                                • Instruction ID: c2170f295c3b1cebe206ffc31465a8e48bf30085639116f0665ddabd18beaa5b
                                                                                                                • Opcode Fuzzy Hash: 54dc21e9750e973a483b989a793c45bf3c69080ef32b25d87a4aca1b60ac8bd5
                                                                                                                • Instruction Fuzzy Hash: 72E0BFB660010DBFEF056AA5DC49CFF7BBCEB08204B044525FD11E5150FA35D9558BA1
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Close
                                                                                                                • String ID:
                                                                                                                • API String ID: 3535843008-0
                                                                                                                • Opcode ID: 361465b5b703cd8b52b8f3399a2e9833a542bb23bf2cab252656de5d1880adb7
                                                                                                                • Instruction ID: a390f01ba086ddd51ca0c3130b4ba851b5e2f75062513b1637088d31c2d1c107
                                                                                                                • Opcode Fuzzy Hash: 361465b5b703cd8b52b8f3399a2e9833a542bb23bf2cab252656de5d1880adb7
                                                                                                                • Instruction Fuzzy Hash: 66B01234008200EBCF115B00CB0D7197AB0BB80702F048428B449440A087704C40EA02
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: InitializeThunk
                                                                                                                • String ID:
                                                                                                                • API String ID: 2994545307-0
                                                                                                                • Opcode ID: 954461a1e1a06f3974a2755da22d7d1cbe5e69923c6c611c18f8e024d63ba30a
                                                                                                                • Instruction ID: 8dd56e0f1e5e41f4c113600bef511663331be2d04df1e3c515d3f724964432e8
                                                                                                                • Opcode Fuzzy Hash: 954461a1e1a06f3974a2755da22d7d1cbe5e69923c6c611c18f8e024d63ba30a
                                                                                                                • Instruction Fuzzy Hash: 3AA01231100680C6C7057714CA0964C7250AB40900F0049395003818115A340C048801

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 13 583f2f0-583f32d QueryPerformanceFrequency 14 583f333-583f337 13->14 15 583f38a-583f3aa QueryPerformanceCounter * 2 call 5845950 14->15 16 583f339-583f364 call 5845950 InterlockedIncrement CreateThread 14->16 23 583f3d0-583f3e6 15->23 24 583f3ac-583f3b7 15->24 21 583f383-583f384 CloseHandle 16->21 22 583f366-583f373 InterlockedDecrement 16->22 21->15 22->15 27 583f375-583f381 SetEvent 22->27 25 583f549 23->25 26 583f3ec-583f403 23->26 28 583f3c5-583f3cb Sleep 24->28 29 583f3b9-583f3c0 WaitForSingleObject 24->29 32 583f54d-583f553 25->32 30 583f405-583f408 26->30 31 583f42a-583f42c 26->31 27->15 28->14 29->14 33 583f40a-583f419 call 58458d0 30->33 34 583f41d-583f426 call 58458d0 30->34 31->32 37 583f432-583f439 31->37 35 583f555-583f56d GetProcessHeap RtlReAllocateHeap 32->35 36 583f58e-583f594 32->36 33->30 56 583f41b 33->56 34->31 40 583f5cb-583f5dc 35->40 41 583f56f 35->41 42 583f596 36->42 43 583f59b-583f5b2 GetProcessHeap HeapAlloc 36->43 44 583f494-583f4ab call 583eba0 37->44 45 583f43b-583f442 37->45 52 583f5f1-583f5f9 40->52 53 583f5de-583f5ee memcpy 40->53 49 583f570-583f58a Sleep GetProcessHeap HeapReAlloc 41->49 42->43 43->40 51 583f5b4-583f5c9 Sleep GetProcessHeap HeapAlloc 43->51 61 583f4b1-583f4c5 call 583fcf0 44->61 62 583f534-583f543 call 58458d0 44->62 45->44 50 583f444-583f44c 45->50 49->49 57 583f58c 49->57 58 583f455-583f458 50->58 59 583f44e-583f453 50->59 51->40 51->51 52->28 54 583f5ff-583f60b WaitForSingleObject 52->54 53->52 54->14 60 583f611-583f623 54->60 56->31 57->40 63 583f45a-583f472 memset 58->63 59->63 67 583f630-583f636 60->67 68 583f625-583f62e GetProcessHeap HeapFree 60->68 61->25 74 583f4cb-583f4e8 InterlockedIncrement CreateThread 61->74 62->25 62->37 64 583f474-583f478 63->64 65 583f47a-583f48e WideCharToMultiByte 63->65 64->44 65->44 71 583f643-583f64e 67->71 72 583f638-583f641 GetProcessHeap HeapFree 67->72 68->67 72->71 75 583f4ea-583f4f7 InterlockedDecrement 74->75 76 583f52d-583f52e CloseHandle 74->76 77 583f506-583f51a call 586561b 75->77 78 583f4f9-583f500 SetEvent 75->78 76->62 81 583f525-583f52b Sleep 77->81 82 583f51c-583f523 WaitForSingleObject 77->82 78->77 81->62 82->62
                                                                                                                APIs
                                                                                                                • QueryPerformanceFrequency.KERNEL32 ref: 0583F32D
                                                                                                                • InterlockedIncrement.KERNEL32(058F17EC), ref: 0583F34C
                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,0583F1E0,00000000,00000000,00000000), ref: 0583F35C
                                                                                                                • InterlockedDecrement.KERNEL32(058F17EC), ref: 0583F36B
                                                                                                                • SetEvent.KERNEL32(00000390), ref: 0583F37B
                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 0583F384
                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 0583F395
                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 0583F39C
                                                                                                                • WaitForSingleObject.KERNEL32(?,000001F4,?), ref: 0583F3BA
                                                                                                                • Sleep.KERNEL32(00000019), ref: 0583F3C5
                                                                                                                • memset.NTDLL ref: 0583F465
                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000104,00000000,00000000,00000000,771B2F30,00000000), ref: 0583F48E
                                                                                                                • InterlockedIncrement.KERNEL32(058F17EC), ref: 0583F4D0
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,0583F140,00000000,00000000,00000000), ref: 0583F4E0
                                                                                                                • InterlockedDecrement.KERNEL32(058F17EC), ref: 0583F4EF
                                                                                                                • SetEvent.KERNEL32(00000390,?,?,771B2F30,00000000), ref: 0583F500
                                                                                                                • WaitForSingleObject.KERNEL32(?,000001F4,?,?,?,771B2F30,00000000), ref: 0583F51D
                                                                                                                • Sleep.KERNEL32(000001F4,?,?,?,771B2F30,00000000), ref: 0583F525
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,771B2F30,00000000), ref: 0583F52E
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,?), ref: 0583F55E
                                                                                                                • RtlReAllocateHeap.NTDLL(00000000), ref: 0583F565
                                                                                                                • Sleep.KERNEL32(00000032), ref: 0583F572
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0583F57B
                                                                                                                • HeapReAlloc.KERNEL32(00000000), ref: 0583F582
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0583F5A7
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0583F5AA
                                                                                                                • Sleep.KERNEL32(00000032), ref: 0583F5B6
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0583F5BE
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0583F5C1
                                                                                                                • memcpy.NTDLL(00000000,?,?), ref: 0583F5E9
                                                                                                                • WaitForSingleObject.KERNEL32(?,00000019), ref: 0583F600
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0583F627
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 0583F62E
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0583F63A
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 0583F641
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$InterlockedSleep$AllocObjectPerformanceQuerySingleWait$CloseCounterCreateDecrementEventFreeHandleIncrementThread$AllocateByteCharFrequencyMultiWidememcpymemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 854602717-0
                                                                                                                • Opcode ID: 4c19973dad307bd9f35f1099702bc83b3438213288592da5de17b8d98dc1a5ac
                                                                                                                • Instruction ID: f2e7c926ee1f427ae5300f9b73534750fd96795fecec72e47dd1968affd15ea7
                                                                                                                • Opcode Fuzzy Hash: 4c19973dad307bd9f35f1099702bc83b3438213288592da5de17b8d98dc1a5ac
                                                                                                                • Instruction Fuzzy Hash: 5F9161B1A18345ABC7109F65D88E86B7BA9BB84304F44492DFE46D3150EB38ED45CBE2

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,?,00000103), ref: 0585B0E8
                                                                                                                  • Part of subcall function 0586677D: _vsnwprintf.NTDLL ref: 05866792
                                                                                                                • RtlDosPathNameToNtPathName_U.NTDLL(C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},?,00000000,00000000), ref: 0585B12C
                                                                                                                • wcsstr.NTDLL ref: 0585B14A
                                                                                                                • wcsstr.NTDLL ref: 0585B158
                                                                                                                • wcsstr.NTDLL ref: 0585B16B
                                                                                                                • RtlFreeAnsiString.NTDLL(?), ref: 0585B189
                                                                                                                Strings
                                                                                                                • \??\C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}, xrefs: 0585B13A
                                                                                                                • \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run, xrefs: 0585B277
                                                                                                                • {66FC1451-ED27-40BE-95A1-9AB6A43B0723}, xrefs: 0585B0EE, 0585B14F
                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.exe, xrefs: 0585B115, 0585B11A, 0585B149, 0585B154, 0585B16A
                                                                                                                • \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 0585B23F
                                                                                                                • \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion, xrefs: 0585B2AC
                                                                                                                • \Users\user\AppData\Roaming\Microsoft, xrefs: 0585B178
                                                                                                                • 34fbdedc, xrefs: 0585B10A
                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}, xrefs: 0585B0FF, 0585B104, 0585B10F, 0585B12B
                                                                                                                • \REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 0585B218
                                                                                                                • \REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003\SOFTWARE\Microsoft\Windows\CurrentVersion, xrefs: 0585B1B9
                                                                                                                • \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion, xrefs: 0585B1E0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: wcsstr$Path$AnsiEnvironmentExpandFreeNameName_StringStrings_vsnwprintf
                                                                                                                • String ID: 34fbdedc$C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}$C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.exe$\??\C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}$\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion$\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion$\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Run$\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run$\REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003\SOFTWARE\Microsoft\Windows\CurrentVersion$\REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\Windows\CurrentVersion\Run$\Users\user\AppData\Roaming\Microsoft${66FC1451-ED27-40BE-95A1-9AB6A43B0723}
                                                                                                                • API String ID: 527087721-1023363536
                                                                                                                • Opcode ID: cb68d76dc0ce904e219c8e28a4996082a68eacfbea6faefb966a6f7aa134fe9c
                                                                                                                • Instruction ID: a0edf9561d7d4834ae121dac4ec44f89ba3f28445117b08411b3ca671adb1df8
                                                                                                                • Opcode Fuzzy Hash: cb68d76dc0ce904e219c8e28a4996082a68eacfbea6faefb966a6f7aa134fe9c
                                                                                                                • Instruction Fuzzy Hash: F75121B2A5135C7AEB11EAA5DC89EEF77BCDF45600F004192BF09E1141E674AF448BB2

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                  • Part of subcall function 0586677D: _vsnwprintf.NTDLL ref: 05866792
                                                                                                                • GetSidLengthRequired.ADVAPI32(00000001), ref: 05866A9A
                                                                                                                • LocalAlloc.KERNEL32(00000040,00000000), ref: 05866AA3
                                                                                                                • InitializeSid.ADVAPI32(00000000,?,00000001), ref: 05866AB1
                                                                                                                • GetSidSubAuthority.ADVAPI32(00000000,00000000), ref: 05866AB9
                                                                                                                • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 05866AC6
                                                                                                                • SetSecurityDescriptorGroup.ADVAPI32(?,00000000,00000001), ref: 05866AD2
                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 05866ADF
                                                                                                                • memset.NTDLL ref: 05866AEC
                                                                                                                • SetLastError.KERNEL32(00000000), ref: 05866B05
                                                                                                                • CreateMutexW.KERNELBASE(0000000C,00000001,?), ref: 05866B14
                                                                                                                • LocalFree.KERNEL32(00000000), ref: 05866B22
                                                                                                                • GetLastError.KERNEL32 ref: 05866B2E
                                                                                                                • SetLastError.KERNEL32(00000000), ref: 05866B4A
                                                                                                                • OpenMutexW.KERNEL32(00100000,00000000,?), ref: 05866B5A
                                                                                                                • GetLastError.KERNEL32 ref: 05866B64
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 05866B77
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$DescriptorSecurity$InitializeLocalMutex$AllocAuthorityCloseCreateDaclFreeGroupHandleLengthOpenRequired_vsnwprintfmemset
                                                                                                                • String ID: 34fbdedca9ab6c8c1b63381b7ae2961b$Global\%ws
                                                                                                                • API String ID: 26685692-3523969113
                                                                                                                • Opcode ID: be17469f846afcf8185ce06941d281e7245601218e84117e92d243f968b2b8f4
                                                                                                                • Instruction ID: 18a337fe230856422e2da221eee998d86d65e607e2c24ac017edd00c6a8e6753
                                                                                                                • Opcode Fuzzy Hash: be17469f846afcf8185ce06941d281e7245601218e84117e92d243f968b2b8f4
                                                                                                                • Instruction Fuzzy Hash: ED311BB291125CEFDB40ABA59C8DDEE7FBCFB49655F044029FA06E2140EA349A44CB61

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 207 583f8a0-583f8ad 208 583f8af call 583e4d0 207->208 209 583f8be-583f8d6 call 583e960 207->209 212 583f8b4 208->212 214 583f8d8-583f8eb 209->214 215 583f8ee-583f904 209->215 212->209 216 583f906-583f90b call 5840910 215->216 217 583f90d-583f917 call 5840890 215->217 222 583f91a-583f91e 216->222 217->222 223 583fa97-583fa9d 222->223 224 583f924-583f935 call 58433c0 222->224 225 583fa9f-583faa4 call 583e4d0 223->225 226 583faae-583fab5 223->226 233 583f937-583f95a call 5845380 * 2 call 5844f40 224->233 234 583f964-583f97a call 5844f40 call 5844e70 224->234 225->226 230 583fab7-583fac0 CloseHandle 226->230 231 583faca 226->231 230->231 235 583fac2-583fac8 230->235 236 583fad4-583fae6 OpenEventA 231->236 233->234 247 583f980-583f987 call 583e7e0 234->247 248 583fa2b-583fa36 call 5844e10 234->248 235->236 239 583faf6-583faff 236->239 240 583fae8-583faf0 SetEvent CloseHandle 236->240 240->239 255 583fa1a-583fa25 call 5848710 247->255 256 583f98d-583f99e call 583f650 247->256 257 583fa38-583fa3f 248->257 258 583fa8e-583fa94 call 586561b 248->258 255->248 269 583f9a0-583f9b3 CreateEventA 256->269 270 583fa15 call 583e8a0 256->270 262 583fa41-583fa53 EnterCriticalSection 257->262 263 583fa79-583fa81 257->263 258->223 262->263 264 583fa55-583fa77 LeaveCriticalSection DeleteCriticalSection 262->264 263->258 265 583fa83-583fa88 LeaveCriticalSection 263->265 264->258 265->258 269->270 272 583f9b5-583f9c6 CreateEventA 269->272 270->255 273 583f9e9-583f9ef GetLastError 272->273 274 583f9c8-583f9cd call 583f7e0 call 583f2f0 272->274 275 583f9f4-583fa0f call 583e400 WaitForSingleObject CloseHandle 273->275 281 583f9d2-583f9e7 CloseHandle 274->281 275->270 281->275
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0583E4D0: PathCombineA.KERNELBASE(Global\{AD3EBBCA-D942-886C-AD3E-CABB824AEA00},Global\,00000000,00000000), ref: 0583E4FD
                                                                                                                  • Part of subcall function 0583E4D0: PathCombineA.SHLWAPI(Global\{2C240B38-28B0-DE58-2C24-380BA08C4000},Global\,00000000), ref: 0583E514
                                                                                                                  • Part of subcall function 0583E4D0: PathCombineA.SHLWAPI(Global\{9F624598-6310-E9A0-9F62-9845686A6200},Global\,00000000), ref: 0583E52B
                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0583F9AA
                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,Global\{2C240B38-28B0-DE58-2C24-380BA08C4000}), ref: 0583F9BD
                                                                                                                • CloseHandle.KERNEL32(0000039C), ref: 0583F9DB
                                                                                                                • GetLastError.KERNEL32 ref: 0583F9E9
                                                                                                                • WaitForSingleObject.KERNEL32(00000390,000000FF), ref: 0583FA02
                                                                                                                • CloseHandle.KERNEL32(00000390), ref: 0583FA0F
                                                                                                                • EnterCriticalSection.KERNEL32(058F1794), ref: 0583FA46
                                                                                                                • LeaveCriticalSection.KERNEL32(058F1794), ref: 0583FA66
                                                                                                                • DeleteCriticalSection.KERNEL32(058F1794), ref: 0583FA71
                                                                                                                • LeaveCriticalSection.KERNEL32(058F1794), ref: 0583FA88
                                                                                                                • CloseHandle.KERNEL32(00000200), ref: 0583FAB8
                                                                                                                • OpenEventA.KERNEL32(00000002,00000000,Global\{9F624598-6310-E9A0-9F62-9845686A6200}), ref: 0583FADC
                                                                                                                • SetEvent.KERNEL32(00000000), ref: 0583FAE9
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0583FAF0
                                                                                                                Strings
                                                                                                                • {66FC1451-ED27-40BE-95A1-9AB6A43B0723}, xrefs: 0583F8FB
                                                                                                                • Global\{9F624598-6310-E9A0-9F62-9845686A6200}, xrefs: 0583FAD4
                                                                                                                • Global\{2C240B38-28B0-DE58-2C24-380BA08C4000}, xrefs: 0583F9B5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseCriticalEventHandleSection$CombinePath$CreateLeave$DeleteEnterErrorLastObjectOpenSingleWait
                                                                                                                • String ID: Global\{2C240B38-28B0-DE58-2C24-380BA08C4000}$Global\{9F624598-6310-E9A0-9F62-9845686A6200}${66FC1451-ED27-40BE-95A1-9AB6A43B0723}
                                                                                                                • API String ID: 894223453-420760061
                                                                                                                • Opcode ID: 8298b996681926cce044bc6b3357259c4d24726c8153a2a0f2a41badca23139f
                                                                                                                • Instruction ID: c1c3edc4a39f5335937b54e8f88d95ae658036a68f6450badab1b6edfd4109a7
                                                                                                                • Opcode Fuzzy Hash: 8298b996681926cce044bc6b3357259c4d24726c8153a2a0f2a41badca23139f
                                                                                                                • Instruction Fuzzy Hash: F2513375A20309DFC710AFA6E98FE693EA5F708245B404429FE06D7204EF79AC40CBE1

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                  • Part of subcall function 05841C50: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,771ADF60,00000000,771AF380), ref: 05841CB5
                                                                                                                  • Part of subcall function 05841C50: HeapFree.KERNEL32(00000000,?,?,?,?,?,771ADF60,00000000,771AF380), ref: 05841CBC
                                                                                                                  • Part of subcall function 05841C50: GetProcessHeap.KERNEL32(00000000,00000000,?,771ADF60,00000000,771AF380), ref: 05841CC7
                                                                                                                  • Part of subcall function 05841C50: HeapFree.KERNEL32(00000000,?,771ADF60,00000000,771AF380), ref: 05841CCE
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000208,00000000,771AF380,?,?,0583E893), ref: 05841F68
                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,0583E893), ref: 05841F71
                                                                                                                • Sleep.KERNEL32(00000032,?,?,0583E893), ref: 05841F82
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000208,?,?,0583E893), ref: 05841F8F
                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,0583E893), ref: 05841F92
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(%TEMP%\GetX64BTIT.exe,00000000,00000104), ref: 05841FB0
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 05841FE2
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 05841FE5
                                                                                                                • DeleteFileW.KERNELBASE(00000000), ref: 05841FEC
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 05841FF5
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 05841FF8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$Free$Alloc$DeleteEnvironmentExpandFileSleepStrings
                                                                                                                • String ID: %TEMP%\GetX64BTIT.exe
                                                                                                                • API String ID: 3202282783-1594167922
                                                                                                                • Opcode ID: 74878b8346f5f632f41113cbec66bbf34f374a690acf3ba6a21086922641a598
                                                                                                                • Instruction ID: 95866cee95970b9f13114d71310207fe015e85712bde44fd5ed44a7950e1e81f
                                                                                                                • Opcode Fuzzy Hash: 74878b8346f5f632f41113cbec66bbf34f374a690acf3ba6a21086922641a598
                                                                                                                • Instruction Fuzzy Hash: 3721B3B2A587196BC610AB669C4DF5BBB9CAF84651F000518FD58D2240EB34D904CFF3

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 05841E10
                                                                                                                • CreateProcessW.KERNELBASE(05841FD4,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,771AF380,00000000,?), ref: 05841E32
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(%TEMP%\x64btit.txt,00000000,00000104), ref: 05841E5A
                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 05841E75
                                                                                                                • DeleteFileW.KERNELBASE(00000000), ref: 05841EFE
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 05841F07
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 05841F0E
                                                                                                                • CloseHandle.KERNEL32(?), ref: 05841F1E
                                                                                                                • CloseHandle.KERNEL32(?), ref: 05841F24
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleHeapProcess$CreateDeleteEnvironmentExpandFileFreeSleepStringsmemset
                                                                                                                • String ID: %TEMP%\x64btit.txt$D
                                                                                                                • API String ID: 3136079331-2260404175
                                                                                                                • Opcode ID: 610ebc958d05ec2969629245caec717e62a76d52618fb0333f423deea0c78abc
                                                                                                                • Instruction ID: 724f74ac0ebcb1f966d942f4c59a054a0570c526cd6c72498b2a6a4bbd4bc871
                                                                                                                • Opcode Fuzzy Hash: 610ebc958d05ec2969629245caec717e62a76d52618fb0333f423deea0c78abc
                                                                                                                • Instruction Fuzzy Hash: 4E3134B5E102189FCB04DF99D849E9EBBB8FB88311F048169ED19D7350EB34A944CFA1

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 473 585b2c1-585b31a memset * 2 call 5862340 call 586615f 478 585b31d-585b33a call 586615f 473->478 479 585b31c 473->479 482 585b343-585b345 478->482 483 585b33c 478->483 479->478 484 585b347-585b354 wcslen 482->484 485 585b37c-585b380 482->485 483->482 486 585b356 484->486 487 585b358-585b35a 484->487 488 585b3b4-585b3c0 CoCreateGuid 485->488 489 585b382 485->489 486->487 487->485 492 585b35c-585b369 wcslen 487->492 490 585b3c6-585b3da StringFromGUID2 488->490 491 585b3c2-585b3c4 488->491 493 585b388-585b396 call 586677d 489->493 490->491 495 585b3dc-585b3f7 call 5865fdb * 2 490->495 494 585b3ac-585b3b3 491->494 496 585b36d-585b36f 492->496 497 585b36b 492->497 502 585b399-585b3ab call 58667e0 493->502 508 585b3fc-585b402 495->508 496->485 501 585b371-585b375 496->501 497->496 501->488 504 585b377-585b37a 501->504 502->494 504->493 508->502 509 585b404-585b406 ExitProcess 508->509
                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 0585B2DB
                                                                                                                • memset.NTDLL ref: 0585B2EA
                                                                                                                  • Part of subcall function 0586615F: __fprintf_l.LIBCMT ref: 058661B4
                                                                                                                • wcslen.NTDLL ref: 0585B34B
                                                                                                                • wcslen.NTDLL ref: 0585B360
                                                                                                                • CoCreateGuid.COMBASE(?), ref: 0585B3B8
                                                                                                                • StringFromGUID2.OLE32(?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},00000027), ref: 0585B3D2
                                                                                                                • ExitProcess.KERNEL32 ref: 0585B406
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memsetwcslen$CreateExitFromGuidProcessString__fprintf_l
                                                                                                                • String ID: 34fbdedc${66FC1451-ED27-40BE-95A1-9AB6A43B0723}${66FC1451-ED27-40BE-95A1-9AB6A43B0723}
                                                                                                                • API String ID: 539876029-1979827819
                                                                                                                • Opcode ID: 7f362da238a8f0e6cad0ef1d57e43c2bf0f5d231862f8d3809ca3a6854800585
                                                                                                                • Instruction ID: ce05a97a658bc93c4bad39f918a9c8e1fbaf3cd657f251e77817586de837b120
                                                                                                                • Opcode Fuzzy Hash: 7f362da238a8f0e6cad0ef1d57e43c2bf0f5d231862f8d3809ca3a6854800585
                                                                                                                • Instruction Fuzzy Hash: E4318872945329AAEB20DAA59C4DFEF37ECBF14A11F140115BF0AF6141EA60DD448AB2
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000008,00000006,34fbdedc,80000002,05865F95,?,00000006,?), ref: 05865BAD
                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 05865BB4
                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,00000000,00000000), ref: 05865BD2
                                                                                                                • GetLastError.KERNEL32 ref: 05865BD4
                                                                                                                • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 05865BF7
                                                                                                                • ConvertSidToStringSidA.ADVAPI32(00000000,?), ref: 05865C03
                                                                                                                  • Part of subcall function 0586674E: _vsnprintf.NTDLL ref: 05866763
                                                                                                                • CloseHandle.KERNEL32(?), ref: 05865C2F
                                                                                                                • LocalFree.KERNEL32(?), ref: 05865C3D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Token$InformationProcess$CloseConvertCurrentErrorFreeHandleLastLocalOpenString_vsnprintf
                                                                                                                • String ID: 34fbdedc
                                                                                                                • API String ID: 3079345419-543241474
                                                                                                                • Opcode ID: 4be1ed7f9f997888adcc8afee8832f3845a2b6da5ed218616ca176f786c5c933
                                                                                                                • Instruction ID: 90a8d5003f62b8348ea06a2d439e32836352b881cdf5ef0d96b399fc9de0c1f2
                                                                                                                • Opcode Fuzzy Hash: 4be1ed7f9f997888adcc8afee8832f3845a2b6da5ed218616ca176f786c5c933
                                                                                                                • Instruction Fuzzy Hash: 2F213471D0060CFBDF119F9ADD899AEBBB9FF44200F504462F911E1060EB719A809B10
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0583E430: memset.NTDLL ref: 0583E442
                                                                                                                  • Part of subcall function 0583E430: memset.NTDLL ref: 0583E482
                                                                                                                  • Part of subcall function 0583E430: StringFromGUID2.OLE32(?,00000000,00000040,?,?,?,?,?,?,?), ref: 0583E497
                                                                                                                  • Part of subcall function 0583E430: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000001,00000104,00000000,00000000,?,?,?,?,?,?,?), ref: 0583E4B7
                                                                                                                • PathCombineA.KERNELBASE(Global\{AD3EBBCA-D942-886C-AD3E-CABB824AEA00},Global\,00000000,00000000), ref: 0583E4FD
                                                                                                                • PathCombineA.SHLWAPI(Global\{2C240B38-28B0-DE58-2C24-380BA08C4000},Global\,00000000), ref: 0583E514
                                                                                                                • PathCombineA.SHLWAPI(Global\{9F624598-6310-E9A0-9F62-9845686A6200},Global\,00000000), ref: 0583E52B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CombinePath$memset$ByteCharFromMultiStringWide
                                                                                                                • String ID: Global\$Global\{2C240B38-28B0-DE58-2C24-380BA08C4000}$Global\{9F624598-6310-E9A0-9F62-9845686A6200}$Global\{AD3EBBCA-D942-886C-AD3E-CABB824AEA00}
                                                                                                                • API String ID: 1173028536-3089832360
                                                                                                                • Opcode ID: a41af5af5b05baa9707712ab8673fba46dbb74d935e55c7bb71f210ec48ccc55
                                                                                                                • Instruction ID: 0abfa83e81298f11e3d75116eddd045f4e659a419e613ec2162f583179a69fab
                                                                                                                • Opcode Fuzzy Hash: a41af5af5b05baa9707712ab8673fba46dbb74d935e55c7bb71f210ec48ccc55
                                                                                                                • Instruction Fuzzy Hash: 42E030A1B9170435E660316A6C0BFA7364CCBC4A2CF450224FE58E1380A9E56D249AE3
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000004,00000000,00000000,?,?,?,00000000), ref: 05864162
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000), ref: 05864177
                                                                                                                • CloseHandle.KERNELBASE(?,?,?,?,?,00000000), ref: 0586428A
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                • ReadFile.KERNELBASE(?,?,00000000,00000000,00000000,?,?,?,?,00000000), ref: 058641A5
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,00001000,00000040,?,?,?,?,00000000), ref: 058641EB
                                                                                                                • VirtualAllocEx.KERNELBASE(00000000,?,?,?,?,00000000), ref: 058641F2
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00008000,?,?,?,?,00000000), ref: 05864278
                                                                                                                • VirtualFreeEx.KERNEL32(00000000,?,?,?,?,00000000), ref: 0586427F
                                                                                                                  • Part of subcall function 058640A4: memset.NTDLL ref: 058640DD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: File$CurrentProcessVirtual$AllocAllocateCloseCreateFreeHandleHeapReadSizememset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2805314239-0
                                                                                                                • Opcode ID: 35cb8edbbb211e26b957f8993c9f18b8fc0ec455d83881cff245e6297e229098
                                                                                                                • Instruction ID: 979528f42b05402b2bc55a3cfdf9eea7c6bc78065f7f2b7e20933121f0f76edb
                                                                                                                • Opcode Fuzzy Hash: 35cb8edbbb211e26b957f8993c9f18b8fc0ec455d83881cff245e6297e229098
                                                                                                                • Instruction Fuzzy Hash: 17419F72A00208BFDF206BA59CC897E7B79BF44354F244429FE02E7260EB319D448B51
                                                                                                                APIs
                                                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0534024D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509245363.0000000005340000.00000040.00001000.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5340000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID: cess$kernel32.dll
                                                                                                                • API String ID: 4275171209-1230238691
                                                                                                                • Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                                                                                • Instruction ID: 7418a8d31e5763afda5a8c845cf394201eb36a5edf0fc8097205a37ea083bda2
                                                                                                                • Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                                                                                • Instruction Fuzzy Hash: C2526974A01229DFDB64CF68C984BACBBB5BF09304F1480D9E94DAB351DB30AA85DF15
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,0000A7A9,00000000,?,00000000), ref: 0583E5DC
                                                                                                                • RtlAllocateHeap.NTDLL(00000000), ref: 0583E5E5
                                                                                                                • Sleep.KERNEL32(00000032), ref: 0583E5F2
                                                                                                                • GetProcessHeap.KERNEL32(00000000,0000A7A9), ref: 0583E5FF
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0583E602
                                                                                                                • memcpy.NTDLL(00000000,0589F228,0000A7A9), ref: 0583E615
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$AllocAllocateSleepmemcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 4263730352-0
                                                                                                                • Opcode ID: 1698ff130fe4585febaec0a704c6391f8b5ad294c2087405b98ece942e102148
                                                                                                                • Instruction ID: f4140f5b14d2881c3f3c53f4cdb2d894bf884efb8fedfe0e936d768df782fb39
                                                                                                                • Opcode Fuzzy Hash: 1698ff130fe4585febaec0a704c6391f8b5ad294c2087405b98ece942e102148
                                                                                                                • Instruction Fuzzy Hash: D101A73279471477D61066AD9C8AE5EB6ACAB95B50F440221FF1CEB2C0EAA4ED1086D3
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(771ADF60,00000000,771AF380,?,?,?,0583E814,00000000,00000000), ref: 0584222B
                                                                                                                • VirtualAllocEx.KERNELBASE(00000000,?,0583E814,00003000,00000040,?,?,?,0583E814,00000000,00000000), ref: 05842241
                                                                                                                • VirtualAllocEx.KERNEL32(?,00000000,0583E814,00003000,00000040,?,?,?,0583E814,00000000,00000000), ref: 05842260
                                                                                                                • memcpy.NTDLL(00000000,0583E814,?,?,?,?,0583E814,00000000,00000000), ref: 05842284
                                                                                                                • memcpy.NTDLL(00000000,00000000,?), ref: 058422D6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtualmemcpy$CurrentProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 3446346050-0
                                                                                                                • Opcode ID: b3b3151d5cd481c1b4ef55e1ec127eab26804cddc5169aee2323587a3a50cec5
                                                                                                                • Instruction ID: a5eb9677df732b68a16d85111105dd41134245a2348aea94047997a45a6302b2
                                                                                                                • Opcode Fuzzy Hash: b3b3151d5cd481c1b4ef55e1ec127eab26804cddc5169aee2323587a3a50cec5
                                                                                                                • Instruction Fuzzy Hash: 6D317AB5A00219AFCF14CF99D984ABEBBF9FF88310F154159ED05A7300E674AE45CBA0
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0583E650: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 0583E69F
                                                                                                                  • Part of subcall function 0583E650: HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0583E6A6
                                                                                                                  • Part of subcall function 0583E650: GetProcessHeap.KERNEL32(00000000,00000000,?,00000000), ref: 0583E6B8
                                                                                                                  • Part of subcall function 0583E650: HeapFree.KERNEL32(00000000), ref: 0583E6BF
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000), ref: 0583E81F
                                                                                                                • HeapFree.KERNEL32(00000000,?,00000000), ref: 0583E822
                                                                                                                  • Part of subcall function 05841BF0: GetModuleHandleA.KERNEL32(kernel32,BaseThreadInitThunk,0583E829,?,00000000), ref: 05841BFA
                                                                                                                  • Part of subcall function 05841BF0: GetProcAddress.KERNEL32(00000000), ref: 05841C01
                                                                                                                • GetNativeSystemInfo.KERNELBASE(?,00000000), ref: 0583E852
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0583E889
                                                                                                                • RtlFreeHeap.NTDLL(00000000), ref: 0583E88C
                                                                                                                  • Part of subcall function 05842200: GetCurrentProcess.KERNEL32(771ADF60,00000000,771AF380,?,?,?,0583E814,00000000,00000000), ref: 0584222B
                                                                                                                  • Part of subcall function 05842200: VirtualAllocEx.KERNELBASE(00000000,?,0583E814,00003000,00000040,?,?,?,0583E814,00000000,00000000), ref: 05842241
                                                                                                                  • Part of subcall function 05842200: VirtualAllocEx.KERNEL32(?,00000000,0583E814,00003000,00000040,?,?,?,0583E814,00000000,00000000), ref: 05842260
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$Free$AllocVirtual$AddressCurrentHandleInfoModuleNativeProcSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 3510440675-0
                                                                                                                • Opcode ID: 0b8e28e31a85a6143081fdba4d570d9f66dc2e19ee646896355d2a1151e269e7
                                                                                                                • Instruction ID: c453eb60f15685f9cf0fba07fe05f7b25e05b8cfa57f775f83f51bb2a3761e95
                                                                                                                • Opcode Fuzzy Hash: 0b8e28e31a85a6143081fdba4d570d9f66dc2e19ee646896355d2a1151e269e7
                                                                                                                • Instruction Fuzzy Hash: 551112B5D117189ADB50EFF5994A6DEBEF8EB08214F140465ED09E3200F7345A458BE2
                                                                                                                APIs
                                                                                                                • gethostbyname.WS2_32(?), ref: 0586A8C9
                                                                                                                • htons.WS2_32(?), ref: 0586A8E6
                                                                                                                • socket.WS2_32(00000002,00000001,00000006), ref: 0586A911
                                                                                                                • connect.WS2_32(00000000,?,00000010), ref: 0586A927
                                                                                                                • setsockopt.WS2_32(?,0000FFFF,00001006,?,00000004), ref: 0586A960
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: connectgethostbynamehtonssetsockoptsocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 3638968347-0
                                                                                                                • Opcode ID: 0829e41b886bbf0049ec51cd6fcea86d00234529bdafe919170faeef7e00771e
                                                                                                                • Instruction ID: 86ff8c38b66272dd4c8b107a938def9c6d3d04f40350e39df23af44ca48058fd
                                                                                                                • Opcode Fuzzy Hash: 0829e41b886bbf0049ec51cd6fcea86d00234529bdafe919170faeef7e00771e
                                                                                                                • Instruction Fuzzy Hash: 2E21A139600609EFDB208F68D849FAA7BB8FF08320F104215FD22E7291DB71D914CBA1
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,0583E683,?,00000000), ref: 058454DB
                                                                                                                • RtlAllocateHeap.NTDLL(00000000), ref: 058454E4
                                                                                                                • Sleep.KERNEL32(00000032), ref: 058454F2
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 058454FB
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 058454FE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$AllocAllocateSleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 2765950040-0
                                                                                                                • Opcode ID: c04b862b38bf1feb83f2316a22605fdec579b03b56a2e4ea1f0b0018f6f485dd
                                                                                                                • Instruction ID: b47f6a13c0468e8c96ee66cf3ca6631e8913c7a4dcc9face18b07d97abb5f263
                                                                                                                • Opcode Fuzzy Hash: c04b862b38bf1feb83f2316a22605fdec579b03b56a2e4ea1f0b0018f6f485dd
                                                                                                                • Instruction Fuzzy Hash: F8E01272295709A7D650A6EB9C8DF6B6F5CAF84691F150015FF18CA091EF60E804CA70
                                                                                                                APIs
                                                                                                                • inet_addr.WS2_32(00000000), ref: 05862FCA
                                                                                                                • gethostname.WS2_32(?,00000040), ref: 0586301D
                                                                                                                • gethostbyname.WS2_32(?), ref: 0586302B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: gethostbynamegethostnameinet_addr
                                                                                                                • String ID: https://api.ipify.org/
                                                                                                                • API String ID: 842112101-719523312
                                                                                                                • Opcode ID: b616274498cb2b34aa79bd573d4b46264d0e5056672bea9a537d7654e737a323
                                                                                                                • Instruction ID: d1f45bcc9b570118fa00ce40e74b9e35458b386fec86a91690b89eb64a1637e2
                                                                                                                • Opcode Fuzzy Hash: b616274498cb2b34aa79bd573d4b46264d0e5056672bea9a537d7654e737a323
                                                                                                                • Instruction Fuzzy Hash: FE213631508384DFCF128BA88449AE97FE9AF12210F1888D8DC86DB393DB25DD4DC762
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 0586640C
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(%WINDIR%\system32\ntdll.dll,?,00000104), ref: 05866423
                                                                                                                  • Part of subcall function 05864141: CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000004,00000000,00000000,?,?,?,00000000), ref: 05864162
                                                                                                                  • Part of subcall function 05864141: GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000), ref: 05864177
                                                                                                                  • Part of subcall function 05864141: ReadFile.KERNELBASE(?,?,00000000,00000000,00000000,?,?,?,?,00000000), ref: 058641A5
                                                                                                                  • Part of subcall function 05864141: GetCurrentProcess.KERNEL32(00000000,?,00001000,00000040,?,?,?,?,00000000), ref: 058641EB
                                                                                                                  • Part of subcall function 05864141: VirtualAllocEx.KERNELBASE(00000000,?,?,?,?,00000000), ref: 058641F2
                                                                                                                  • Part of subcall function 05866206: GetModuleHandleA.KERNEL32(ntdll.dll,?,00000000,00000000,?,05866445,00000000), ref: 05866211
                                                                                                                  • Part of subcall function 05864379: GetCurrentProcess.KERNEL32(00000000,00000000,00008000,0586644B,00000000,00000000), ref: 0586438B
                                                                                                                  • Part of subcall function 05864379: VirtualFreeEx.KERNELBASE(00000000), ref: 05864392
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: File$CurrentHandleModuleProcessVirtual$AllocCreateEnvironmentExpandFreeReadSizeStrings
                                                                                                                • String ID: %WINDIR%\system32\ntdll.dll$ntdll.dll
                                                                                                                • API String ID: 2848292310-3347446343
                                                                                                                • Opcode ID: 7bb749b7b490c3ee865d3dab27c23da8c6a9da2674043bed9432eb5a96b789c0
                                                                                                                • Instruction ID: 99d57df45bd790724a457bb6fb24f50af65abd94a32b846945e11d841bad86b6
                                                                                                                • Opcode Fuzzy Hash: 7bb749b7b490c3ee865d3dab27c23da8c6a9da2674043bed9432eb5a96b789c0
                                                                                                                • Instruction Fuzzy Hash: 04F0EC77505769AEE7207765AC4EF893BACDB00620F200112FD11D6181FA64AD4486D5
                                                                                                                APIs
                                                                                                                • CreateMutexA.KERNELBASE(00000000,00000001,Global\{AD3EBBCA-D942-886C-AD3E-CABB824AEA00},0583FC9D,0585BF70,?,?,?,?,?,?,?,?,?), ref: 0583E98A
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 0583E999
                                                                                                                  • Part of subcall function 0583E4D0: PathCombineA.KERNELBASE(Global\{AD3EBBCA-D942-886C-AD3E-CABB824AEA00},Global\,00000000,00000000), ref: 0583E4FD
                                                                                                                  • Part of subcall function 0583E4D0: PathCombineA.SHLWAPI(Global\{2C240B38-28B0-DE58-2C24-380BA08C4000},Global\,00000000), ref: 0583E514
                                                                                                                  • Part of subcall function 0583E4D0: PathCombineA.SHLWAPI(Global\{9F624598-6310-E9A0-9F62-9845686A6200},Global\,00000000), ref: 0583E52B
                                                                                                                • CloseHandle.KERNEL32(00000200,?,?,?,?,?,?,?,?,?), ref: 0583E9B6
                                                                                                                Strings
                                                                                                                • Global\{AD3EBBCA-D942-886C-AD3E-CABB824AEA00}, xrefs: 0583E981
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CombinePath$CloseCreateErrorHandleLastMutex
                                                                                                                • String ID: Global\{AD3EBBCA-D942-886C-AD3E-CABB824AEA00}
                                                                                                                • API String ID: 3867597102-437360422
                                                                                                                • Opcode ID: 39564b6d7d1eb4dcd908412e51dd382bc389137dccd421a6195a33ad9c4db0bf
                                                                                                                • Instruction ID: 0c9da92b0dcf36c7e79fcf6e102c74282b8259ae78608ceedb01a6e175d8664b
                                                                                                                • Opcode Fuzzy Hash: 39564b6d7d1eb4dcd908412e51dd382bc389137dccd421a6195a33ad9c4db0bf
                                                                                                                • Instruction Fuzzy Hash: F0F01C70624708CAEF60AB66D40FB553E99F758785F400064FC0AD1988EFB9E844C751
                                                                                                                APIs
                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 05871F27
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Startup
                                                                                                                • String ID: time-a-g.nist.gov$time-a.nist.gov$time.nist.gov
                                                                                                                • API String ID: 724789610-4182349721
                                                                                                                • Opcode ID: b29bbca678a73d80ea81b33e314acb32ef90aeb5d36d13d053c51baf4ec58d63
                                                                                                                • Instruction ID: 859dcf9e0e08e6c49fa5740773677b3decd82c945adcca39aedf04e09da3b2b5
                                                                                                                • Opcode Fuzzy Hash: b29bbca678a73d80ea81b33e314acb32ef90aeb5d36d13d053c51baf4ec58d63
                                                                                                                • Instruction Fuzzy Hash: EBE04875A0830CAAE714DAA0A84DAADBBBC9705304F004495DD59E6581E730DA488B91
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0586A3FF: strlen.MSVCRT ref: 0586A40A
                                                                                                                  • Part of subcall function 05865604: GetProcessHeap.KERNEL32(00000000,058BF30C,?,0585873F,00000010,00000000,00000001,00000000,00000001,00000000,00000000,00000001,00000000,00000001,058BF30C,058BF2F8), ref: 0586560C
                                                                                                                  • Part of subcall function 05865604: RtlAllocateHeap.NTDLL(00000000,?,0585873F,00000010,00000000,00000001,00000000,00000001,00000000,00000000,00000001,00000000,00000001,058BF30C,058BF2F8), ref: 05865613
                                                                                                                • memcpy.NTDLL(00000000,00000000,00000000,), ref: 058694FB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateProcessmemcpystrlen
                                                                                                                • String ID: $GET %s HTTP/1.0Host: %s$https://
                                                                                                                • API String ID: 59146661-900887908
                                                                                                                • Opcode ID: b89cf825bd731342a9925842e3660647ff04072e0f77cfeb0f0974b5b5c2aa25
                                                                                                                • Instruction ID: b7ef122bf8f1750af9ab68ef6406647f850eb154a16f337f29f41c7639da624e
                                                                                                                • Opcode Fuzzy Hash: b89cf825bd731342a9925842e3660647ff04072e0f77cfeb0f0974b5b5c2aa25
                                                                                                                • Instruction Fuzzy Hash: 68610071A10219DBCF14EFA8CC559EEB779BF55210F000169ED05EB1D0EE715E09CB92
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,00003000,00000004,771ADF60,00000000,771AF380,?,?,0583E87E,00000000), ref: 05842160
                                                                                                                • VirtualAllocEx.KERNELBASE(00000000,?,?,0583E87E,00000000), ref: 05842167
                                                                                                                • memcpy.NTDLL(00000000,0583E87E,?,?,?,0583E87E,00000000), ref: 05842186
                                                                                                                • memcpy.NTDLL(00000000,00000000,?), ref: 058421D7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$AllocCurrentProcessVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 855213173-0
                                                                                                                • Opcode ID: 6cb173fdc9a89cddefbd42939a4afe8ef1cc0131d7138df88b8e550aa7459d4c
                                                                                                                • Instruction ID: 245193e5803708e72a007a9267b3348267affd7b042ae4e0a2256876ab8649ce
                                                                                                                • Opcode Fuzzy Hash: 6cb173fdc9a89cddefbd42939a4afe8ef1cc0131d7138df88b8e550aa7459d4c
                                                                                                                • Instruction Fuzzy Hash: AB219F75A00219ABCB10DF99DC84AAEFBB9FF84314F044599EE06A7340D771BA45CBA1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05845950: GetModuleHandleA.KERNEL32(ntdll.dll,NtQuerySystemInformation,00000005,00000000,?,771B2F30,00000000,771ADF40,00000000,?,?,0583F3A8,?), ref: 058459B2
                                                                                                                  • Part of subcall function 05845950: GetProcAddress.KERNEL32(00000000), ref: 058459B9
                                                                                                                  • Part of subcall function 05845950: NtQuerySystemInformation.NTDLL(?,?,0583F3A8,?), ref: 058459BF
                                                                                                                  • Part of subcall function 05845950: GetProcessHeap.KERNEL32(00000000,00008000,771B2F30,?,?,0583F3A8,?), ref: 058459EE
                                                                                                                  • Part of subcall function 05845950: RtlReAllocateHeap.NTDLL(00000000,?,?,0583F3A8,?), ref: 058459F1
                                                                                                                  • Part of subcall function 05845950: Sleep.KERNEL32(00000032,?,?,0583F3A8,?), ref: 05845A02
                                                                                                                  • Part of subcall function 05845950: GetProcessHeap.KERNEL32(00000000,00008000,00000000,?,?,0583F3A8,?), ref: 05845A0F
                                                                                                                  • Part of subcall function 05845950: HeapReAlloc.KERNEL32(00000000,?,?,0583F3A8,?), ref: 05845A12
                                                                                                                  • Part of subcall function 05845950: GetModuleHandleA.KERNEL32(ntdll.dll,NtQuerySystemInformation,00000005,00000000,?,771B2F30,?,?,0583F3A8,?), ref: 05845A8E
                                                                                                                  • Part of subcall function 05845950: GetProcAddress.KERNEL32(00000000), ref: 05845A95
                                                                                                                  • Part of subcall function 05845950: NtQuerySystemInformation.NTDLL(?,?,0583F3A8,?), ref: 05845A9B
                                                                                                                • InterlockedDecrement.KERNEL32(058F17EC), ref: 0583F2AE
                                                                                                                • SetEvent.KERNEL32(00000390), ref: 0583F2BE
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0583F2CA
                                                                                                                • RtlFreeHeap.NTDLL(00000000), ref: 0583F2D1
                                                                                                                  • Part of subcall function 05845850: memset.NTDLL ref: 0584588B
                                                                                                                  • Part of subcall function 0583EBA0: GetCurrentProcessId.KERNEL32(00000000), ref: 0583EBAD
                                                                                                                  • Part of subcall function 05845850: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,00000000,00000010,00000104,00000000,00000000,?,0583FD99,?), ref: 058458B8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$AddressHandleInformationModuleProcQuerySystem$AllocAllocateByteCharCurrentDecrementEventFreeInterlockedMultiSleepWidememset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1638720508-0
                                                                                                                • Opcode ID: a7d8b300a8b466644eb474ebdb485788c252dd2cda7643da99032e3cc76d6ef1
                                                                                                                • Instruction ID: 37e2d1b729461025df5159f788033b68450f93c99115afc1e5305c1ccc9b4af7
                                                                                                                • Opcode Fuzzy Hash: a7d8b300a8b466644eb474ebdb485788c252dd2cda7643da99032e3cc76d6ef1
                                                                                                                • Instruction Fuzzy Hash: E2214F75A183059BC310DF6AD889A9FBBE8BB88714F40091DF999D3250DB74D909CBE3
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00000000,771B0F00,?,?,05841E8E,05841FD4,?), ref: 05841D6A
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,05841E8E,05841FD4,?), ref: 05841D79
                                                                                                                • CloseHandle.KERNELBASE(00000000,?,?,05841E8E,05841FD4,?), ref: 05841DB9
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,?,?,00000000,?,?,?,05841E8E,05841FD4,?), ref: 05841DA1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: File$Heap$AllocateCloseCreateHandleProcessReadSize
                                                                                                                • String ID:
                                                                                                                • API String ID: 2517252058-0
                                                                                                                • Opcode ID: 2612c045f5b1f212be619734c7dc2601dea64767b6322dc259115d7944803423
                                                                                                                • Instruction ID: 0d56f3847ea69465bba561122ef6c0ce012eeb491bf3e34a6ea360568fe1ba83
                                                                                                                • Opcode Fuzzy Hash: 2612c045f5b1f212be619734c7dc2601dea64767b6322dc259115d7944803423
                                                                                                                • Instruction Fuzzy Hash: F61198B560060C6FDB109A599C8DEBF776DFB85265F504275FC06D3240EA31DE41CAA1
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 0586281E
                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00000000,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 0586282E
                                                                                                                • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 0586286A
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 05862853
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: File$Heap$AllocateCloseCreateHandleProcessReadSize
                                                                                                                • String ID:
                                                                                                                • API String ID: 2517252058-0
                                                                                                                • Opcode ID: 91af0a7982a1e0423c52a31dd85c17fcc90c6d09c7ff3d474aeb4aa7014a5816
                                                                                                                • Instruction ID: ea2adbc6bb605493277e11befade3c4caa751eae0a38ec95d7a60c5d662332ec
                                                                                                                • Opcode Fuzzy Hash: 91af0a7982a1e0423c52a31dd85c17fcc90c6d09c7ff3d474aeb4aa7014a5816
                                                                                                                • Instruction Fuzzy Hash: 34111275900208FBCB219F5ADC89D9EBF79FB85711F10859AFC17E6280D6319E40CA60
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(?,058F17F4,00000002,?,771ADF60,00000000,?,?,0583E898), ref: 0583E56D
                                                                                                                • WriteProcessMemory.KERNELBASE(00000000,?,?,0583E898), ref: 0583E576
                                                                                                                • GetCurrentProcess.KERNEL32(?,058F17F4,00000002,?,?,?,0583E898), ref: 0583E5A7
                                                                                                                • WriteProcessMemory.KERNELBASE(00000000,?,?,0583E898), ref: 0583E5AA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Process$CurrentMemoryWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 4081199588-0
                                                                                                                • Opcode ID: 482cae9d9fe44ead28467fe0fad18349b9c0a9831e222d98416cb38d3d9d3071
                                                                                                                • Instruction ID: 6d1ab4fa43c2514f903a9799c4f7dbee2826005dd246c02c5b9d216810fdb17f
                                                                                                                • Opcode Fuzzy Hash: 482cae9d9fe44ead28467fe0fad18349b9c0a9831e222d98416cb38d3d9d3071
                                                                                                                • Instruction Fuzzy Hash: F701A73271020A9BCB14DBADEC4AEB677ECEB88614B04055AFD05C7245FAB5E942C7E0
                                                                                                                APIs
                                                                                                                • InitializeCriticalSection.KERNEL32(058EDC2C,?,?,0585B5EC,0586251F,00000000,05863D9E,00000000), ref: 0585CB16
                                                                                                                • InitializeCriticalSection.KERNEL32(058EDC14,?,?,0585B5EC,0586251F,00000000,05863D9E,00000000), ref: 0585CB1D
                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,0585B5EC,0586251F,00000000,05863D9E,00000000), ref: 0585CB24
                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,0585C83D,00000000,00000000,00000000), ref: 0585CB3D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateCriticalInitializeSection$EventThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1298727074-0
                                                                                                                • Opcode ID: 53f63f3f276e4c4794da3949ae5e775ceb86071cbaa5c1333d15823ab4663940
                                                                                                                • Instruction ID: 8ea33deefcffe008710abc3cc7e3297ce4aa018c3dc9ef1f9078a6660284a24c
                                                                                                                • Opcode Fuzzy Hash: 53f63f3f276e4c4794da3949ae5e775ceb86071cbaa5c1333d15823ab4663940
                                                                                                                • Instruction Fuzzy Hash: 2AE065B052636C7EE6102B716CCED263EBCD7052D9B005429BD01EA301DEF96C488EB1
                                                                                                                APIs
                                                                                                                • inet_addr.WS2_32(127.0.0.1), ref: 05844EB5
                                                                                                                • Sleep.KERNEL32(00000032,00007FFF,00000000,05844900,127.0.0.1,00000000,?,00000000,?,?,0583F978), ref: 05844EFB
                                                                                                                  • Part of subcall function 05845380: InitializeCriticalSection.KERNEL32(00000010,0583F978), ref: 058453A7
                                                                                                                  • Part of subcall function 05845380: Sleep.KERNEL32(00000032,00000000,0583F978), ref: 058453C2
                                                                                                                  • Part of subcall function 05845380: InitializeCriticalSection.KERNEL32(00000010), ref: 058453E7
                                                                                                                  • Part of subcall function 05844F40: EnterCriticalSection.KERNEL32(053E4670,0583F970,0000000A,0583F7A0), ref: 05844F4F
                                                                                                                  • Part of subcall function 05844F40: LeaveCriticalSection.KERNEL32(053E4670), ref: 05844F83
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$InitializeSleep$EnterLeaveinet_addr
                                                                                                                • String ID: 127.0.0.1
                                                                                                                • API String ID: 2312217813-3619153832
                                                                                                                • Opcode ID: 051efdd2a9404c6cb69834b20d7ef9a312a3a8deb6209b649afb00e8d70119d0
                                                                                                                • Instruction ID: e71f09a7e5b51b5e0c015ed3d4cd2b7ab61bfa1ead9861483233ecbf74822ffd
                                                                                                                • Opcode Fuzzy Hash: 051efdd2a9404c6cb69834b20d7ef9a312a3a8deb6209b649afb00e8d70119d0
                                                                                                                • Instruction Fuzzy Hash: 8411827263031996C710AB79FC0FF5A7AD8EB09264B104535EC44E2250EF75A940CFE6
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0583E5C0: GetProcessHeap.KERNEL32(00000000,0000A7A9,00000000,?,00000000), ref: 0583E5DC
                                                                                                                  • Part of subcall function 0583E5C0: RtlAllocateHeap.NTDLL(00000000), ref: 0583E5E5
                                                                                                                  • Part of subcall function 0583E5C0: Sleep.KERNEL32(00000032), ref: 0583E5F2
                                                                                                                  • Part of subcall function 0583E5C0: GetProcessHeap.KERNEL32(00000000,0000A7A9), ref: 0583E5FF
                                                                                                                  • Part of subcall function 0583E5C0: HeapAlloc.KERNEL32(00000000), ref: 0583E602
                                                                                                                  • Part of subcall function 0583E5C0: memcpy.NTDLL(00000000,0589F228,0000A7A9), ref: 0583E615
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 0583E69F
                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0583E6A6
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000), ref: 0583E6B8
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 0583E6BF
                                                                                                                  • Part of subcall function 058454D0: GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,0583E683,?,00000000), ref: 058454DB
                                                                                                                  • Part of subcall function 058454D0: RtlAllocateHeap.NTDLL(00000000), ref: 058454E4
                                                                                                                  • Part of subcall function 058454D0: Sleep.KERNEL32(00000032), ref: 058454F2
                                                                                                                  • Part of subcall function 058454D0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 058454FB
                                                                                                                  • Part of subcall function 058454D0: HeapAlloc.KERNEL32(00000000), ref: 058454FE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$AllocAllocateFreeSleep$memcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 2929509102-0
                                                                                                                • Opcode ID: 9ddb7ab37cfb2203f348f215b749fa7e8c2766f2001611f73d5bd1ad456c3a30
                                                                                                                • Instruction ID: 507f58a00a0a3f03ee56a31843a414c6e14a89cde180e4c976040890c6ee319f
                                                                                                                • Opcode Fuzzy Hash: 9ddb7ab37cfb2203f348f215b749fa7e8c2766f2001611f73d5bd1ad456c3a30
                                                                                                                • Instruction Fuzzy Hash: 8701FCB161520867D7206BAE9C4EEAF7A9DDBC4621F140160FD1AC7240FD759D018AE2
                                                                                                                APIs
                                                                                                                • _chkstk.NTDLL(?,0585BFD1,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg,058EDBC4,00000000,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg,00000103,%ws\%ws.cfg,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 05862A6C
                                                                                                                  • Part of subcall function 05855F12: memcpy.NTDLL(?,?,?,?,00000000,?,ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e,00000038,?,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg,?,?,0585BFD1,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg,058EDBC4), ref: 05855F4A
                                                                                                                  • Part of subcall function 05855F12: memcpy.NTDLL(?,058766D8,00000048,?,?,?,?,00000000,?,ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e,00000038,?,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg), ref: 05855F5A
                                                                                                                  • Part of subcall function 05855F12: memcpy.NTDLL(?,05876720,00001000,?,058766D8,00000048,?,?,?,?,00000000,?,ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e,00000038,?), ref: 05855F6D
                                                                                                                  • Part of subcall function 058627FF: CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 0586281E
                                                                                                                  • Part of subcall function 058627FF: GetFileSize.KERNEL32(00000000,00000000,00000000,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 0586282E
                                                                                                                  • Part of subcall function 058627FF: ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 05862853
                                                                                                                  • Part of subcall function 058627FF: CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 0586286A
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg, xrefs: 05862A72
                                                                                                                • ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e, xrefs: 05862A7C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Filememcpy$CloseCreateHandleReadSize_chkstk
                                                                                                                • String ID: C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg$ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e
                                                                                                                • API String ID: 2336435688-673904601
                                                                                                                • Opcode ID: 0ded6455e9f3b0985e99cf55cb090cc23f29c33c9846a631b4439c5e992553cb
                                                                                                                • Instruction ID: 25448f8b2ab62ce7250de9686abb5cbe5c71e6b2650f2847de2d35bcf03f9856
                                                                                                                • Opcode Fuzzy Hash: 0ded6455e9f3b0985e99cf55cb090cc23f29c33c9846a631b4439c5e992553cb
                                                                                                                • Instruction Fuzzy Hash: 87115175A01229ABDB11DF99DC809DEBBBCEF44751F1040A6FD46E7240DAB05F40DB91
                                                                                                                APIs
                                                                                                                • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000002,00000000,00000000,771AF380,00000000,?,?,?,05841FC3,?,?), ref: 05841D08
                                                                                                                • WriteFile.KERNELBASE(00000000,?,00000000,?,00000000,?,?,05841FC3,?,?), ref: 05841D20
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,05841FC3,?,?), ref: 05841D35
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: File$CloseCreateHandleWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 1065093856-0
                                                                                                                • Opcode ID: b95ccf7c61dccf2fa995f68cc722eb9a662217083a5218186c7f920ce44997bb
                                                                                                                • Instruction ID: 9d52fbd9eca45ffb6b9bfea5a6dbb3476dc253463ab19204ef327de184dabc23
                                                                                                                • Opcode Fuzzy Hash: b95ccf7c61dccf2fa995f68cc722eb9a662217083a5218186c7f920ce44997bb
                                                                                                                • Instruction Fuzzy Hash: C7F01DB66015187AE6205A56DC8DEEB7A3CEBC6661F504229FD19D3140E6309D41CAB0
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0586677D: _vsnwprintf.NTDLL ref: 05866792
                                                                                                                • LoadLibraryW.KERNELBASE(?), ref: 05868127
                                                                                                                  • Part of subcall function 05864141: CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000004,00000000,00000000,?,?,?,00000000), ref: 05864162
                                                                                                                  • Part of subcall function 05864141: GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000), ref: 05864177
                                                                                                                  • Part of subcall function 05864141: ReadFile.KERNELBASE(?,?,00000000,00000000,00000000,?,?,?,?,00000000), ref: 058641A5
                                                                                                                  • Part of subcall function 05864141: GetCurrentProcess.KERNEL32(00000000,?,00001000,00000040,?,?,?,?,00000000), ref: 058641EB
                                                                                                                  • Part of subcall function 05864141: VirtualAllocEx.KERNELBASE(00000000,?,?,?,?,00000000), ref: 058641F2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: File$AllocCreateCurrentLibraryLoadProcessReadSizeVirtual_vsnwprintf
                                                                                                                • String ID: C:\Windows\System32
                                                                                                                • API String ID: 3965142754-1441273298
                                                                                                                • Opcode ID: 7ed462ad51c6c894fff21b48953470f1745e6c21d952b95cbff91e7ab61bae5d
                                                                                                                • Instruction ID: 3b8e5122896f5c9a075e7784caaa7092e7c2f412f7e4ce96d7128052f2722169
                                                                                                                • Opcode Fuzzy Hash: 7ed462ad51c6c894fff21b48953470f1745e6c21d952b95cbff91e7ab61bae5d
                                                                                                                • Instruction Fuzzy Hash: 4311A7B2B11208EBEF10ABA4EC4EE997BA8AB08211F100265FD05D1150FFB1FA408B91
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509123955.00000000051BD000.00000080.00000001.01000000.00000003.sdmp, Offset: 051BD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_51bd000_Payload 94.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 89a4b68f4ccb7b7dc38596af819b074d0d195a1c330dc271c1f2d922c5166861
                                                                                                                • Instruction ID: 73d96c94ff4c51cf742c591e61aa858467d427afae3660ade923cbe9dfca99b4
                                                                                                                • Opcode Fuzzy Hash: 89a4b68f4ccb7b7dc38596af819b074d0d195a1c330dc271c1f2d922c5166861
                                                                                                                • Instruction Fuzzy Hash: 61514BB26443525BE7289EB8ECC4BF47B95EB02224718073CC5E2CB7D6E7E468068752
                                                                                                                APIs
                                                                                                                • _chkstk.NTDLL(?,058633EE,?,?,?,00000001,?,?,00000001,?,?,?,00000001), ref: 0586306B
                                                                                                                  • Part of subcall function 05857C3E: memcpy.NTDLL(?,?,0000004F,?,?,?,?,?,?,?,?,05863086,058EE818,00000001,771B0440,771A83C0), ref: 05857CE6
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                Strings
                                                                                                                • cfa127dbd2d7558ff13f49252e1bac0ccfa127dbd2d7558ff13f4925, xrefs: 0586311A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap_chkstkmemcpy
                                                                                                                • String ID: cfa127dbd2d7558ff13f49252e1bac0ccfa127dbd2d7558ff13f4925
                                                                                                                • API String ID: 2666408987-4112028522
                                                                                                                • Opcode ID: f1d740b28b4ca49cc20c933e33ca6069b473b91d34764c1d996a6dfc5851d106
                                                                                                                • Instruction ID: 970e26a2942bbf9c62514bdaba5034f702f9e112edf459b4a45585836507f08a
                                                                                                                • Opcode Fuzzy Hash: f1d740b28b4ca49cc20c933e33ca6069b473b91d34764c1d996a6dfc5851d106
                                                                                                                • Instruction Fuzzy Hash: F341B576A00358AADB11EBA8CC55EFE7B79EF40214F044069FE16E7280DE319E45C7E2
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • {66FC1451-ED27-40BE-95A1-9AB6A43B0723}, xrefs: 05865FE4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: wcslen
                                                                                                                • String ID: {66FC1451-ED27-40BE-95A1-9AB6A43B0723}
                                                                                                                • API String ID: 4088430540-2914161000
                                                                                                                • Opcode ID: b463521601e589b92366941e2893ea3ce2a434ad8e61c2d1aaeabf794a40077d
                                                                                                                • Instruction ID: 5587f7afcc727db6cc096324344d44e700c2af3830b9e3b2b6e3ab1883ace301
                                                                                                                • Opcode Fuzzy Hash: b463521601e589b92366941e2893ea3ce2a434ad8e61c2d1aaeabf794a40077d
                                                                                                                • Instruction Fuzzy Hash: 8B018CB2900269FBDF22AE94DD0AEBE7769AB04300F544170BE44E1091E7319E64DBC2
                                                                                                                APIs
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 053EA24E
                                                                                                                • Module32First.KERNEL32(00000000,00000224), ref: 053EA26E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509423119.00000000053E9000.00000040.00000020.00020000.00000000.sdmp, Offset: 053E9000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_53e9000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                • String ID:
                                                                                                                • API String ID: 3833638111-0
                                                                                                                • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                • Instruction ID: bc8b693651ea2195ab55293d2c7d3beccefc08857b249705bccebc0d89088b87
                                                                                                                • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                • Instruction Fuzzy Hash: 02F096326007246FD7203BF5988CB7F76E8BF89625F100568E647A10C0DBB1E9854661
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • Microsoft Unified Security Protocol Provider, xrefs: 0586F74B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset
                                                                                                                • String ID: Microsoft Unified Security Protocol Provider
                                                                                                                • API String ID: 2221118986-238809041
                                                                                                                • Opcode ID: 17913ab5190f13773618893a38c5adc1364b291f7f3a43aca77adfc5f9df1fcd
                                                                                                                • Instruction ID: e0d689db0ea21d760fb28744b250cb3eaa40e566799f2a725ea4c37c0765a7ae
                                                                                                                • Opcode Fuzzy Hash: 17913ab5190f13773618893a38c5adc1364b291f7f3a43aca77adfc5f9df1fcd
                                                                                                                • Instruction Fuzzy Hash: 48E06D326012487BC730AA5AEC4EE8F7FFCDBC6B24F000159FA08E2142DA709914C6B1
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2506816323.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_Payload 94.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountExitProcessTick
                                                                                                                • String ID:
                                                                                                                • API String ID: 232575682-0
                                                                                                                • Opcode ID: 903edec087f7d4e381ac1192418493f25c0ce307b70192501ffc50f8109b0c43
                                                                                                                • Instruction ID: 5d58599641d5611c2fac8609cfafdc3c33645898c025597f7073a044a6ebf94b
                                                                                                                • Opcode Fuzzy Hash: 903edec087f7d4e381ac1192418493f25c0ce307b70192501ffc50f8109b0c43
                                                                                                                • Instruction Fuzzy Hash: 0AE04F3180030456EB187BF69D4EB9977A95B85315F08442AE600761E1CE7D80468669
                                                                                                                APIs
                                                                                                                • TerminateThread.KERNELBASE(00000000,00000000,?,0586C41B), ref: 0587005F
                                                                                                                • CloseHandle.KERNEL32(00000000,?,0586C41B), ref: 05870068
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleTerminateThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2476175854-0
                                                                                                                • Opcode ID: 1c7a5d322bd5eb6d62f2a6f02b3357cd1a92a07cae1448d5fd42236d89eb63ff
                                                                                                                • Instruction ID: 54fb82f0a05a3edf1b8e729d908fc65feb6b435e5cd8ec2f1754e40c4b0a6fc3
                                                                                                                • Opcode Fuzzy Hash: 1c7a5d322bd5eb6d62f2a6f02b3357cd1a92a07cae1448d5fd42236d89eb63ff
                                                                                                                • Instruction Fuzzy Hash: FEE08C31025B04CFE7314B20E90EB527FE0AB04726F00C80CF4A7854A1D7B9E895CF00
                                                                                                                APIs
                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,0585BE9A,00000000,00000000,00000000), ref: 0585BEC3
                                                                                                                • CloseHandle.KERNELBASE(00000000,0585C019), ref: 0585BED9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreateHandleThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 3032276028-0
                                                                                                                • Opcode ID: 050d94246e808279812b795f6105182283b3e0ce0dcabe51b9b893d703d27f74
                                                                                                                • Instruction ID: 94cfef74a927def6936f4dcd928d24deaf0c57e3ec13c3bfbcc97f770de62008
                                                                                                                • Opcode Fuzzy Hash: 050d94246e808279812b795f6105182283b3e0ce0dcabe51b9b893d703d27f74
                                                                                                                • Instruction Fuzzy Hash: 63D0C9705135347A87205A575C0EECB7D5CFF527B27144014FD0FE1040DA659804CAF0
                                                                                                                APIs
                                                                                                                • GetForegroundWindow.USER32(771B0440,05863381,?,00000100,?,?,?,00000001), ref: 058538AD
                                                                                                                • GetWindowTextA.USER32(00000000,?,?), ref: 058538BE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Window$ForegroundText
                                                                                                                • String ID:
                                                                                                                • API String ID: 29597999-0
                                                                                                                • Opcode ID: 05dc376b4900d134a6379cbaa18d0106d4de03454accd11c1c2d6317ccfead90
                                                                                                                • Instruction ID: 00248953e747081f6b91c03c1e0f9734dde845d131ab3c870e5e3089d27f6187
                                                                                                                • Opcode Fuzzy Hash: 05dc376b4900d134a6379cbaa18d0106d4de03454accd11c1c2d6317ccfead90
                                                                                                                • Instruction Fuzzy Hash: D5D05E35404714AFCB101F65B409486BBA4BF462207004848F894C7100D730A882DB40
                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNELBASE(00000400,?,?,05340223,?,?), ref: 05340E02
                                                                                                                • SetErrorMode.KERNELBASE(00000000,?,?,05340223,?,?), ref: 05340E07
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509245363.0000000005340000.00000040.00001000.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5340000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorMode
                                                                                                                • String ID:
                                                                                                                • API String ID: 2340568224-0
                                                                                                                • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                • Instruction ID: a836d893c4f03a50316d77511f012961967c9653169d532cec8a3aeb599720df
                                                                                                                • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                • Instruction Fuzzy Hash: 39D0123124512C77D7002E94DC0DBCDBB5C9F05B66F008011FB0DDD181C7B0995046E5
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,0586AA65,?,0586F2F6,00008000,?,0586AA88,0586BDC9,?,0586AA88,00000008,0586AAAC,?,0586AA65,00000008,00000004), ref: 05869806
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,0586F2F6,00008000,?,0586AA88,0586BDC9,?,0586AA88,00000008,0586AAAC,?,0586AA65,00000008,00000004), ref: 0586980D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 1357844191-0
                                                                                                                • Opcode ID: 2de02a114fdd06c88a2b552a05cafe3cd064a274a8c6588bee32f10a06211bea
                                                                                                                • Instruction ID: fea049d5a813ccf94efd420e017ea842573a60ce8999e1182629d8e6ab9c4524
                                                                                                                • Opcode Fuzzy Hash: 2de02a114fdd06c88a2b552a05cafe3cd064a274a8c6588bee32f10a06211bea
                                                                                                                • Instruction Fuzzy Hash: 58B09B7516530CFBDA401BD1E80EF593F1CD748651F004000FA1D45051DF72A0104B51
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,058BF30C,?,0585873F,00000010,00000000,00000001,00000000,00000001,00000000,00000000,00000001,00000000,00000001,058BF30C,058BF2F8), ref: 0586560C
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,0585873F,00000010,00000000,00000001,00000000,00000001,00000000,00000000,00000001,00000000,00000001,058BF30C,058BF2F8), ref: 05865613
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 1357844191-0
                                                                                                                • Opcode ID: 113e1dc75bba38d0fd2931fdf5f5a212feaf30a3c2e22f81667ff3103eaff288
                                                                                                                • Instruction ID: f7e7192f32807317d134b13a2e83892d8704acdeac3230aee1d34ac7d7c1cc18
                                                                                                                • Opcode Fuzzy Hash: 113e1dc75bba38d0fd2931fdf5f5a212feaf30a3c2e22f81667ff3103eaff288
                                                                                                                • Instruction Fuzzy Hash: ACB092761A860CBBCB802BE2E80EB893F2CEB08752F004400FA2D85050EF72E0108BA1
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,0586B3E0,00000000,00000000,?,00000000,00000000,?,?,053E5F08,053E5F08,?,0586B425,00000083), ref: 05865623
                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,0586B3E0,00000000,00000000,?,00000000,00000000,?,?,053E5F08,053E5F08,?,0586B425,00000083), ref: 0586562A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 3859560861-0
                                                                                                                • Opcode ID: 5b676bf4e6c87f880c341f84a88b3a9bf9535fc290b95e1fcba709ed6405fecd
                                                                                                                • Instruction ID: d5d6695b6458b70b1b7a75d5defe514861f18bd832238932e52b3690801a5f09
                                                                                                                • Opcode Fuzzy Hash: 5b676bf4e6c87f880c341f84a88b3a9bf9535fc290b95e1fcba709ed6405fecd
                                                                                                                • Instruction Fuzzy Hash: F4B09B7516460CB7CA401BD2E80EB853F1CD704652F004000FA1D45050DF76E0504B91
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 1357844191-0
                                                                                                                • Opcode ID: 113e1dc75bba38d0fd2931fdf5f5a212feaf30a3c2e22f81667ff3103eaff288
                                                                                                                • Instruction ID: f7e7192f32807317d134b13a2e83892d8704acdeac3230aee1d34ac7d7c1cc18
                                                                                                                • Opcode Fuzzy Hash: 113e1dc75bba38d0fd2931fdf5f5a212feaf30a3c2e22f81667ff3103eaff288
                                                                                                                • Instruction Fuzzy Hash: ACB092761A860CBBCB802BE2E80EB893F2CEB08752F004400FA2D85050EF72E0108BA1
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865651
                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865658
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 3859560861-0
                                                                                                                • Opcode ID: 5b676bf4e6c87f880c341f84a88b3a9bf9535fc290b95e1fcba709ed6405fecd
                                                                                                                • Instruction ID: d5d6695b6458b70b1b7a75d5defe514861f18bd832238932e52b3690801a5f09
                                                                                                                • Opcode Fuzzy Hash: 5b676bf4e6c87f880c341f84a88b3a9bf9535fc290b95e1fcba709ed6405fecd
                                                                                                                • Instruction Fuzzy Hash: F4B09B7516460CB7CA401BD2E80EB853F1CD704652F004000FA1D45050DF76E0504B91
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00008000,0586644B,00000000,00000000), ref: 0586438B
                                                                                                                • VirtualFreeEx.KERNELBASE(00000000), ref: 05864392
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CurrentFreeProcessVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 2843569277-0
                                                                                                                • Opcode ID: 066f9d865723798d629eac2c4fa39e50dca0a1e36946506a9eeddcc745277b67
                                                                                                                • Instruction ID: 73783946895477396f023d1fb408b2058ae1cb6cffea810a669da70418c24cab
                                                                                                                • Opcode Fuzzy Hash: 066f9d865723798d629eac2c4fa39e50dca0a1e36946506a9eeddcc745277b67
                                                                                                                • Instruction Fuzzy Hash: 06C04C30564704FFDF555B51EE0EB197E64BB84702F21C414B565950E0DB74A444DB05
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,?,004013C6,?,004016CA,004016CA,?,?,0040168E,?,00466418,00000020,00000000,00000000), ref: 00401108
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,004013C6,?,004016CA,004016CA,?,?,0040168E,?,00466418,00000020,00000000,00000000), ref: 0040110F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2506816323.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_Payload 94.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 1357844191-0
                                                                                                                • Opcode ID: 00d5979e8a4174934ce93e8a24dcc4ffcf06b7a9f9ac560222d8b7bca2e15fe7
                                                                                                                • Instruction ID: d0210fa8d8eb864de8a6026305bfc642afbc033a6621974ffd6554401f581abe
                                                                                                                • Opcode Fuzzy Hash: 00d5979e8a4174934ce93e8a24dcc4ffcf06b7a9f9ac560222d8b7bca2e15fe7
                                                                                                                • Instruction Fuzzy Hash: 23B0923A044308BBEB002BE1EE4DB893F2DFB0865AF004020F70D950A0CAB29050CBA9
                                                                                                                APIs
                                                                                                                • VirtualAlloc.KERNELBASE(5600063D,0358786A,00003000,00000040,?,?,004016CA,00000000), ref: 004018AB
                                                                                                                • VirtualAlloc.KERNELBASE(00000000,0358786A,00003000,00000040,?,?,004016CA,00000000), ref: 004018C0
                                                                                                                  • Part of subcall function 00401F3E: VirtualFree.KERNEL32(8B55CC00,00401A77,00004000,00000000,?,00401A77,8B55CC00,0358786A,?,?,?,?,?,?,004016CA), ref: 00401F5A
                                                                                                                  • Part of subcall function 00401F3E: VirtualFree.KERNEL32(8B55CC00,00000000,00008000,?,00401A77,8B55CC00,0358786A,?,?,?,?,?,?,004016CA,?,00000003), ref: 00401F6C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2506816323.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_Payload 94.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Virtual$AllocFree
                                                                                                                • String ID:
                                                                                                                • API String ID: 2087232378-0
                                                                                                                • Opcode ID: 927e15dfe8150a8ad7fff79c177ca3a4d6dd5794c60320e22f7aa717ae27d4e4
                                                                                                                • Instruction ID: 0ed1d2ab8ef6ff8eee3e1ad1e9305626b083e06266adf32f8cd548b66b4b8788
                                                                                                                • Opcode Fuzzy Hash: 927e15dfe8150a8ad7fff79c177ca3a4d6dd5794c60320e22f7aa717ae27d4e4
                                                                                                                • Instruction Fuzzy Hash: 9F21FFB2000305BFEB349F15DC01B6B77ECAF00315F10052EF581A25E1D7B9EA948BA9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2506816323.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_Payload 94.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 1263568516-0
                                                                                                                • Opcode ID: 7c64f740dc26dd3e895adab992eb1df14386e98c6ea7421f3acf125c7f7a22d5
                                                                                                                • Instruction ID: de8cdc72d228f8d5f0b8affcea6ed9af3f40423a144243e7126b5ed7af41d48a
                                                                                                                • Opcode Fuzzy Hash: 7c64f740dc26dd3e895adab992eb1df14386e98c6ea7421f3acf125c7f7a22d5
                                                                                                                • Instruction Fuzzy Hash: 49517D76D0010AAFDF14CFA8C841AEEB7B8AF04314F24417AE905B7291E738EA40CB95
                                                                                                                APIs
                                                                                                                • inet_ntoa.WS2_32(00000000), ref: 0586C549
                                                                                                                  • Part of subcall function 05865604: GetProcessHeap.KERNEL32(00000000,058BF30C,?,0585873F,00000010,00000000,00000001,00000000,00000001,00000000,00000000,00000001,00000000,00000001,058BF30C,058BF2F8), ref: 0586560C
                                                                                                                  • Part of subcall function 05865604: RtlAllocateHeap.NTDLL(00000000,?,0585873F,00000010,00000000,00000001,00000000,00000001,00000000,00000000,00000001,00000000,00000001,058BF30C,058BF2F8), ref: 05865613
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateProcessinet_ntoa
                                                                                                                • String ID:
                                                                                                                • API String ID: 1465237918-0
                                                                                                                • Opcode ID: 94d03302d591a355b8cf28d7eb3f36dbad76f41925a6b5954e6df15e4daa1a05
                                                                                                                • Instruction ID: 942599528414125b86172b86b0a42b87ba069bd741442c7c86e978f19673da25
                                                                                                                • Opcode Fuzzy Hash: 94d03302d591a355b8cf28d7eb3f36dbad76f41925a6b5954e6df15e4daa1a05
                                                                                                                • Instruction Fuzzy Hash: 5A415471B003089BCF18EF68C8999EE7BB9AF44210F14456DED46EB281DF749E45CB92
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: inet_ntoa
                                                                                                                • String ID:
                                                                                                                • API String ID: 1879540557-0
                                                                                                                • Opcode ID: a454002366f5b8e4fc8e3f894473a2a0e701122b04e64f742d39bf7263ddfaab
                                                                                                                • Instruction ID: 424ac311d25302f6729c38c3e541e1ff5c5c5a14dddf20c3e6f9de11ca5da36b
                                                                                                                • Opcode Fuzzy Hash: a454002366f5b8e4fc8e3f894473a2a0e701122b04e64f742d39bf7263ddfaab
                                                                                                                • Instruction Fuzzy Hash: 95317076E102099BCB04EFA8D8559EE7BB9AF49310B00011AFD05E7290EF70AD158BA1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0586A3FF: strlen.MSVCRT ref: 0586A40A
                                                                                                                • inet_addr.WS2_32(?), ref: 0586BF50
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: inet_addrstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3630961101-0
                                                                                                                • Opcode ID: 4b645c19d93f5c1b1ded32a256a376115488759fa77c938a21acbf7486547916
                                                                                                                • Instruction ID: 8484d421deacc51a87e0b15f3f66e5b0c49482e7a205179d65b8750769350112
                                                                                                                • Opcode Fuzzy Hash: 4b645c19d93f5c1b1ded32a256a376115488759fa77c938a21acbf7486547916
                                                                                                                • Instruction Fuzzy Hash: 5C11F275911B44DFCBA0DF69C540A8ABBF4FF182007004A2EE98AC3B20E730E554CF85
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865D6A: NtCreateKey.NTDLL(00000001,?,?,00000000,00000000,00000000,00000000), ref: 05865D93
                                                                                                                • __fprintf_l.LIBCMT ref: 058661B4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Create__fprintf_l
                                                                                                                • String ID:
                                                                                                                • API String ID: 3061638686-0
                                                                                                                • Opcode ID: a862ead943f29bf65166ad28e1b17c68675ddaef0d90b557a7b7a9df64c39764
                                                                                                                • Instruction ID: 9778452ff167da0e256f3bcb7c3ee0b7278b3fb1c3c8de3479da4680c44310be
                                                                                                                • Opcode Fuzzy Hash: a862ead943f29bf65166ad28e1b17c68675ddaef0d90b557a7b7a9df64c39764
                                                                                                                • Instruction Fuzzy Hash: C6016D72A00218ABDF11AB99CD0ABEE7BA8EF04240F540060BD15D5092FA35CF64DA95
                                                                                                                APIs
                                                                                                                  • Part of subcall function 058697FE: GetProcessHeap.KERNEL32(00000000,0586AA65,?,0586F2F6,00008000,?,0586AA88,0586BDC9,?,0586AA88,00000008,0586AAAC,?,0586AA65,00000008,00000004), ref: 05869806
                                                                                                                  • Part of subcall function 058697FE: RtlAllocateHeap.NTDLL(00000000,?,0586F2F6,00008000,?,0586AA88,0586BDC9,?,0586AA88,00000008,0586AAAC,?,0586AA65,00000008,00000004), ref: 0586980D
                                                                                                                • atexit.MSVCRT ref: 0586F327
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateProcessatexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 1972178692-0
                                                                                                                • Opcode ID: e5c4cced3cf286fe9e12605026b654fca23c6bf3257b8b88bcf622af9252182c
                                                                                                                • Instruction ID: daefef5ff2367f85767c842a07219d1bf7c98ce743b36ba2b906bf58db6d4a85
                                                                                                                • Opcode Fuzzy Hash: e5c4cced3cf286fe9e12605026b654fca23c6bf3257b8b88bcf622af9252182c
                                                                                                                • Instruction Fuzzy Hash: 33F06271905704DFC3609F3CE54AB56BBE4AF48720F10492FE49AD3691EF74A4448B25
                                                                                                                APIs
                                                                                                                • recv.WS2_32(?,?,00000000,00000000), ref: 0586A9B1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: recv
                                                                                                                • String ID:
                                                                                                                • API String ID: 1507349165-0
                                                                                                                • Opcode ID: 7403993ae8fc765b3a925a1c8e9de7e0e429a3990ce3afeb4efb6dda9ff850cb
                                                                                                                • Instruction ID: 0d77a131b2c519b06f5ccdd19a657c3529c0c8c18e1e5f468a407d100d74f55b
                                                                                                                • Opcode Fuzzy Hash: 7403993ae8fc765b3a925a1c8e9de7e0e429a3990ce3afeb4efb6dda9ff850cb
                                                                                                                • Instruction Fuzzy Hash: 9BE0E536300904EBCB254E19C804F6EBBA7ABC4231F218225FA66D22A0C730E800CB90
                                                                                                                APIs
                                                                                                                • time.MSVCRT(00000000,00000000,?,0586CBDD,00000000,00000020,00000000,00000000,?,?,?,?,?,?,?,0586C600), ref: 0586FF4E
                                                                                                                  • Part of subcall function 05871EFD: WSAStartup.WS2_32(00000202,?), ref: 05871F27
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Startuptime
                                                                                                                • String ID:
                                                                                                                • API String ID: 618587133-0
                                                                                                                • Opcode ID: d4d37c0a5ffca37b1004cb524060bf3231f3e7f8fec613b226c3341c7cd97d54
                                                                                                                • Instruction ID: 483be91f3a513b6d1a347d782e50e7bf6cb28de6012f5dce3a53016f83d935d3
                                                                                                                • Opcode Fuzzy Hash: d4d37c0a5ffca37b1004cb524060bf3231f3e7f8fec613b226c3341c7cd97d54
                                                                                                                • Instruction Fuzzy Hash: 7BE0923222460ADFD7009A6CF84AE953FD8FB0D2A8F110015FE06C7295EF20EC00C790
                                                                                                                APIs
                                                                                                                • RtlInitUnicodeString.NTDLL(00000000,0585B3EA), ref: 05865DB0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: InitStringUnicode
                                                                                                                • String ID:
                                                                                                                • API String ID: 4228678080-0
                                                                                                                • Opcode ID: 5eefc1b9f26114409c6c579eb9b4e43405e444b9101bf8d88df5187b29ad4953
                                                                                                                • Instruction ID: d2917012c6b01e5c7fd1fcbac3754688b75dc6819a976e4fd138c533497480bd
                                                                                                                • Opcode Fuzzy Hash: 5eefc1b9f26114409c6c579eb9b4e43405e444b9101bf8d88df5187b29ad4953
                                                                                                                • Instruction Fuzzy Hash: F1E0EC7260020EBFDF055F95DC0AEDE3F7DEB05244F004029BA11D51A0E671E9759B50
                                                                                                                APIs
                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,0585C41D,00000000,00000000,058EDBFC), ref: 0585C4B8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2422867632-0
                                                                                                                • Opcode ID: 3bd6098e3ac938fe7d3347b55551181f2c436d8cc5d8458a115d139bff53566d
                                                                                                                • Instruction ID: 1003ca40d25e6fdce98e174ebf42bdc7636ef786f7d877638bdc1149a0a0bb16
                                                                                                                • Opcode Fuzzy Hash: 3bd6098e3ac938fe7d3347b55551181f2c436d8cc5d8458a115d139bff53566d
                                                                                                                • Instruction Fuzzy Hash: 3CE0127055B7359AD7336A117C4ADA77E78B741B70701409DBC51D9100EB752C85CFD0
                                                                                                                APIs
                                                                                                                • send.WS2_32(?,?,00000000,00000000), ref: 0586AA1F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: send
                                                                                                                • String ID:
                                                                                                                • API String ID: 2809346765-0
                                                                                                                • Opcode ID: 8c326c49ac709fac686d405e43f678bf8a481c05ca20915c4994dd130f3ce079
                                                                                                                • Instruction ID: 223b959b092badf6bbed72ba565441446f18ef087d6ec8c88fdcb003c64af70f
                                                                                                                • Opcode Fuzzy Hash: 8c326c49ac709fac686d405e43f678bf8a481c05ca20915c4994dd130f3ce079
                                                                                                                • Instruction Fuzzy Hash: 41E0C235210608FBCB244E649C01FA57BE6FF04336F108627FA17E04E1C271A960DB90
                                                                                                                APIs
                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,0587000B,00000000,00000000,00000008), ref: 05870046
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2422867632-0
                                                                                                                • Opcode ID: 3d23dbde2a86a1dfdad0f7af7520c66f2d179930450206fd4a66d72ae8596e6b
                                                                                                                • Instruction ID: 4875cffa526ead0321d355beb112a2664a38812b80a2436d49cf21c9bac8a697
                                                                                                                • Opcode Fuzzy Hash: 3d23dbde2a86a1dfdad0f7af7520c66f2d179930450206fd4a66d72ae8596e6b
                                                                                                                • Instruction Fuzzy Hash: 59D09EB1526755EFAB388B21A90DCB37E9DEA05521300C96EF85AC2501F664EC408F64
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNELBASE(00401DEF,?,00401DEF,?,?,00000003,?,004016CA), ref: 004014F3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2506816323.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_Payload 94.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: d3878ec2753c227d9096d6b806c054061bda1f5525ca2943e4e5bb737c5e1e78
                                                                                                                • Instruction ID: d3c4a985bf6b8c2236ac45893c834675fbb0c2df5aee8aecca8a024a6d344bce
                                                                                                                • Opcode Fuzzy Hash: d3878ec2753c227d9096d6b806c054061bda1f5525ca2943e4e5bb737c5e1e78
                                                                                                                • Instruction Fuzzy Hash: 82C04C706043089FDF00DFA6ED4591537E9FB846007414439ED18D3620EBB2E954DE5D
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: closesocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 2781271927-0
                                                                                                                • Opcode ID: 0f9434e96636cf0df302e0f5d909615473b406a9f2508be154cb985871e0f6db
                                                                                                                • Instruction ID: 822d31f0cd40dda38f171781061ceb59c6af79aa258bd78de712ba08d6651bfc
                                                                                                                • Opcode Fuzzy Hash: 0f9434e96636cf0df302e0f5d909615473b406a9f2508be154cb985871e0f6db
                                                                                                                • Instruction Fuzzy Hash: B1B09231415B208F96741E19F80E8827AB4AB15230311079AE4E3819F2CBA26DC68BD0
                                                                                                                APIs
                                                                                                                • RtlReAllocateHeap.NTDLL(00000008,?,?,058552D8,00000000,00000000), ref: 05863DF0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: d942945122def041e59163d067738f600c13aa453d085d6d928b925dff91f9fa
                                                                                                                • Instruction ID: 2aabb59c0da13d806088f0cf849a4c0b957e2a60e5e3929805ee0a6ce2feca69
                                                                                                                • Opcode Fuzzy Hash: d942945122def041e59163d067738f600c13aa453d085d6d928b925dff91f9fa
                                                                                                                • Instruction Fuzzy Hash: 6DB092351A8602BBCE421B41DD0AA497EB2BB84381F008404B68804070EA32A064EF02
                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: 239e35408e467e9124d29eabf62facd1a0d45af068f0e3d69c7ae16012c6a6f5
                                                                                                                • Instruction ID: 19ee25f6e9c7efc260c4254e0331346cd10ecf58f3e0a7c89f083c89a723586d
                                                                                                                • Opcode Fuzzy Hash: 239e35408e467e9124d29eabf62facd1a0d45af068f0e3d69c7ae16012c6a6f5
                                                                                                                • Instruction Fuzzy Hash: 82B012300B4500BBCE411B00DD0BA043E71B780701F104400B68004070DE316420EF00
                                                                                                                APIs
                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,0586429E,?,?,?,?,00000000), ref: 05863E03
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 3298025750-0
                                                                                                                • Opcode ID: cabeb7509e321e28dcdc45c4f0ef5f88d51648caef361af03ecbc7027abb0181
                                                                                                                • Instruction ID: 6f9d0c24caa886db5b4e709c169198957b1fa0997ea253de3dfa1808f675047b
                                                                                                                • Opcode Fuzzy Hash: cabeb7509e321e28dcdc45c4f0ef5f88d51648caef361af03ecbc7027abb0181
                                                                                                                • Instruction Fuzzy Hash: 97B01230074100BBCE011B00DD0BF043F71B780700F000100B640440709E316420EF01
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2221118986-0
                                                                                                                • Opcode ID: 21762cbbbaa8b870f5526e6ddab9e1f23810bbc8890db5b2839cf3e997f643ce
                                                                                                                • Instruction ID: 80ece13535d62c05a92a0d0c8f6972ad4827bb247cb04c219bfd11377498f481
                                                                                                                • Opcode Fuzzy Hash: 21762cbbbaa8b870f5526e6ddab9e1f23810bbc8890db5b2839cf3e997f643ce
                                                                                                                • Instruction Fuzzy Hash: 7B115476E04309ABCB14DEACE84A9DD77F9AB49274F20052AFD11E7281FA30D941CB65
                                                                                                                APIs
                                                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 053E9F36
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509423119.00000000053E9000.00000040.00000020.00020000.00000000.sdmp, Offset: 053E9000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_53e9000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                • Instruction ID: 75cf95c69e19beee848ab3544d76f1dca47e085324906919d0f9b1507e11477e
                                                                                                                • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                • Instruction Fuzzy Hash: 7A113C79A00208EFDB01DF98C989E98BBF5AF08351F058094F9489B362D371EA90DF90
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 39653677-0
                                                                                                                • Opcode ID: fd82e2f69b67d7158a959d01a44734510ab79e8a8af814a701ec4af054323ca1
                                                                                                                • Instruction ID: 264e8910cfac8f3111cad5e7453c1eae4809b95ee0d77db2d8e8cfacbfcac527
                                                                                                                • Opcode Fuzzy Hash: fd82e2f69b67d7158a959d01a44734510ab79e8a8af814a701ec4af054323ca1
                                                                                                                • Instruction Fuzzy Hash: B0F0A933604114DFCB108E5CDC84D9ABB6DEF842687148129FD49DB142D631ED15C7A0
                                                                                                                APIs
                                                                                                                • _chkstk.NTDLL(?,05871E5D,05871DE8,00A00000), ref: 0586965C
                                                                                                                  • Part of subcall function 0586A043: strlen.MSVCRT ref: 0586A056
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: _chkstkstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1716017711-0
                                                                                                                • Opcode ID: 0c59c2534f2a9a51209a587d9f50cc0268879b253ed3ec8d8ded8030c3251090
                                                                                                                • Instruction ID: b86f075f1a8e22160886dacc413b00b67c007a5807487918b63816de521f8902
                                                                                                                • Opcode Fuzzy Hash: 0c59c2534f2a9a51209a587d9f50cc0268879b253ed3ec8d8ded8030c3251090
                                                                                                                • Instruction Fuzzy Hash: E4F012316002089BCF14EE68C884F9A73A9BF94791F10415AFD1ADB1D4DA74ED81CB52
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 39653677-0
                                                                                                                • Opcode ID: f2984a47bb1efbb83a48e6849668e43b5d540c403c6a7d5dd03afe5f3559f3cb
                                                                                                                • Instruction ID: f0dd6674b47500d356f7bde0a3e9607da13a1d42dba0ca643ebf0797ef7ccc65
                                                                                                                • Opcode Fuzzy Hash: f2984a47bb1efbb83a48e6849668e43b5d540c403c6a7d5dd03afe5f3559f3cb
                                                                                                                • Instruction Fuzzy Hash: 6BE04F33701124BBCB142A5DEC05DE9BB5AEBC9271F044232FE18E72A0DA619D60A7E1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05859281: WSAStartup.WS2_32(00000202,?), ref: 05859296
                                                                                                                • SetThreadDesktop.USER32 ref: 0585A715
                                                                                                                  • Part of subcall function 0585930C: send.WS2_32(?,0000000A,?,00000000), ref: 05859328
                                                                                                                  • Part of subcall function 05859343: recv.WS2_32(?,00000000,0585A751,00000000), ref: 0585935F
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,05859392,00000000,00000000,00000000), ref: 0585A766
                                                                                                                • GetDesktopWindow.USER32 ref: 0585A827
                                                                                                                • OpenClipboard.USER32(00000000), ref: 0585A82E
                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 0585A836
                                                                                                                • GetClipboardData.USER32(00000001), ref: 0585A842
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0585A84B
                                                                                                                • lstrcpyA.KERNEL32(00000000,00000000), ref: 0585A86D
                                                                                                                  • Part of subcall function 058597D4: memset.NTDLL ref: 058597F3
                                                                                                                  • Part of subcall function 058597D4: SHGetFolderPathA.SHELL32(00000000,00000025,00000000,00000000,?), ref: 05859807
                                                                                                                  • Part of subcall function 058597D4: lstrcatA.KERNEL32(?,?), ref: 0585983B
                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 0585A858
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0585A874
                                                                                                                • CloseClipboard.USER32 ref: 0585A87C
                                                                                                                • GetDesktopWindow.USER32 ref: 0585A8CA
                                                                                                                • OpenClipboard.USER32(00000000), ref: 0585A8D1
                                                                                                                • EmptyClipboard.USER32 ref: 0585A8D7
                                                                                                                • GlobalAlloc.KERNEL32(00000002,?), ref: 0585A8E0
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0585A8E9
                                                                                                                • memcpy.NTDLL(00000000,?,?), ref: 0585A8F6
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0585A8FF
                                                                                                                • SetClipboardData.USER32(00000001,00000000), ref: 0585A908
                                                                                                                • CloseClipboard.USER32 ref: 0585A90E
                                                                                                                • WindowFromPoint.USER32(?,?), ref: 0585A92F
                                                                                                                • WindowFromPoint.USER32(00000407,?), ref: 0585A9D2
                                                                                                                • SendMessageA.USER32(00000000,00000084,00000000,?), ref: 0585AA00
                                                                                                                • PostMessageA.USER32(00000000,00000112,0000F020,00000000), ref: 0585AA21
                                                                                                                • GetWindowPlacement.USER32(00000000,?), ref: 0585AA38
                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 0585AA66
                                                                                                                • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 0585AA75
                                                                                                                • SendMessageA.USER32(00000000,00000084,00000000,?), ref: 0585AA82
                                                                                                                • FindWindowA.USER32(Button,00000000), ref: 0585AAA4
                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 0585AAB1
                                                                                                                • PtInRect.USER32(?,?,?), ref: 0585AAC1
                                                                                                                • ScreenToClient.USER32(?,?), ref: 0585ACA9
                                                                                                                • ScreenToClient.USER32(?,?), ref: 0585ACC9
                                                                                                                • ChildWindowFromPoint.USER32(?,?,?), ref: 0585ACD2
                                                                                                                • PostMessageA.USER32(?,?,?,?), ref: 0585ACFF
                                                                                                                • closesocket.WS2_32(?), ref: 0585AD28
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Window$Clipboard$Global$Message$DesktopFromPoint$ClientCloseDataHeapLockLongOpenPostRectScreenSendThreadUnlock$AllocAllocateAvailableChildCreateEmptyFindFolderFormatPathPlacementProcessStartupclosesocketlstrcatlstrcpylstrlenmemcpymemsetrecvsend
                                                                                                                • String ID: Button$MAKEITSAD
                                                                                                                • API String ID: 3246846348-3543428828
                                                                                                                • Opcode ID: a8f7543485779eb27255acb477a9cbfc5566d16266795ad7c27205d93ab15836
                                                                                                                • Instruction ID: 37e9cfcf9b69f53069084993dbc2db5caa42589bca779954efb7003378bc53be
                                                                                                                • Opcode Fuzzy Hash: a8f7543485779eb27255acb477a9cbfc5566d16266795ad7c27205d93ab15836
                                                                                                                • Instruction Fuzzy Hash: CC02887151424CEFDF299F64CD89AAE3FAAFB04766F040219FE06D2190EA75DC44CBA1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05862012: strlen.NTDLL ref: 05862014
                                                                                                                  • Part of subcall function 05862012: strrchr.NTDLL ref: 0586201E
                                                                                                                • strcmp.NTDLL ref: 0586207B
                                                                                                                • strcmp.NTDLL ref: 0586208F
                                                                                                                • memset.NTDLL ref: 058620A9
                                                                                                                • memset.NTDLL ref: 058620B7
                                                                                                                  • Part of subcall function 05862E85: memset.NTDLL ref: 05862EBB
                                                                                                                  • Part of subcall function 05862E85: Sleep.KERNEL32(0000000A,00000000,00000010,?,?,?,?,00000000,00000021), ref: 05862EE3
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 0586210A
                                                                                                                  • Part of subcall function 0586677D: _vsnwprintf.NTDLL ref: 05866792
                                                                                                                  • Part of subcall function 05862529: CreateDirectoryW.KERNEL32(?,00000000,05862160,?,?,00000103,%s\%s\%s.%s,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},?,?,?,00000103,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723}), ref: 0586252F
                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0586216A
                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000001,00000002,00000000), ref: 05862185
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 058621B6
                                                                                                                • strcmp.NTDLL ref: 058621DC
                                                                                                                • strcmp.NTDLL ref: 058621FC
                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 05862257
                                                                                                                • NtResumeThread.NTDLL(?,00000000), ref: 05862269
                                                                                                                • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 05862291
                                                                                                                • ResumeThread.KERNEL32(?), ref: 058622A3
                                                                                                                • CloseHandle.KERNEL32(?), ref: 058622AC
                                                                                                                • CloseHandle.KERNEL32(?), ref: 058622B1
                                                                                                                • ExitProcess.KERNEL32 ref: 058622B4
                                                                                                                • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 058622D7
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000021), ref: 05862307
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000021), ref: 05862311
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000021), ref: 0586231C
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000021), ref: 05862330
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$Create$Processstrcmp$Filememset$DeleteResumeThread$DirectoryEnvironmentExitExpandSleepStrings_vsnwprintfstrlenstrrchr
                                                                                                                • String ID: %s\%s\%s.%s$exe$exe$exe$jar$java.exe -jar %s${66FC1451-ED27-40BE-95A1-9AB6A43B0723}
                                                                                                                • API String ID: 3955850671-2910128488
                                                                                                                • Opcode ID: cf47b9a0ef46f685b896ede8e0efffca15a3e8d34bd91350fc72e23daf8b8070
                                                                                                                • Instruction ID: 1c1dcc92ce9d68117c5f25e5f1ffd98144946afa034df3c031927e2c2d687ab1
                                                                                                                • Opcode Fuzzy Hash: cf47b9a0ef46f685b896ede8e0efffca15a3e8d34bd91350fc72e23daf8b8070
                                                                                                                • Instruction Fuzzy Hash: 24912FB590421DAFDF20EFA5DC89EEA7BADEB04254F004166FE1AE2150EB31DD44CB61
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                • __fprintf_l.LIBCMT ref: 058649C0
                                                                                                                  • Part of subcall function 0586449E: strcpy.NTDLL ref: 058644C2
                                                                                                                • __fprintf_l.LIBCMT ref: 058649E8
                                                                                                                  • Part of subcall function 05865DD8: RtlInitUnicodeString.NTDLL(00000050,00000050), ref: 05865DE8
                                                                                                                  • Part of subcall function 05865DD8: NtQueryValueKey.NTDLL(00000400,00000000,00000001,00000000,00000400,?), ref: 05865E2A
                                                                                                                • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 05864A82
                                                                                                                • memcpy.NTDLL(05864BF5,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 05864A9A
                                                                                                                • LocalFree.KERNEL32(?), ref: 05864AAA
                                                                                                                • __fprintf_l.LIBCMT ref: 05864AC5
                                                                                                                • __fprintf_l.LIBCMT ref: 05864AEE
                                                                                                                • strlen.NTDLL ref: 05864B0A
                                                                                                                • strlen.NTDLL ref: 05864B14
                                                                                                                • strlen.NTDLL ref: 05864B1F
                                                                                                                • strlen.NTDLL ref: 05864B27
                                                                                                                • strcpy.NTDLL ref: 05864B4C
                                                                                                                • strcpy.NTDLL ref: 05864B5E
                                                                                                                • strcpy.NTDLL ref: 05864B74
                                                                                                                • strcpy.NTDLL ref: 05864B87
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: strcpy$__fprintf_lstrlen$AllocateCryptDataFreeHeapInitLocalQueryStringUnicodeUnprotectValuememcpy
                                                                                                                • String ID: Display Name$Email$IMAP Password$POP3 Password$SMTP Password$SMTP Server$SMTP Use SSL
                                                                                                                • API String ID: 3179835122-2401004315
                                                                                                                • Opcode ID: de7a5824f8fe9abcbf5c384671cf11d34a5b6afcd0a574656f6557be09cccc80
                                                                                                                • Instruction ID: 2afff7ab9f7d871596a7601e5285f04b4f7af2b7c5ff8adf55bf4c970c54e1d3
                                                                                                                • Opcode Fuzzy Hash: de7a5824f8fe9abcbf5c384671cf11d34a5b6afcd0a574656f6557be09cccc80
                                                                                                                • Instruction Fuzzy Hash: 33614CB1E00219BFDF01ABA8CC859BEBBB9BF04650F044465ED05F3211EB359E549BA2
                                                                                                                APIs
                                                                                                                • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,?,?,00000000), ref: 05863B72
                                                                                                                • ReadProcessMemory.KERNEL32(?,?,?,000001D8,?,?,?,?,?,00000000), ref: 05863B8A
                                                                                                                • NtCreateSection.NTDLL(0585B533,0000000E,00000000,?,00000040,08000000,00000000), ref: 05863BDC
                                                                                                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 05863BF9
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,00000000,?,?,00000002,00000000,00000004,?,?,?,?,00000000), ref: 05863C20
                                                                                                                • NtMapViewOfSection.NTDLL(0585B533,00000000,?,?,?,?,00000000), ref: 05863C26
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,00000000,?,?,00000002,00000000,00000004,?,?,?,?,00000000), ref: 05863C47
                                                                                                                • NtMapViewOfSection.NTDLL(?,00000000,?,?,?,?,00000000), ref: 05863C4D
                                                                                                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,?,?,00000002,00000000,00000080), ref: 05863C78
                                                                                                                • ReadProcessMemory.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 05863C92
                                                                                                                • NtUnmapViewOfSection.NTDLL(?,?), ref: 05863CF2
                                                                                                                • NtMapViewOfSection.NTDLL(0585B533,?,?,00000000,00000000,?,?,00000002,00000000,00000040), ref: 05863D13
                                                                                                                • GetCurrentProcess.KERNEL32(?,?,00000000), ref: 05863D33
                                                                                                                • NtUnmapViewOfSection.NTDLL(00000000), ref: 05863D3A
                                                                                                                • CloseHandle.KERNEL32(0585B533,?,00000000), ref: 05863D43
                                                                                                                • GetCurrentProcess.KERNEL32(?,?,00000000), ref: 05863D4D
                                                                                                                • NtUnmapViewOfSection.NTDLL(00000000), ref: 05863D54
                                                                                                                • CloseHandle.KERNEL32(?,?,00000000), ref: 05863D5D
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Section$Process$View$Current$MemoryReadUnmap$CloseCreateHandleHeap$Allocate
                                                                                                                • String ID: ?
                                                                                                                • API String ID: 3804995752-1684325040
                                                                                                                • Opcode ID: 7a09977a645b75c0b863dd9e58c9f5134b1a7b842c339deafa9b410eff31dceb
                                                                                                                • Instruction ID: 7c608bf958ca584bc072bfbffe072579d97f0c2a159fc6d42e290a90bc8dec55
                                                                                                                • Opcode Fuzzy Hash: 7a09977a645b75c0b863dd9e58c9f5134b1a7b842c339deafa9b410eff31dceb
                                                                                                                • Instruction Fuzzy Hash: BC91F4B1A10219ABDB11DF95DC49EEEBBBDFF48700F00441AFA15F6150DB74AA44CBA1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05866EF0: TerminateProcess.KERNEL32(00000000,00000000,00000000,00000000,05866F7D,?,00000000,00000000), ref: 05866F07
                                                                                                                  • Part of subcall function 05866EF0: CloseHandle.KERNEL32 ref: 05866F19
                                                                                                                  • Part of subcall function 05866EF0: CloseHandle.KERNEL32 ref: 05866F21
                                                                                                                  • Part of subcall function 05866EF0: Sleep.KERNEL32(00001388), ref: 05866F34
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,00000000,?,00000000,00000000), ref: 05866F92
                                                                                                                  • Part of subcall function 05866D1B: SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},00000104,05866FA1), ref: 05866D29
                                                                                                                • memset.NTDLL ref: 05867007
                                                                                                                • memset.NTDLL ref: 05867013
                                                                                                                • DeleteFileW.KERNEL32(tv\readme.txt), ref: 05867023
                                                                                                                • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 0586703C
                                                                                                                • NtResumeThread.NTDLL(?,00000000), ref: 0586704F
                                                                                                                • NtResumeThread.NTDLL(?,00000000), ref: 058670D6
                                                                                                                  • Part of subcall function 058667E0: RtlFreeAnsiString.NTDLL(?), ref: 05866820
                                                                                                                  • Part of subcall function 05866D6E: strlen.NTDLL ref: 05866D76
                                                                                                                  • Part of subcall function 05865649: GetProcessHeap.KERNEL32(00000000,00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865651
                                                                                                                  • Part of subcall function 05865649: RtlFreeHeap.NTDLL(00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865658
                                                                                                                • Sleep.KERNEL32(00001388), ref: 0586712B
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(%TEMP%\helloworld.exe,00000000,00000104), ref: 05866FCD
                                                                                                                  • Part of subcall function 058667E0: RtlInitUnicodeString.NTDLL(0585B3A6,?), ref: 058667ED
                                                                                                                  • Part of subcall function 058667E0: RtlUnicodeStringToAnsiString.NTDLL(?,?,00000001), ref: 058667FD
                                                                                                                  • Part of subcall function 058684F5: CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000002,00000002,00000000,771B3160,00000000,05868576,?,00000000,?,05857A01,00000001,00000000), ref: 0586850C
                                                                                                                • memset.NTDLL ref: 05867087
                                                                                                                • memset.NTDLL ref: 05867093
                                                                                                                • DeleteFileW.KERNEL32(tv\readme.txt), ref: 058670A3
                                                                                                                • CreateProcessW.KERNEL32(TeamViewer.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 058670C3
                                                                                                                • Sleep.KERNEL32(00001388), ref: 058670F5
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0586719A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Process$HeapStringmemset$CreateCurrentDirectoryFileSleep$AnsiCloseDeleteFreeHandleResumeThreadUnicode$AllocateEnvironmentExpandInitStringsTerminatestrlen
                                                                                                                • String ID: %TEMP%\helloworld.exe$TeamViewer.exe$tv\readme.txt
                                                                                                                • API String ID: 1094010090-2935230182
                                                                                                                • Opcode ID: d601b57722c0db12ac865474d7752343823bd9e4c08999d192cc3ada6af658dc
                                                                                                                • Instruction ID: 72f94db743c0c92cf750a7189e7092b4af35c4edc9ef7f1b616716987e404909
                                                                                                                • Opcode Fuzzy Hash: d601b57722c0db12ac865474d7752343823bd9e4c08999d192cc3ada6af658dc
                                                                                                                • Instruction Fuzzy Hash: 616171B195434CBEEF10EBA9DC49EAEBFBDEF04248F104065FD05E2141EA715E458BA2
                                                                                                                APIs
                                                                                                                • GetDesktopWindow.USER32 ref: 05858FF6
                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 05859001
                                                                                                                • GetDC.USER32(00000000), ref: 05859009
                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 05859019
                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0585902C
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 05859033
                                                                                                                  • Part of subcall function 05858F76: GetTopWindow.USER32(?), ref: 05858F7A
                                                                                                                  • Part of subcall function 05858F76: GetWindow.USER32(00000000,00000001), ref: 05858FA1
                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0585907E
                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 05859086
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 0585908E
                                                                                                                • SetStretchBltMode.GDI32(00000000,00000004), ref: 05859097
                                                                                                                • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 058590B6
                                                                                                                • DeleteObject.GDI32(?), ref: 058590BF
                                                                                                                • DeleteDC.GDI32(00000000), ref: 058590C6
                                                                                                                • GetDIBits.GDI32(00000000,?,00000000,?,058ED728,00000000), ref: 0585917A
                                                                                                                • DeleteObject.GDI32(?), ref: 05859183
                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 0585918D
                                                                                                                • DeleteDC.GDI32(00000000), ref: 05859194
                                                                                                                • memcpy.NTDLL(00000000), ref: 058591E2
                                                                                                                • memcpy.NTDLL(00000000,00000000), ref: 05859272
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CompatibleCreateDeleteObjectWindow$BitmapSelectStretchmemcpy$BitsDesktopModeRectRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 4142096612-0
                                                                                                                • Opcode ID: a9da1e78b09bd609894055d9aad641bc7f898cf7870dc129ac9175098e4fd3a0
                                                                                                                • Instruction ID: 0890d5f6a6df45d2ff48ff13fe98d3b46f9f479601e5c47b29603639d716230a
                                                                                                                • Opcode Fuzzy Hash: a9da1e78b09bd609894055d9aad641bc7f898cf7870dc129ac9175098e4fd3a0
                                                                                                                • Instruction Fuzzy Hash: FF81AE71911209EFCF11AFB4DC8A9B97FB6FB08220B04816DFD16DA251DB32AD45CB50
                                                                                                                APIs
                                                                                                                • VirtualAllocEx.KERNEL32(?,00000000,00002000,00003000,00000040,00000000), ref: 0584247D
                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,ExitThread,?,00000000), ref: 0584250A
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 05842513
                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,ResumeThread), ref: 05842522
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 05842525
                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,LoadLibraryA), ref: 05842537
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0584253A
                                                                                                                • memcpy.NTDLL(?,?,?), ref: 0584258D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc$AllocVirtualmemcpy
                                                                                                                • String ID: ExitThread$LoadLibraryA$ResumeThread$kernel32
                                                                                                                • API String ID: 428411991-944765772
                                                                                                                • Opcode ID: 6e432acc290912cf47ad1d5ae6171ff5467b0a39e0ea3fd3a13a52782feacf95
                                                                                                                • Instruction ID: d1cfc4dcf548314fff18186d5f4f1c9339d7f7c439c90ac2cc7e91e9f5d86f5b
                                                                                                                • Opcode Fuzzy Hash: 6e432acc290912cf47ad1d5ae6171ff5467b0a39e0ea3fd3a13a52782feacf95
                                                                                                                • Instruction Fuzzy Hash: 8461A371A0428DAFCF11CFA8D8449EEBFB9AF55210F04429AED45B7341D6309A05CFA5
                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 058625F1
                                                                                                                • lstrcpyA.KERNEL32(00000000,?,771A8A60,?,00000000), ref: 05862609
                                                                                                                • lstrcatA.KERNEL32(00000000,058794E8), ref: 0586261D
                                                                                                                  • Part of subcall function 05862536: CreateDirectoryW.KERNEL32(?,00000000), ref: 0586255F
                                                                                                                • GetLastError.KERNEL32 ref: 0586262C
                                                                                                                • FindFirstFileA.KERNEL32(00000000,?), ref: 0586264E
                                                                                                                • memset.NTDLL ref: 0586266D
                                                                                                                • lstrcpyA.KERNEL32(00000000,?), ref: 0586267F
                                                                                                                • lstrcatA.KERNEL32(00000000,058794EC), ref: 0586268D
                                                                                                                • lstrcatA.KERNEL32(00000000,?), ref: 0586269D
                                                                                                                • memset.NTDLL ref: 058626B0
                                                                                                                • lstrcpyA.KERNEL32(00000000,?), ref: 058626C2
                                                                                                                • lstrcatA.KERNEL32(00000000,058794F0), ref: 058626D0
                                                                                                                • lstrcatA.KERNEL32(00000000,?), ref: 058626E0
                                                                                                                • lstrcmpA.KERNEL32(?,058794F4), ref: 058626F7
                                                                                                                • lstrcmpA.KERNEL32(?,058794F8), ref: 0586270D
                                                                                                                • GetLastError.KERNEL32 ref: 05862728
                                                                                                                • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0586275C
                                                                                                                • FindNextFileA.KERNEL32(?,00000010), ref: 0586276C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: lstrcat$Filelstrcpymemset$ErrorFindLastlstrcmp$CopyCreateDirectoryFirstNext
                                                                                                                • String ID:
                                                                                                                • API String ID: 1381467612-0
                                                                                                                • Opcode ID: 84ab7bdbc729d0efba4e98cc1daf11f82871f0e8e23a3a3014bceff26af5be06
                                                                                                                • Instruction ID: dcd10da94a144cafdbcbc61d6df00c0e75aa6d7572e583f78846ded407a9b15a
                                                                                                                • Opcode Fuzzy Hash: 84ab7bdbc729d0efba4e98cc1daf11f82871f0e8e23a3a3014bceff26af5be06
                                                                                                                • Instruction Fuzzy Hash: 2341247590421DABCF61EBA5DC4DFDA7BACAB04305F0044D6EA49E2141EA74EB888F61
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                • __fprintf_l.LIBCMT ref: 058644FB
                                                                                                                • __fprintf_l.LIBCMT ref: 05864511
                                                                                                                • __fprintf_l.LIBCMT ref: 05864527
                                                                                                                • __fprintf_l.LIBCMT ref: 05864550
                                                                                                                • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 058645DE
                                                                                                                • memcpy.NTDLL(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 058645EF
                                                                                                                • LocalFree.KERNEL32(?), ref: 05864601
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: __fprintf_l$AllocateCryptDataFreeHeapLocalUnprotectmemcpy
                                                                                                                • String ID: Email$IMAP Password$IMAP Server$OL$POP3 Password$POP3 Server$SMTP Password$SMTP Server
                                                                                                                • API String ID: 2094003377-3222106120
                                                                                                                • Opcode ID: 932c0efa3a2bbfab165a914f446d9658a369bbad7d69ce8932529c927147576b
                                                                                                                • Instruction ID: 5e879609b4843d60f33bd86c0a60d14f6e945d141835a2397f394fc08fd0d490
                                                                                                                • Opcode Fuzzy Hash: 932c0efa3a2bbfab165a914f446d9658a369bbad7d69ce8932529c927147576b
                                                                                                                • Instruction Fuzzy Hash: 404156B1B003187ADF01BBA98C89DBF7ABDEF40A50F144165FD05E6251FB748F009AA6
                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 0585AD4B
                                                                                                                • strcpy.NTDLL ref: 0585AD56
                                                                                                                • memset.NTDLL ref: 0585AD63
                                                                                                                • OpenDesktopA.USER32(default,00000000,00000001,10000000), ref: 0585ADA7
                                                                                                                • OpenDesktopA.USER32(058ED860,00000000,00000001,10000000), ref: 0585ADB3
                                                                                                                • CreateDesktopA.USER32(058ED860,00000000,00000000,00000000,10000000,00000000), ref: 0585ADC4
                                                                                                                • SetThreadDesktop.USER32(00000000), ref: 0585ADD0
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,0585A6DA,00000000,00000000,00000000), ref: 0585ADE0
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0585ADEE
                                                                                                                • TerminateThread.KERNEL32(00000000), ref: 0585ADFB
                                                                                                                • CloseHandle.KERNEL32 ref: 0585AE31
                                                                                                                • CloseHandle.KERNEL32 ref: 0585AE39
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Desktop$Thread$CloseCreateHandleOpenmemset$ObjectSingleTerminateWaitstrcpy
                                                                                                                • String ID: default${66FC1451-ED27-40BE-95A1-9AB6A43B0723}
                                                                                                                • API String ID: 975780402-3554626239
                                                                                                                • Opcode ID: 258de90af18f5ae5fceaf443fa1784081e65244f91b4b3b1a1120ed7e89b4966
                                                                                                                • Instruction ID: f81f936879bc59ea68df93172e858890c10ab3d56b098f14ece0cbcd29d81474
                                                                                                                • Opcode Fuzzy Hash: 258de90af18f5ae5fceaf443fa1784081e65244f91b4b3b1a1120ed7e89b4966
                                                                                                                • Instruction Fuzzy Hash: 25217CB1533224ABD7207B66AC8FD673EFCEB45AA0B00411EFD09DA110DF716809CBA5
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                  • Part of subcall function 0586674E: _vsnprintf.NTDLL ref: 05866763
                                                                                                                • memset.NTDLL ref: 05864D1C
                                                                                                                • memset.NTDLL ref: 05864D28
                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 05864D43
                                                                                                                • NtResumeThread.NTDLL(?,00000000), ref: 05864D55
                                                                                                                • WaitForSingleObject.KERNEL32(?,00002710,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 05864D63
                                                                                                                • TerminateProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 05864D71
                                                                                                                • strlen.NTDLL ref: 05864DD3
                                                                                                                • DeleteFileW.KERNEL32(book.json,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 05864DFC
                                                                                                                • DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 05864E05
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFileProcessmemset$AllocateCreateHeapObjectResumeSingleTerminateThreadWait_vsnprintfstrlen
                                                                                                                • String ID: %ws\%s /sjson %ws\book.json$book.json
                                                                                                                • API String ID: 2824381142-875663027
                                                                                                                • Opcode ID: 1b41d033be7f194b540db14a8f83ec5c227c68a4b43c6fdb042026d270db4b29
                                                                                                                • Instruction ID: 9330a2255e85f4d887c03f2e8ccba6b4e69948ab9db500c4b217c29d676f3814
                                                                                                                • Opcode Fuzzy Hash: 1b41d033be7f194b540db14a8f83ec5c227c68a4b43c6fdb042026d270db4b29
                                                                                                                • Instruction Fuzzy Hash: 2F3150B1A0024CBFDF01AFA8CC89DAEBBBDEF04254F104165FE15E6160DA319E10DB61
                                                                                                                APIs
                                                                                                                • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000), ref: 05857337
                                                                                                                • CryptCreateHash.ADVAPI32(?,00008004,00000000,00000000,?), ref: 0585734B
                                                                                                                • wcslen.NTDLL ref: 05857359
                                                                                                                • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 0585736A
                                                                                                                • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 05857389
                                                                                                                • CryptDestroyHash.ADVAPI32(?), ref: 0585739F
                                                                                                                • CryptReleaseContext.ADVAPI32(?,00000000), ref: 058573AE
                                                                                                                • lstrcmpW.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000008), ref: 05857405
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Crypt$Hash$Context$AcquireCreateDataDestroyParamReleaselstrcmpwcslen
                                                                                                                • String ID: %2.2X$%2.2X
                                                                                                                • API String ID: 289078181-411458494
                                                                                                                • Opcode ID: b7d901fa385356c724a455c3a995fe7cb41b944e39742363bf432447b4ebc418
                                                                                                                • Instruction ID: 2aec0eeb760613eb19d880606bd052c2fd17bd3f8075903db46c168c98ac3421
                                                                                                                • Opcode Fuzzy Hash: b7d901fa385356c724a455c3a995fe7cb41b944e39742363bf432447b4ebc418
                                                                                                                • Instruction Fuzzy Hash: CE313A7160430CAFEF119F65DC89EEA3FADFB05354F444025BE1AE2051E635D918DBA1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • lstrcpyW.KERNEL32(05863632,?,000493E0,00000000,00000001), ref: 05853C89
                                                                                                                • lstrcatW.KERNEL32(05863632,0587665C), ref: 05853C99
                                                                                                                • FindFirstFileW.KERNEL32(05863632,?), ref: 05853CA5
                                                                                                                • lstrcmpW.KERNEL32(?,05876664), ref: 05853CD3
                                                                                                                • lstrcmpW.KERNEL32(?,05876668), ref: 05853CE9
                                                                                                                • lstrcpyW.KERNEL32(?,?), ref: 05853CF9
                                                                                                                • lstrcatW.KERNEL32(?,05876670), ref: 05853D03
                                                                                                                • lstrcatW.KERNEL32(?,?), ref: 05853D0F
                                                                                                                • FindNextFileW.KERNEL32(?,00000010), ref: 05853D3A
                                                                                                                • FindClose.KERNEL32(?), ref: 05853DA2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Findlstrcat$FileHeaplstrcmplstrcpy$AllocateCloseFirstNextProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 2044544815-0
                                                                                                                • Opcode ID: 195e2c8c3b545cefb44afa683eef92e9a6c44aa8f4cf1ddf1802bcf692227833
                                                                                                                • Instruction ID: 991e2fcddf1ef9ff21d1a7daa9726127d1aeaf899c84e71c312ea956e3257d36
                                                                                                                • Opcode Fuzzy Hash: 195e2c8c3b545cefb44afa683eef92e9a6c44aa8f4cf1ddf1802bcf692227833
                                                                                                                • Instruction Fuzzy Hash: 0F413271E0021CABDF01ABA5DC09AEEBF79BF04314F0044A1AD05E2161EB359E59DFA5
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2221118986-0
                                                                                                                • Opcode ID: fd561bf1cfe2e271e17390e3cf183f148e993940c0082196944457952658d60b
                                                                                                                • Instruction ID: d79fe7dee4e1fbfabd95dc91cd8a588758d192116f447db64638674624ec709a
                                                                                                                • Opcode Fuzzy Hash: fd561bf1cfe2e271e17390e3cf183f148e993940c0082196944457952658d60b
                                                                                                                • Instruction Fuzzy Hash: 16D29A70A0560ADBCB15CFA8C8846BDBBF6FF44325F2485A9DC92EB281D3749B45CB50
                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,?,05858221), ref: 058580C4
                                                                                                                • lstrcmpW.KERNEL32(?,058778F8,?,00000001), ref: 058580EA
                                                                                                                • lstrcmpW.KERNEL32(?,058778FC), ref: 05858100
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 0585816B
                                                                                                                • GetLastError.KERNEL32 ref: 05858175
                                                                                                                • memcpy.NTDLL(00000000,?,00000208), ref: 0585819E
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,05858056,00000000,00000000,00000000), ref: 058581B4
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 058581BF
                                                                                                                  • Part of subcall function 0585BD03: lstrcpynW.KERNEL32(?,058580AE,00000104,?,?,00000001), ref: 0585BE1A
                                                                                                                • FindNextFileW.KERNEL32(0587790C,?), ref: 058581CF
                                                                                                                • FindClose.KERNEL32(0587790C), ref: 058581E0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$Closelstrcmp$CreateDeleteErrorFirstHandleLastNextThreadlstrcpynmemcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3652913367-0
                                                                                                                • Opcode ID: 07432effacfd41739243d7be56016fb53a7dad913c17e9a14a1b19a91868b65c
                                                                                                                • Instruction ID: a2e4bb0991741f043d314d682a056029633e38aa35a16bb7286d937416e1eae8
                                                                                                                • Opcode Fuzzy Hash: 07432effacfd41739243d7be56016fb53a7dad913c17e9a14a1b19a91868b65c
                                                                                                                • Instruction Fuzzy Hash: 8431037194071DAADF20ABA5DC4DFEA7BADBF04265F1044A2FD05E1050EB35DE848F64
                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 058582EE
                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,?,05877910), ref: 05858304
                                                                                                                • lstrcmpW.KERNEL32(05877914,?,?), ref: 05858328
                                                                                                                • lstrcmpW.KERNEL32(05877918,?), ref: 0585833A
                                                                                                                  • Part of subcall function 0585BD03: lstrcpynW.KERNEL32(?,058580AE,00000104,?,?,00000001), ref: 0585BE1A
                                                                                                                • lstrcmpW.KERNEL32(?,Cookies,?,?,?), ref: 0585836B
                                                                                                                  • Part of subcall function 05858093: FindFirstFileW.KERNEL32(?,?,?,?,05858221), ref: 058580C4
                                                                                                                  • Part of subcall function 05858093: lstrcmpW.KERNEL32(?,058778F8,?,00000001), ref: 058580EA
                                                                                                                  • Part of subcall function 05858093: lstrcmpW.KERNEL32(?,058778FC), ref: 05858100
                                                                                                                  • Part of subcall function 05858093: DeleteFileW.KERNEL32(?,?,?,?), ref: 0585816B
                                                                                                                  • Part of subcall function 05858093: GetLastError.KERNEL32 ref: 05858175
                                                                                                                  • Part of subcall function 05858093: memcpy.NTDLL(00000000,?,00000208), ref: 0585819E
                                                                                                                  • Part of subcall function 05858093: CreateThread.KERNEL32(00000000,00000000,05858056,00000000,00000000,00000000), ref: 058581B4
                                                                                                                  • Part of subcall function 05858093: CloseHandle.KERNEL32(00000000), ref: 058581BF
                                                                                                                  • Part of subcall function 05858093: FindNextFileW.KERNEL32(0587790C,?), ref: 058581CF
                                                                                                                  • Part of subcall function 05858093: FindClose.KERNEL32(0587790C), ref: 058581E0
                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 05858394
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 058583A3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileFindlstrcmp$Close$FirstHandleNext$CreateDeleteErrorLastThreadlstrcpynmemcpymemset
                                                                                                                • String ID: Cookies
                                                                                                                • API String ID: 2586517288-1894306368
                                                                                                                • Opcode ID: 79bcbe1eb1bc2f35973b9338aa664998fddd4896fb7b2470f1c8234643b2a8ab
                                                                                                                • Instruction ID: ff05f44fa4fdbe7fa97f929559fa7dd441bd954c3edd041598888838afe77ad1
                                                                                                                • Opcode Fuzzy Hash: 79bcbe1eb1bc2f35973b9338aa664998fddd4896fb7b2470f1c8234643b2a8ab
                                                                                                                • Instruction Fuzzy Hash: 3A218471A0121DAADF10A7A4DC4DFEA77ACAB44761F1404A2AE05E2040FA74EE458E71
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0586853F: DeleteFileA.KERNEL32(00000000,00000000,058565E3,00000001,dll,00000001,?,05857A01,00000001,00000000,00000000,?,?,?,05857B10,00000000), ref: 05868566
                                                                                                                • memset.NTDLL ref: 05856F3D
                                                                                                                • memset.NTDLL ref: 05856F49
                                                                                                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,05857077), ref: 05856F6B
                                                                                                                • NtResumeThread.NTDLL(00000001,00000000), ref: 05856F79
                                                                                                                • WaitForSingleObject.KERNEL32(05857077,00002710,?,?,?,?,?,?,?,?,00000000), ref: 05856F87
                                                                                                                • TerminateProcess.KERNEL32(05857077,00000000,?,?,?,?,?,?,?,?,00000000), ref: 05856F95
                                                                                                                • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 05856F9E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFileProcessmemset$CreateObjectResumeSingleTerminateThreadWait
                                                                                                                • String ID: exe
                                                                                                                • API String ID: 2412601192-1801697008
                                                                                                                • Opcode ID: 873839a7c47781941161e328c3bde29cef390ed74c9e6a8fd9fac67a850ae1cf
                                                                                                                • Instruction ID: bc9e4f6e76b5b0f1f2affd7d84d90dc41f90528da844cd2d1c7c0741c31f394e
                                                                                                                • Opcode Fuzzy Hash: 873839a7c47781941161e328c3bde29cef390ed74c9e6a8fd9fac67a850ae1cf
                                                                                                                • Instruction Fuzzy Hash: E611E871915219BADF10ABA2DD0EEDF7FBCEF056A1F400420BE09E5051EA719A14DAB2
                                                                                                                APIs
                                                                                                                • getaddrinfo.WS2_32(0000000A,00000000,?,058C1C24), ref: 05851848
                                                                                                                • socket.WS2_32(00000000,00000000,00000000), ref: 05851872
                                                                                                                • bind.WS2_32(00000000,00000000,00000000), ref: 05851886
                                                                                                                • closesocket.WS2_32(00000000), ref: 05851891
                                                                                                                • freeaddrinfo.WS2_32(058C1C24,058C1C08,058C1C08), ref: 058518B4
                                                                                                                • closesocket.WS2_32(058C1C24), ref: 058518D2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: closesocket$bindfreeaddrinfogetaddrinfosocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 3584273986-0
                                                                                                                • Opcode ID: 7012d5483370b644dc22602068b8e367304dac4b0fe154c9aaa49f40a979cbcd
                                                                                                                • Instruction ID: 3293796c1431af067ab6952092b43fd2e5006e2c7a4177aa279a82ee4c2007b0
                                                                                                                • Opcode Fuzzy Hash: 7012d5483370b644dc22602068b8e367304dac4b0fe154c9aaa49f40a979cbcd
                                                                                                                • Instruction Fuzzy Hash: 73316132A00608AFDF219FA5D84ABAE7BB9FB04734F000619FD56E6190E731AD15EB51
                                                                                                                APIs
                                                                                                                • OpenClipboard.USER32(00000000), ref: 05867E3B
                                                                                                                • EmptyClipboard.USER32 ref: 05867E45
                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000002), ref: 05867E54
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 05867E5D
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000001), ref: 05867E6E
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 05867E75
                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 05867E7E
                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 05867E85
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Global$Clipboard$AllocByteCharDataEmptyFreeLockMultiOpenUnlockWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 1489031512-0
                                                                                                                • Opcode ID: 631057665c3265b6a25bbf1dd40b5cc4b30f726db04603cd2eb7ae491fbf7d44
                                                                                                                • Instruction ID: 3325162fed2c2f95566504b62bdf4dc3fa736d8ee3a16263907268bff0aaef2e
                                                                                                                • Opcode Fuzzy Hash: 631057665c3265b6a25bbf1dd40b5cc4b30f726db04603cd2eb7ae491fbf7d44
                                                                                                                • Instruction Fuzzy Hash: B9213632618658ABD7254F799C4DBA63F99FB45729F100419FD4ACA141EA70DC04C7A0
                                                                                                                Strings
                                                                                                                • invalid literal/length code, xrefs: 0584EA25
                                                                                                                • invalid distances set, xrefs: 0584E81C
                                                                                                                • invalid literal/lengths set, xrefs: 0584E7D2
                                                                                                                • invalid bit length repeat, xrefs: 0584E778, 0584E787
                                                                                                                • invalid code -- missing end-of-block, xrefs: 0584E769
                                                                                                                • too many length or distance symbols, xrefs: 0584E546
                                                                                                                • invalid distance code, xrefs: 0584EBD4
                                                                                                                • invalid distance too far back, xrefs: 0584EC71
                                                                                                                • invalid code lengths set, xrefs: 0584E537
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                • API String ID: 0-2665694366
                                                                                                                • Opcode ID: 78b7beb40c7f7f06fcc920a121cade6d76832b433eec595ab1b690b7ab2a09e1
                                                                                                                • Instruction ID: bffadf1514d93d35b3cc41bf50f0b2fd019a4c0309b4490ffaba15f69be75673
                                                                                                                • Opcode Fuzzy Hash: 78b7beb40c7f7f06fcc920a121cade6d76832b433eec595ab1b690b7ab2a09e1
                                                                                                                • Instruction Fuzzy Hash: 6F626970A04A198BCB28CF55C4906AEBBF3FF84315F14856ECC9697B84D778A985CF81
                                                                                                                APIs
                                                                                                                • lstrlenW.KERNEL32(?), ref: 05857434
                                                                                                                • CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,00000001,?), ref: 05857454
                                                                                                                • memcpy.NTDLL(?,00000000,00000004,00000000,058778D0,00000000), ref: 05857472
                                                                                                                • memcpy.NTDLL(?,?,00000004,?,00000000,00000004,00000000,058778D0,00000000), ref: 05857481
                                                                                                                • memcpy.NTDLL(00000001,?,00000004,?,?,00000004,?,00000000,00000004,00000000,058778D0,00000000), ref: 05857490
                                                                                                                • memcpy.NTDLL(?,?,00000004,?,?,?,?,?,?,?,?,?,?,00000000,058778D0,00000000), ref: 058574F7
                                                                                                                • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,058778D0,00000000), ref: 05857578
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$CryptDataFreeLocalUnprotectlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3930812776-0
                                                                                                                • Opcode ID: 1aa38725c95c25efa2fa0f78cb893cfd02cf6298bcbf3829e23a313d42b5e842
                                                                                                                • Instruction ID: e00888cf08aa53f12b42d08d8f02a8c648045181da6fb53effa8b7c3b35cbe73
                                                                                                                • Opcode Fuzzy Hash: 1aa38725c95c25efa2fa0f78cb893cfd02cf6298bcbf3829e23a313d42b5e842
                                                                                                                • Instruction Fuzzy Hash: 1651207190020CAACF04EB94DD99EEE77B8EF54355F504169EE06E7150EB30AF48CBA2
                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 0585B4ED
                                                                                                                • memset.NTDLL ref: 0585B4F9
                                                                                                                • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 0585B517
                                                                                                                • NtResumeThread.NTDLL(?,?), ref: 0585B541
                                                                                                                • CloseHandle.KERNEL32(?), ref: 0585B54A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset$CloseCreateHandleProcessResumeThread
                                                                                                                • String ID: C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                                • API String ID: 1852171971-889358478
                                                                                                                • Opcode ID: 60a44c4a48cc3e057e01ba8a1acf5dcbb8b73ec1cdff124f7e364c7dc62bf527
                                                                                                                • Instruction ID: d1ac41b414a5a7cb5db2ec77fb44e8f44ac0810adbe7b8aa1aba670936a6a1b5
                                                                                                                • Opcode Fuzzy Hash: 60a44c4a48cc3e057e01ba8a1acf5dcbb8b73ec1cdff124f7e364c7dc62bf527
                                                                                                                • Instruction Fuzzy Hash: B5215A71A012597ADF21BBA99C0DEEF3F7DEF55362F004421FE06E5040EA309A54D6A3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: header crc mismatch$incorrect header check$invalid window size$unknown compression method$unknown header flags set
                                                                                                                • API String ID: 0-3633268661
                                                                                                                • Opcode ID: 098fd9058a2ed41e302dc3509e458d0ff87bbd3055ef6a3e3b584fa14e1c5a7f
                                                                                                                • Instruction ID: 44f410eb5d9ce6d4e6aa02471a970339a6c79c98babf90cfa69225031be810fd
                                                                                                                • Opcode Fuzzy Hash: 098fd9058a2ed41e302dc3509e458d0ff87bbd3055ef6a3e3b584fa14e1c5a7f
                                                                                                                • Instruction Fuzzy Hash: BA425770A05709DBDB28CF68C4947AABBF2BF84304F14866DDC969B781D774A984CF81
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0585ED5D: memset.NTDLL ref: 0585ED78
                                                                                                                  • Part of subcall function 0585ED5D: memset.NTDLL ref: 0585EE55
                                                                                                                  • Part of subcall function 0585ED5D: memset.NTDLL ref: 0585EE68
                                                                                                                • memcpy.NTDLL(?,00008F12,0000011E), ref: 0585EFD0
                                                                                                                • memcpy.NTDLL(?,00009032,0000001E,?,00008F12,0000011E), ref: 0585EFE8
                                                                                                                • memset.NTDLL ref: 0585F003
                                                                                                                • memset.NTDLL ref: 0585F051
                                                                                                                • memset.NTDLL ref: 0585F0D0
                                                                                                                • memset.NTDLL ref: 0585F13F
                                                                                                                • memset.NTDLL ref: 0585F20F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset$memcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 368790112-0
                                                                                                                • Opcode ID: 9f0a8feb05ee0e71bba243a83a2443e929a27a5c0f499e72282347a0a2fba808
                                                                                                                • Instruction ID: d9c05f8b93dc7b95ac321e46c504f16e9c1034731fb875f6bd491522580773a3
                                                                                                                • Opcode Fuzzy Hash: 9f0a8feb05ee0e71bba243a83a2443e929a27a5c0f499e72282347a0a2fba808
                                                                                                                • Instruction Fuzzy Hash: E8F1EFB0600B99DFDB31CB68C984AAABBF5BF41324F14496DCED6D6681D231AA45CB10
                                                                                                                APIs
                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 05868733
                                                                                                                • socket.WS2_32(00000002,00000001,00000006), ref: 05868748
                                                                                                                • htons.WS2_32(?), ref: 05868763
                                                                                                                • bind.WS2_32(00000000,?,00000010), ref: 05868774
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Startupbindhtonssocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 782376227-0
                                                                                                                • Opcode ID: 31a1b228d8cdb04e6866609a4c38912d6665f7c1f09aa6fe5c8d96e1d1e17e7b
                                                                                                                • Instruction ID: c9bdabc6ed5a810f039ddce4b4ec52ba4ae0edc9ed73969e2c47559ac436019c
                                                                                                                • Opcode Fuzzy Hash: 31a1b228d8cdb04e6866609a4c38912d6665f7c1f09aa6fe5c8d96e1d1e17e7b
                                                                                                                • Instruction Fuzzy Hash: C101D6316606186AEB105BB49C0FFFA7AA8EF00764F040624FD2AE50C0EBB0D540CB52
                                                                                                                APIs
                                                                                                                • CoInitialize.OLE32(00000000), ref: 058578AC
                                                                                                                • CoCreateInstance.OLE32(0587ADB4,00000000,00000001,0587ADC4,00000001,?,?,?,?,?,?,?,?,058579F8,00000000), ref: 058578CA
                                                                                                                • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,058579F8,00000000,?,?,?,05857B10,00000000,00000000), ref: 05857961
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateInitializeInstanceUninitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 948891078-0
                                                                                                                • Opcode ID: 9caed928df40bbf90d61c5f65098a3c24c8bd3893ed36f883df4cea0a3877748
                                                                                                                • Instruction ID: c04fa79b67f936f8229003815a863808909590dba3a0a1b9ef9c422785b723f7
                                                                                                                • Opcode Fuzzy Hash: 9caed928df40bbf90d61c5f65098a3c24c8bd3893ed36f883df4cea0a3877748
                                                                                                                • Instruction Fuzzy Hash: 11310871A0435EAFCF01DFE4C8899EDBBB9FF04764F148069ED02E6240D6399A49CB65
                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 05858255
                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,?,?), ref: 0585826B
                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 058582A3
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 058582AE
                                                                                                                  • Part of subcall function 0585BD03: lstrcpynW.KERNEL32(?,058580AE,00000104,?,?,00000001), ref: 0585BE1A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$CloseFirstHandleNextlstrcpynmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3845468817-0
                                                                                                                • Opcode ID: 92da5b0d7ec264674b859e9242b6dd34e747e68d7e08c50adbd2ff4564090d84
                                                                                                                • Instruction ID: 08aa9d8009c3ade6a8d800397b651c7ad64a7eec7333719b4798f27455cc3412
                                                                                                                • Opcode Fuzzy Hash: 92da5b0d7ec264674b859e9242b6dd34e747e68d7e08c50adbd2ff4564090d84
                                                                                                                • Instruction Fuzzy Hash: 7C01567290052C6BCF20AAA5DC4DEEA7FBCBF44766F440155FD15E6090EB30DA448EA5
                                                                                                                APIs
                                                                                                                • memcpy.NTDLL(?,00000000,?), ref: 0584C071
                                                                                                                • memcpy.NTDLL(?,00000010,?), ref: 0584C166
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy
                                                                                                                • String ID: BQ`
                                                                                                                • API String ID: 3510742995-1649249777
                                                                                                                • Opcode ID: d53a18d5907f659d5effee781eeecd1ab40a671e6feb832b61d2f55a3cbd45c3
                                                                                                                • Instruction ID: 3f9a2f90179d49c084c02e4201e58f97b27811753e03b467bdad336c082c59c4
                                                                                                                • Opcode Fuzzy Hash: d53a18d5907f659d5effee781eeecd1ab40a671e6feb832b61d2f55a3cbd45c3
                                                                                                                • Instruction Fuzzy Hash: CF823970A04B068FD728CF69C48166AF7F1FF49311B148A6DD9AAC7791D734A891CF90
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy
                                                                                                                • String ID: BQ`
                                                                                                                • API String ID: 3510742995-1649249777
                                                                                                                • Opcode ID: 48dc011384312e65a48525791e12bdcbbb7f262e493c9c56f7898abe14b96ec5
                                                                                                                • Instruction ID: 643ab7dd4ec625e7d796d0588a44e1643ae5e6e1a559825c0286d9a2991095ea
                                                                                                                • Opcode Fuzzy Hash: 48dc011384312e65a48525791e12bdcbbb7f262e493c9c56f7898abe14b96ec5
                                                                                                                • Instruction Fuzzy Hash: F8724770A05A0A9FCB18CF69C490AA9FBF6FB88310F14866DD96AD7745D734AC50CF90
                                                                                                                APIs
                                                                                                                • NtQueryInformationProcess.NTDLL(?,0000001B,00000000,00000000,00000000), ref: 05862CDB
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                • NtQueryInformationProcess.NTDLL(?,0000001B,00000000,00000000,00000000), ref: 05862D04
                                                                                                                  • Part of subcall function 0586674E: _vsnprintf.NTDLL ref: 05866763
                                                                                                                  • Part of subcall function 05863DF7: RtlFreeHeap.NTDLL(00000000,?,0586429E,?,?,?,?,00000000), ref: 05863E03
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: HeapInformationProcessQuery$AllocateFree_vsnprintf
                                                                                                                • String ID: %ws
                                                                                                                • API String ID: 3826544552-1756730030
                                                                                                                • Opcode ID: 34c49813dad2498c1ba89ae0d3e38b15211de7298e525fa38006f67ba06729d9
                                                                                                                • Instruction ID: 7eec7453bbcc846f9e744e90a9cbd77471dec8b802fa24a58ad626eb62a4734e
                                                                                                                • Opcode Fuzzy Hash: 34c49813dad2498c1ba89ae0d3e38b15211de7298e525fa38006f67ba06729d9
                                                                                                                • Instruction Fuzzy Hash: DE01FB7661121CBBDF11EA94CD06EEE7AB9EF04754F100490F906E6150DB75DE10A691
                                                                                                                APIs
                                                                                                                • CryptDestroyKey.ADVAPI32(00000000,?,00000001,00000001), ref: 05871371
                                                                                                                • CryptDestroyKey.ADVAPI32(00000000,?,00000010,00000000), ref: 058713FA
                                                                                                                • CryptDestroyKey.ADVAPI32(00000000,?,?,?,?,00000010,00000000), ref: 05871443
                                                                                                                  • Part of subcall function 0587129C: CryptEncrypt.ADVAPI32(?,00000000,00000080,00000000,?,00000080,00000000,00000000,000000FF,00000080,?,00000000,00000000,?,058713E0,?), ref: 058712E9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Crypt$Destroy$Encrypt
                                                                                                                • String ID:
                                                                                                                • API String ID: 2813028300-0
                                                                                                                • Opcode ID: d03b8240bae44e55c2815596654b43c6acdcdc0036895e7326b4e3ef298f263d
                                                                                                                • Instruction ID: 2c74cfe1c99e9bd964ebc1307fa37ce9114f95d59debe7a116d798677e7d79e0
                                                                                                                • Opcode Fuzzy Hash: d03b8240bae44e55c2815596654b43c6acdcdc0036895e7326b4e3ef298f263d
                                                                                                                • Instruction Fuzzy Hash: F651B571D1021DABCF15EFA8DC59EEEBB75FF08300F008069E915A6660DA319A64DF51
                                                                                                                APIs
                                                                                                                  • Part of subcall function 058697FE: GetProcessHeap.KERNEL32(00000000,0586AA65,?,0586F2F6,00008000,?,0586AA88,0586BDC9,?,0586AA88,00000008,0586AAAC,?,0586AA65,00000008,00000004), ref: 05869806
                                                                                                                  • Part of subcall function 058697FE: RtlAllocateHeap.NTDLL(00000000,?,0586F2F6,00008000,?,0586AA88,0586BDC9,?,0586AA88,00000008,0586AAAC,?,0586AA65,00000008,00000004), ref: 0586980D
                                                                                                                • CryptImportKey.ADVAPI32(00000000,00000000,?,00000000,00000100,?), ref: 05873437
                                                                                                                  • Part of subcall function 058697E7: GetProcessHeap.KERNEL32(00000000,00000000,?,0586E589,00000000,000000B8,00000000,00000000,00000000,?,0586D0AC,00000000,00000000,00000000,0586E54F,00000000), ref: 058697EF
                                                                                                                  • Part of subcall function 058697E7: HeapFree.KERNEL32(00000000,?,0586E589,00000000,000000B8,00000000,00000000,00000000,?,0586D0AC,00000000,00000000,00000000,0586E54F,00000000,00000000), ref: 058697F6
                                                                                                                • CryptCreateHash.ADVAPI32(00000000,00008009,?,00000000,00006602), ref: 05873459
                                                                                                                • CryptSetHashParam.ADVAPI32(00006602,00000005,?,00000000), ref: 05873478
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Crypt$HashProcess$AllocateCreateFreeImportParam
                                                                                                                • String ID:
                                                                                                                • API String ID: 3776467331-0
                                                                                                                • Opcode ID: 2a52f32d1d89602fff40f649d7ff89f23d0633f9bc50c0975cfb2c8cc8524567
                                                                                                                • Instruction ID: 599b40c961a33fb74fef6cbc541986b210c0a3f12b74bc011d60df61fb1bc1a5
                                                                                                                • Opcode Fuzzy Hash: 2a52f32d1d89602fff40f649d7ff89f23d0633f9bc50c0975cfb2c8cc8524567
                                                                                                                • Instruction Fuzzy Hash: 45111275600209BFDB00DF6CDC89FAABBB9EF48315F104455FA05EB292DA706D158B62
                                                                                                                APIs
                                                                                                                • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0585634C
                                                                                                                • LocalFree.KERNEL32(?,?,?,00000000,?), ref: 0585637E
                                                                                                                • memcpy.NTDLL(00000000,?,?,?,?,00000000,?), ref: 0585638F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptDataFreeLocalUnprotectmemcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 878625895-0
                                                                                                                • Opcode ID: 8c707dc7525f9b1622af8e138c7389ed3bcbb71b02c8bc727f5fa4cbce69bac1
                                                                                                                • Instruction ID: 7555e69019d25de13abf745585f6969e28c1d6e0e5fd88da469e07635dab5535
                                                                                                                • Opcode Fuzzy Hash: 8c707dc7525f9b1622af8e138c7389ed3bcbb71b02c8bc727f5fa4cbce69bac1
                                                                                                                • Instruction Fuzzy Hash: F0118472E00228BFDB11DFE9C8849EEFBB9FB44224F9004A5ED55E3200F6319E008B91
                                                                                                                APIs
                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,05865C9C), ref: 05865B55
                                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,05865C9C,?,?,?,?,05865C9C), ref: 05865B6A
                                                                                                                • FreeSid.ADVAPI32(?,?,?,?,?,05865C9C), ref: 05865B7A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                • String ID:
                                                                                                                • API String ID: 3429775523-0
                                                                                                                • Opcode ID: ecd2d99894932ed59a5dcdd034f203732a2f52835994887816450ab36d0ec722
                                                                                                                • Instruction ID: ade79610cbe7bf3dcafb79345cabdd9780af04f19d512c1a880da77081b40b19
                                                                                                                • Opcode Fuzzy Hash: ecd2d99894932ed59a5dcdd034f203732a2f52835994887816450ab36d0ec722
                                                                                                                • Instruction Fuzzy Hash: F801317294528CFFDB01DBE88889AEDBF7CEB15200F4444D9E551B3141D7709B04DB25
                                                                                                                APIs
                                                                                                                • memcpy.NTDLL(?,?,058341DE,?,?,00000000), ref: 058391A3
                                                                                                                  • Part of subcall function 05865649: GetProcessHeap.KERNEL32(00000000,00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865651
                                                                                                                  • Part of subcall function 05865649: RtlFreeHeap.NTDLL(00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865658
                                                                                                                • memcpy.NTDLL(?,?,?,?,?,00000000), ref: 05839411
                                                                                                                • memcpy.NTDLL(?,00000000,?,?,?,00000000), ref: 058394D7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$Heap$FreeProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 2997710474-0
                                                                                                                • Opcode ID: c4809e5eeca31ab56e94daea190cbace62aaec3da7a2b2a1c09c492866e49e92
                                                                                                                • Instruction ID: 7d0b1a79fe6d737f29d45ba7369ab283ce36542f05175428b2d62a1fb2dc5a8a
                                                                                                                • Opcode Fuzzy Hash: c4809e5eeca31ab56e94daea190cbace62aaec3da7a2b2a1c09c492866e49e92
                                                                                                                • Instruction Fuzzy Hash: B2121771E002199FCF18CF99C8919ADFBF2FF88314F18816AE859EB355D274A945CB90
                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 0585FB0A
                                                                                                                • memset.NTDLL ref: 0585FB19
                                                                                                                • memcpy.NTDLL(?,00039272,00000000,?,?,?,?,00007FFF,?,00000000), ref: 0585FBA2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset$memcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 368790112-0
                                                                                                                • Opcode ID: 8f76efea173f1877aa4d96efb40b5a3e36871ef9fac24ada24ed98a3f8ed27de
                                                                                                                • Instruction ID: 54914a5678cb8525d9f00dcaf510117a411cd46df5fd24f8232f29db3ab6699f
                                                                                                                • Opcode Fuzzy Hash: 8f76efea173f1877aa4d96efb40b5a3e36871ef9fac24ada24ed98a3f8ed27de
                                                                                                                • Instruction Fuzzy Hash: F00213B1601B619FC775CF29C690967BBF1BF447247604E2EDAE786A90E231F885CB04
                                                                                                                Strings
                                                                                                                • invalid literal/length code, xrefs: 0585046F
                                                                                                                • invalid distance code, xrefs: 05850453
                                                                                                                • invalid distance too far back, xrefs: 05850447
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                                                                                                                • API String ID: 0-3255898291
                                                                                                                • Opcode ID: fa8d4cd8c58062ce68f9bc0798b92b85b4bba73b29751103a36e7eb881b34fc4
                                                                                                                • Instruction ID: f7742ae1fa9ddd6bb05a1f50b418f91693c0f406e006541c98029d8a24b0a1cf
                                                                                                                • Opcode Fuzzy Hash: fa8d4cd8c58062ce68f9bc0798b92b85b4bba73b29751103a36e7eb881b34fc4
                                                                                                                • Instruction Fuzzy Hash: A5E1AE30A04555CFCB09CF69C8946BCBBF3EF85324B28C1A9DC9ADB346D6359A46CB50
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509245363.0000000005340000.00000040.00001000.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5340000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .$GetProcAddress.$l
                                                                                                                • API String ID: 0-2784972518
                                                                                                                • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                • Instruction ID: 3a9ead98523983d8523e50a61939194d9566d8441da147287de4da6a9c8cf454
                                                                                                                • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                • Instruction Fuzzy Hash: 4F314AB6A10609DFDB14CF99C884AADBBF9FF48324F14404AD541AB310D7B1EA45CFA4
                                                                                                                APIs
                                                                                                                • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000,?,?,05873384,?,?,00000020,?,?,?,05872F82,?), ref: 058733A4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptHashParam
                                                                                                                • String ID:
                                                                                                                • API String ID: 1839025277-3916222277
                                                                                                                • Opcode ID: 1290eadd726e0bdb081caa5333ae1ed005be902e1f3a04d727639d81fc2ddc44
                                                                                                                • Instruction ID: f94cba3302646ca5cdb070fcaa06e21e7b68b558685cb8819c34aa563c0ea4f0
                                                                                                                • Opcode Fuzzy Hash: 1290eadd726e0bdb081caa5333ae1ed005be902e1f3a04d727639d81fc2ddc44
                                                                                                                • Instruction Fuzzy Hash: 3BD0A93010020CFFEB00CF80CC0AFA9BBACEB08300F104084BD0056291DAB22E24ABA1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0586E7F4: CryptHashData.ADVAPI32(000000B3,?,?,00000000,?,05872607,00000000,00000000,?,?,0586C510,00000000,0586C510,00000000,00000000,00000000), ref: 0586E805
                                                                                                                • CryptDestroyKey.ADVAPI32(00000000,00000000,?,0587A914,?,?,?,?,?,?,?,?,?), ref: 05872374
                                                                                                                • CryptDestroyKey.ADVAPI32(00000000,00000000,?,?,?,00000000,?,0587A914,?,?,?,?,?,?,?,?), ref: 058723AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Crypt$Destroy$DataHash
                                                                                                                • String ID:
                                                                                                                • API String ID: 442322009-0
                                                                                                                • Opcode ID: b949baa48b908f81bb0a693cba90174c8aa3226915718e58b81122fb9bc15bbd
                                                                                                                • Instruction ID: c3ec2da5abc9cd0712de9e87daf91814db3a278a3d82c6b20d02a5508a8572a3
                                                                                                                • Opcode Fuzzy Hash: b949baa48b908f81bb0a693cba90174c8aa3226915718e58b81122fb9bc15bbd
                                                                                                                • Instruction Fuzzy Hash: 6A31B075A0021D9BDF05EF94D894EEEBB79FF54304F00006AE916E7150DB30AE4ACBA1
                                                                                                                APIs
                                                                                                                • RtlInitUnicodeString.NTDLL(?,?), ref: 058660CA
                                                                                                                • NtDeleteValueKey.NTDLL(?,?), ref: 058660D7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteInitStringUnicodeValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 2965584260-0
                                                                                                                • Opcode ID: cd1d55a291370179dda4295815a9009877ed00b810e976ffbe10705d0b6d4905
                                                                                                                • Instruction ID: 79ef4931b8d32874181892592eea35c4f35107a3ed34d88a2d2f0128842523aa
                                                                                                                • Opcode Fuzzy Hash: cd1d55a291370179dda4295815a9009877ed00b810e976ffbe10705d0b6d4905
                                                                                                                • Instruction Fuzzy Hash: AA01177290026EBBDF21AA95DD09AE9B778AB04701F104072BE05E6150EA30DE549B92
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                • NtEnumerateKey.NTDLL(00000000,05879690,00000000,00000000,00000208,00000000), ref: 05865EAE
                                                                                                                • lstrcpyW.KERNEL32(05857D90,00000010,?,058646E1,05879690,80000001,00000000,00000000,?,?,?,0586473B,80000001,05857D90,05879690,00000000), ref: 05865EC9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateEnumerateHeaplstrcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 2923735597-0
                                                                                                                • Opcode ID: db85a774f99ce22d4343bcf8b2df8fdedda985fdf9903ce2d0183a4feeaeb0fe
                                                                                                                • Instruction ID: dcfad2a58031f29a25b4c0119dd3e0ba29964ee716aaab55c39d8287f049551c
                                                                                                                • Opcode Fuzzy Hash: db85a774f99ce22d4343bcf8b2df8fdedda985fdf9903ce2d0183a4feeaeb0fe
                                                                                                                • Instruction Fuzzy Hash: D1F0497660020CBFEB109F59DC88CABBBBCFF052A4720452AFC94D7200DB30ED508AA0
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                • NtEnumerateValueKey.NTDLL(?,00000000,00000000,00000000,00000208,00000208), ref: 05865F0A
                                                                                                                • lstrcpyW.KERNEL32(00000000,0000000C,?,?,0585726C,?,00000000,00000000,?,00000208,?,00000000,058778D0,00000000), ref: 05865F25
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateEnumerateHeapValuelstrcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 2226612572-0
                                                                                                                • Opcode ID: 11cb70e2b76a27dcdccef2733443183aee956ba7ccf16d269e292d2398215354
                                                                                                                • Instruction ID: c4b5a176e2416cf080883c4e024f48b0abb0673b3ea4182b12fb4df08ce85972
                                                                                                                • Opcode Fuzzy Hash: 11cb70e2b76a27dcdccef2733443183aee956ba7ccf16d269e292d2398215354
                                                                                                                • Instruction Fuzzy Hash: C1F04976610209BFEB009F5ADC88CABBBBCFF052A4750452AFC54D3200DB30ED508AA0
                                                                                                                APIs
                                                                                                                • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0586FB1F
                                                                                                                • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0586FB2F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ContextCryptRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 829835001-0
                                                                                                                • Opcode ID: 9a98bea4843e9f0b87dbe32298f694c0b8bb173378523e221ddf8a2d604eeedd
                                                                                                                • Instruction ID: b0feb10617677a5d05ebf02f5a0ba2de18502a4dad5ce446c2e54f45ad7a8f98
                                                                                                                • Opcode Fuzzy Hash: 9a98bea4843e9f0b87dbe32298f694c0b8bb173378523e221ddf8a2d604eeedd
                                                                                                                • Instruction Fuzzy Hash: 88E0E235115600DFD3320F16EC09C22BAF4FBD9A52320892EE9D7825198A71A852DB20
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: %s: %s$rfbSendUpdateBuf: write
                                                                                                                • API String ID: 0-3966518347
                                                                                                                • Opcode ID: 6df8c7a9b60bcc1deba2f88fda0600adf1a6d5af48dedf9661b1679114cee80d
                                                                                                                • Instruction ID: 1f0c8dc2e16794620a67cf977fd1c8efdf4d11db547c3966fadba464e201efff
                                                                                                                • Opcode Fuzzy Hash: 6df8c7a9b60bcc1deba2f88fda0600adf1a6d5af48dedf9661b1679114cee80d
                                                                                                                • Instruction Fuzzy Hash: 97D1D470A056159FCB08CF69C9816A9FBF1FF48201F1481A9EC19DB342E778E951CBD0
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2221118986-0
                                                                                                                • Opcode ID: 186f94cb7394fd3d4e970ce79ce788a6b03f856d8a3dcd110616778e03ebaf10
                                                                                                                • Instruction ID: 4736d69591546525a86810ae4802426971bcfd51498421ce6f1df06df26e8861
                                                                                                                • Opcode Fuzzy Hash: 186f94cb7394fd3d4e970ce79ce788a6b03f856d8a3dcd110616778e03ebaf10
                                                                                                                • Instruction Fuzzy Hash: 83A1C735905286DBDF25CE68C5982B9BFB2FF41320F2885A9DCC1DB246C2355E86CB90
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2221118986-0
                                                                                                                • Opcode ID: 19f8fbea23eda78df5f710adffc17e67ee4b35d6070310b6dbebd398abb6c926
                                                                                                                • Instruction ID: 2b786dc2bd63a23675de6347d4b24f04abec4e897a1f35c1c331bee25d12c7b7
                                                                                                                • Opcode Fuzzy Hash: 19f8fbea23eda78df5f710adffc17e67ee4b35d6070310b6dbebd398abb6c926
                                                                                                                • Instruction Fuzzy Hash: D1324CB7F4160A9BDB08CED5CCC1ADDB3F3BBD8354B1E9068C505D7305EAB8A6468A50
                                                                                                                APIs
                                                                                                                • memcpy.NTDLL(?,?,?,?,?,?,?), ref: 05839B2F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3510742995-0
                                                                                                                • Opcode ID: 1d667d8231ed057bb2be0b9f78e3883ad01d25a9dfa4ba7fc59dbb28d90fcc1f
                                                                                                                • Instruction ID: cf016a0c8b6f8805348dcbd6a11d0a10227dca8d61dca514a781f35fbd535d82
                                                                                                                • Opcode Fuzzy Hash: 1d667d8231ed057bb2be0b9f78e3883ad01d25a9dfa4ba7fc59dbb28d90fcc1f
                                                                                                                • Instruction Fuzzy Hash: 91D10771E042199FCB18CFA9C5869ADFBF2FF88314F14816AD856EB744E770A941CB90
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                • String ID: VUUU
                                                                                                                • API String ID: 3859560861-2040033107
                                                                                                                • Opcode ID: 58487d9954f7cf6f0b6e09b87dcd66cee830f9314c37db45e01e4cf61e20fbad
                                                                                                                • Instruction ID: 58a3127bd3a2eaf0e064096c3d64b2b7021b036b9179adad52afb8ddeaa72951
                                                                                                                • Opcode Fuzzy Hash: 58487d9954f7cf6f0b6e09b87dcd66cee830f9314c37db45e01e4cf61e20fbad
                                                                                                                • Instruction Fuzzy Hash: 5EC14D71A0565657DB68CF69C8912B9FBF2FF44210B08512EF882D7A91E338F951CB90
                                                                                                                APIs
                                                                                                                  • Part of subcall function 058726F9: CryptImportKey.ADVAPI32(00000000,05872D5A,00000190,00000000,00000001,00000084,?,05872D5A,00000088,?,?,?,00000000,00000000,00000000), ref: 0587271F
                                                                                                                • CryptDestroyKey.ADVAPI32(00000000,?,?,?,?,00000088,?,?,?,00000000,00000000,00000000), ref: 05872DB4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Crypt$DestroyImport
                                                                                                                • String ID:
                                                                                                                • API String ID: 2861546143-0
                                                                                                                • Opcode ID: 9db0f4959581871d80b74a0dab75a66771b800e5a4ec33ae79d6dcd4ba9545cf
                                                                                                                • Instruction ID: f27dc7c01bc9e9a81f869728a0f9e88f1d07bddb1cfcf38479fd2a56d1c23a24
                                                                                                                • Opcode Fuzzy Hash: 9db0f4959581871d80b74a0dab75a66771b800e5a4ec33ae79d6dcd4ba9545cf
                                                                                                                • Instruction Fuzzy Hash: 6F018271A0031C66D720AA298C59FDE736CAF01709F004095ED8AA6142DE746F498BE6
                                                                                                                APIs
                                                                                                                • CryptEncrypt.ADVAPI32(?,00000000,00000080,00000000,?,00000080,00000000,00000000,000000FF,00000080,?,00000000,00000000,?,058713E0,?), ref: 058712E9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptEncrypt
                                                                                                                • String ID:
                                                                                                                • API String ID: 1352496322-0
                                                                                                                • Opcode ID: 9055703ac5d9092c58c878b1a12c823d644ef6d1374bcec38fbde43f92b20928
                                                                                                                • Instruction ID: 7d1a50a8eed6d022ae49bca36d4fe9597b07ec75984a54a534bf7c75600eee9f
                                                                                                                • Opcode Fuzzy Hash: 9055703ac5d9092c58c878b1a12c823d644ef6d1374bcec38fbde43f92b20928
                                                                                                                • Instruction Fuzzy Hash: FC015E7620410EBFDB049F59DD55CAABF69FF84321B008215FD29C6260DB31ED60DBA0
                                                                                                                APIs
                                                                                                                • CryptDestroyKey.ADVAPI32(00000000,00000018,00000098,?,?,?,?,?,?,?), ref: 05872C59
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptDestroy
                                                                                                                • String ID:
                                                                                                                • API String ID: 1712904745-0
                                                                                                                • Opcode ID: 41f0ea88037b238625f58024aa31dee9784efaf131e38c99850e1bf95c41814a
                                                                                                                • Instruction ID: dd7abbfd5a75972124fc68a21db91ccdf4101bc27eb5f6cdd275866b9d3bf2c0
                                                                                                                • Opcode Fuzzy Hash: 41f0ea88037b238625f58024aa31dee9784efaf131e38c99850e1bf95c41814a
                                                                                                                • Instruction Fuzzy Hash: 29117CB05112089BDB14DF24C859EE97BB8EB04304F0042ACEA0D8A190EB31DE96CBA1
                                                                                                                APIs
                                                                                                                • CryptDecodeObject.CRYPT32(00000001,00000013,00000010,00000010,00000000,00000018,00000094), ref: 0587157B
                                                                                                                  • Part of subcall function 05871032: CryptImportKey.ADVAPI32(00000000,00000010,00000094,00000000,00000001,00000014,?,05871589,00000018,?,0587161C,?,?,00000000,?,058713D6), ref: 05871058
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Crypt$DecodeImportObject
                                                                                                                • String ID:
                                                                                                                • API String ID: 150989800-0
                                                                                                                • Opcode ID: 10104555b91ffda4aa6381b18572f2b56b95a4033d159e82c0cde8768ff521d0
                                                                                                                • Instruction ID: 4be6a1b776afd792fb72a1fcbdadaea7568b6d9a85cb3709ab2117fd0f184421
                                                                                                                • Opcode Fuzzy Hash: 10104555b91ffda4aa6381b18572f2b56b95a4033d159e82c0cde8768ff521d0
                                                                                                                • Instruction Fuzzy Hash: 39E06D32241108BBDB10DA99DC09FEABBACEB49350F004106BA0897180CAB0AA0597A1
                                                                                                                APIs
                                                                                                                • GetSystemTime.KERNEL32(?,?,?,00000000,00000000), ref: 0583169A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: SystemTime
                                                                                                                • String ID:
                                                                                                                • API String ID: 2656138-0
                                                                                                                • Opcode ID: be169e8fa037dd52615678dbecafb9679c87ed09409de9b93ca2acba29c42e7f
                                                                                                                • Instruction ID: 843c79024ca80f32d54ebf5f2464cc3c12d47f4970cbdb678e42c0c94faca575
                                                                                                                • Opcode Fuzzy Hash: be169e8fa037dd52615678dbecafb9679c87ed09409de9b93ca2acba29c42e7f
                                                                                                                • Instruction Fuzzy Hash: FCF0653190012896DF4CAF75C1694BDBBF9FB40701B4002BEF987D6280FA3496A0C790
                                                                                                                APIs
                                                                                                                • CryptEncrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000,00000010,00000003,?,0587123E,000001FD,00000000,?,00000000,00000047), ref: 058714E3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptEncrypt
                                                                                                                • String ID:
                                                                                                                • API String ID: 1352496322-0
                                                                                                                • Opcode ID: 588a8af3aa6c8bd2ae17b6b66d19a0a64f29464e1e9ae17d573da1611ef59b5d
                                                                                                                • Instruction ID: d96680b7e8614daa1ce794080b6ad0bb8a163c36b1de4ad973c5c01f0e9bf991
                                                                                                                • Opcode Fuzzy Hash: 588a8af3aa6c8bd2ae17b6b66d19a0a64f29464e1e9ae17d573da1611ef59b5d
                                                                                                                • Instruction Fuzzy Hash: 38D09EF155110CBFF7419B50DD06DBBBBACEB09211F104556BD05C6111E6729E60A7A0
                                                                                                                APIs
                                                                                                                • CryptImportKey.ADVAPI32(00000000,05872D5A,00000190,00000000,00000001,00000084,?,05872D5A,00000088,?,?,?,00000000,00000000,00000000), ref: 0587271F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptImport
                                                                                                                • String ID:
                                                                                                                • API String ID: 365355273-0
                                                                                                                • Opcode ID: ff3db6bdd8a29186f353cc69b93896826bd461dbcf7fbeb6166acc88c42e00ff
                                                                                                                • Instruction ID: ad17b2e8514ac5f7adbab5710b7e5f8b938719ed144d3c0e22976b39b7013e63
                                                                                                                • Opcode Fuzzy Hash: ff3db6bdd8a29186f353cc69b93896826bd461dbcf7fbeb6166acc88c42e00ff
                                                                                                                • Instruction Fuzzy Hash: 55D01736755204AFD614AB98DC4EF96BBA8DB08B51F004419BB4AD6581CEA1AC008BA5
                                                                                                                APIs
                                                                                                                • CryptImportKey.ADVAPI32(00000000,0587154F,0000001C,00000000,00000001,?,?,0587154F,?,?,?,?,?,00000010,00000000), ref: 05871027
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptImport
                                                                                                                • String ID:
                                                                                                                • API String ID: 365355273-0
                                                                                                                • Opcode ID: 9217597f70e38cd537ba5d4d2a2b544ff57c15a9036ab8893ce99d6556ad8a6e
                                                                                                                • Instruction ID: de72abcff7b426fded5aea7ecdb60db7f32d7192f844bab8dee8f7247cb2dd8c
                                                                                                                • Opcode Fuzzy Hash: 9217597f70e38cd537ba5d4d2a2b544ff57c15a9036ab8893ce99d6556ad8a6e
                                                                                                                • Instruction Fuzzy Hash: 00D01236250204EBD614AB98DC4DF96BBECDB18751F004415BB06D6591CAA1AC008B65
                                                                                                                APIs
                                                                                                                • CryptImportKey.ADVAPI32(00000000,00000010,00000094,00000000,00000001,00000014,?,05871589,00000018,?,0587161C,?,?,00000000,?,058713D6), ref: 05871058
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptImport
                                                                                                                • String ID:
                                                                                                                • API String ID: 365355273-0
                                                                                                                • Opcode ID: 2864604bef9b44a7fefa2d77a2f14e04413bc0347890a1d5d4abe82475d07e8b
                                                                                                                • Instruction ID: 3e2cb34b165932eb5e9edf64a736c5e68802b10ab914ee5971e6d6ba68744a28
                                                                                                                • Opcode Fuzzy Hash: 2864604bef9b44a7fefa2d77a2f14e04413bc0347890a1d5d4abe82475d07e8b
                                                                                                                • Instruction Fuzzy Hash: 87D01736250204ABD624AB98DC4EF96BBECDB08B51F004419BB0AD6591CAB1AC008BA5
                                                                                                                APIs
                                                                                                                • NtQueryInformationThread.NTDLL(?,00000000,?,0000001C,?), ref: 05862B65
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: InformationQueryThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 741662350-0
                                                                                                                • Opcode ID: 01b9ba8bf15f0ee0d70e5365007076f6d4f6674c289e8b7cbd225587da9ffb12
                                                                                                                • Instruction ID: 64b4ddb3c5d957c25db31875ca7058bd632aaf96c8b69685b6fa5c6b0f8fe265
                                                                                                                • Opcode Fuzzy Hash: 01b9ba8bf15f0ee0d70e5365007076f6d4f6674c289e8b7cbd225587da9ffb12
                                                                                                                • Instruction Fuzzy Hash: 57D05E3074020DEBEF00DFA4DD42FFE7BFCAB04688F000060BA01E5090E7A0E9455791
                                                                                                                APIs
                                                                                                                • CryptStringToBinaryA.CRYPT32(?,?,058718B3,00000000,?,00000000,00000000), ref: 05871ED1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: BinaryCryptString
                                                                                                                • String ID:
                                                                                                                • API String ID: 80407269-0
                                                                                                                • Opcode ID: 7a5445ac006e99a510a897d4912d7c794f6c060ae4aa37a7257d64192322075d
                                                                                                                • Instruction ID: bbceb35147d4182bfd9e30ebcad94e3e3f3d9d19874a6691ea8b396de42f5266
                                                                                                                • Opcode Fuzzy Hash: 7a5445ac006e99a510a897d4912d7c794f6c060ae4aa37a7257d64192322075d
                                                                                                                • Instruction Fuzzy Hash: BBD067B112020EEFDF098F54EC0ACBA3B69FB08611B404129FD4585121E771ED70DBA1
                                                                                                                APIs
                                                                                                                • CryptExportKey.ADVAPI32(?,00000000,?,00000000,05872D8C,?,00000080,?,05872B59,05872D94,00000006,00000018,00000080,?,05872D8C), ref: 058726ED
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptExport
                                                                                                                • String ID:
                                                                                                                • API String ID: 3389274496-0
                                                                                                                • Opcode ID: f9111be1040966282b12df922338868cac61346048e1e16d27ab1d2c50aa5f25
                                                                                                                • Instruction ID: a22720edb3a76df67c1f84e2d42e65faecc006b5d1074bd52aa6b71f69febed6
                                                                                                                • Opcode Fuzzy Hash: f9111be1040966282b12df922338868cac61346048e1e16d27ab1d2c50aa5f25
                                                                                                                • Instruction Fuzzy Hash: 75D05E3550020CFFDB118F80CD06F99BFA8EB08300F108055BD0415151C672AA24ABA4
                                                                                                                APIs
                                                                                                                • CryptSetKeyParam.ADVAPI32(?,00000004,0587AB24,00000000,?,?,?,058715F9,?,?,?,058710EE,?,0587A960,?,05871200), ref: 058715C3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptParam
                                                                                                                • String ID:
                                                                                                                • API String ID: 613387857-0
                                                                                                                • Opcode ID: 5e086045b5f567f1996036c06965256022d01e4f7ba44c169278cb8cb0a45ce8
                                                                                                                • Instruction ID: e5baaa73cc9f8143799224bcf44684cb4bd6533304b0e2fa63114742925a7567
                                                                                                                • Opcode Fuzzy Hash: 5e086045b5f567f1996036c06965256022d01e4f7ba44c169278cb8cb0a45ce8
                                                                                                                • Instruction Fuzzy Hash: 5BC0127138031CB7D6242655ED0AF86BE59DB14A71F408022BF09656919AB6E8109698
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05873249: CryptDestroyHash.ADVAPI32(000000B4,00000000,0586D0BD,00000000,00000000,0586E57E,00000000,00000000,00000000,?,0586D0AC,00000000,00000000,00000000,0586E54F,00000000), ref: 05873253
                                                                                                                • CryptDuplicateHash.ADVAPI32(?,00000000,00000000,?,?,?,058724EE,000000B3,00000003,?,0587261A,00000000,?,00000000,00000000), ref: 0587250A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptHash$DestroyDuplicate
                                                                                                                • String ID:
                                                                                                                • API String ID: 3797083991-0
                                                                                                                • Opcode ID: abb17a61bb8607f973d8cd6097c1677d4e5fa5470f90cedc2905d3d7c71dc25f
                                                                                                                • Instruction ID: 309ff042b8e0f45e6aac347e4c42e76170a1e0082dbc3dd06680b949a34c9627
                                                                                                                • Opcode Fuzzy Hash: abb17a61bb8607f973d8cd6097c1677d4e5fa5470f90cedc2905d3d7c71dc25f
                                                                                                                • Instruction Fuzzy Hash: EBC01232251218BBC220669AEC09FC67F5CDB05662F100062BA049A150CDA1AC1097E5
                                                                                                                APIs
                                                                                                                • CryptBinaryToStringA.CRYPT32(?,000000FF,?,00000000,?,?,058716B4,4000000C,?,?,00000000,?,?,?), ref: 05871EF5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: BinaryCryptString
                                                                                                                • String ID:
                                                                                                                • API String ID: 80407269-0
                                                                                                                • Opcode ID: 6a59198f7ac87c59f4acb71b8fb5b332b145826c7b59ed674c274a6ca4fa2850
                                                                                                                • Instruction ID: 06350ab8bead5fb641f2d5837be9b0719abb346a360ec33287ce90ebe2db1a4c
                                                                                                                • Opcode Fuzzy Hash: 6a59198f7ac87c59f4acb71b8fb5b332b145826c7b59ed674c274a6ca4fa2850
                                                                                                                • Instruction Fuzzy Hash: 5AD0927200120EEFEF029F80ED09FAA3BAAFB08312F004050FE0855520C772E974DBA5
                                                                                                                APIs
                                                                                                                • CryptGetHashParam.ADVAPI32(00000000,00000002,?,00000000,00000000,00000000,?,0586DAB2,00000000,?,00000014,00000000,00000003,?,05872621,00000000), ref: 0586DAD2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptHashParam
                                                                                                                • String ID:
                                                                                                                • API String ID: 1839025277-0
                                                                                                                • Opcode ID: a9c902e5f594380f47e2b5c2b5133b76a5bd03b36424ec7bfa5cdfed86aca744
                                                                                                                • Instruction ID: 51ca962e730a761a87159145437177c7df213c6d5ae305d8f16533289b01423f
                                                                                                                • Opcode Fuzzy Hash: a9c902e5f594380f47e2b5c2b5133b76a5bd03b36424ec7bfa5cdfed86aca744
                                                                                                                • Instruction Fuzzy Hash: 3DD0A93010020CFFEB00CF80CC0AFA9BBACEB08300F104084BE00562A1DAB22E24ABA1
                                                                                                                APIs
                                                                                                                • CryptCreateHash.ADVAPI32(00000000,?,00000000,00000000,?,?,0586CFA8,00008004,00000000,0586D23F,?,?,05870F3E,?,?,?), ref: 0586DFB1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateCryptHash
                                                                                                                • String ID:
                                                                                                                • API String ID: 4184778727-0
                                                                                                                • Opcode ID: 6d51242588c2cbab834fc0b152b1b003b484bdf2948fe4ceae6000e9ec7a5a01
                                                                                                                • Instruction ID: ecfdadb94cee69754457305c85cf0e9735a470b4a37783d0d2c03aeed7e484eb
                                                                                                                • Opcode Fuzzy Hash: 6d51242588c2cbab834fc0b152b1b003b484bdf2948fe4ceae6000e9ec7a5a01
                                                                                                                • Instruction Fuzzy Hash: DAC08C70240309BBD600A7959C0EF163A6CE758A12F000400BF03A55818DA178204A79
                                                                                                                APIs
                                                                                                                • CryptGenRandom.ADVAPI32(00000000,?,?,?,0586ECC5,00000000,?,?,?,00000000), ref: 0586BEEB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptRandom
                                                                                                                • String ID:
                                                                                                                • API String ID: 2662593985-0
                                                                                                                • Opcode ID: 7c70223315b34fe1ae35540a32706e3a140f7ae492f13f6439c1cad8a1257b99
                                                                                                                • Instruction ID: 3cd303080725731b300a9b151d3cafea677cf0acef2a4b6c8180a75bba8dbd7a
                                                                                                                • Opcode Fuzzy Hash: 7c70223315b34fe1ae35540a32706e3a140f7ae492f13f6439c1cad8a1257b99
                                                                                                                • Instruction Fuzzy Hash: 70C01232500209EFCB00AFA8D84CC99BBFCEB1C2017408401BE06D7501CE30E9148B60
                                                                                                                APIs
                                                                                                                • NtFreeVirtualMemory.NTDLL(?,?,?,?), ref: 05863E68
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FreeMemoryVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 3963845541-0
                                                                                                                • Opcode ID: f2c12717581babe46acaf152a20c2490e542280a45e2641ade45e3e464de5f28
                                                                                                                • Instruction ID: c3be213160325159ebda59cc67d0c26f85ba4684b80e9057b92f5f8722aa1683
                                                                                                                • Opcode Fuzzy Hash: f2c12717581babe46acaf152a20c2490e542280a45e2641ade45e3e464de5f28
                                                                                                                • Instruction Fuzzy Hash: 00D012711143479BCB05CF14CC4086BBBECFF88201F040C2EB592C5050DB21D4189B01
                                                                                                                APIs
                                                                                                                • CryptHashData.ADVAPI32(000000B3,?,?,00000000,?,05872607,00000000,00000000,?,?,0586C510,00000000,0586C510,00000000,00000000,00000000), ref: 0586E805
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptDataHash
                                                                                                                • String ID:
                                                                                                                • API String ID: 4245837645-0
                                                                                                                • Opcode ID: b1be5572ea80104c7d9b9d0e728c2c76a2052a0c2f582d89a119cc6334895a24
                                                                                                                • Instruction ID: 1f7bc8ee202706753005647b4e90608122fc45e0e61c110fcfb4ed17821adee1
                                                                                                                • Opcode Fuzzy Hash: b1be5572ea80104c7d9b9d0e728c2c76a2052a0c2f582d89a119cc6334895a24
                                                                                                                • Instruction Fuzzy Hash: 72C0123610020CFFCB009EA8D809E993FA8FB08700F108000BA088A420CA32B9209BA4
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05873249: CryptDestroyHash.ADVAPI32(000000B4,00000000,0586D0BD,00000000,00000000,0586E57E,00000000,00000000,00000000,?,0586D0AC,00000000,00000000,00000000,0586E54F,00000000), ref: 05873253
                                                                                                                • CryptDestroyKey.ADVAPI32(?,?,05872F8A,?,?,?), ref: 0587326F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptDestroy$Hash
                                                                                                                • String ID:
                                                                                                                • API String ID: 101140002-0
                                                                                                                • Opcode ID: 35f7b036425a0b3b57b4ffaadc09c3603097c9c0343513c14d82dd1c47293b3b
                                                                                                                • Instruction ID: 171ea5721e806ed5134df17b79989b9914fa8c86e0a8fb0f3cb69dbcfe38015e
                                                                                                                • Opcode Fuzzy Hash: 35f7b036425a0b3b57b4ffaadc09c3603097c9c0343513c14d82dd1c47293b3b
                                                                                                                • Instruction Fuzzy Hash: CDC012310217108BC7311724E50DB4176A17B04712F148C1D985741450CB74DC50D651
                                                                                                                APIs
                                                                                                                • CryptDestroyKey.ADVAPI32(?,00000000,0586D0D7,00000000,00000000,0586E57E,00000000,00000000,00000000,?,0586D0AC,00000000,00000000,00000000,0586E54F,00000000), ref: 0586D718
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptDestroy
                                                                                                                • String ID:
                                                                                                                • API String ID: 1712904745-0
                                                                                                                • Opcode ID: 107d706fd5bc319cf7ec8cacf7f285a4a1f9030ada44ac5d5a4ea411b20e1fa0
                                                                                                                • Instruction ID: 5073cbf74c884395c3e9a9f5f0383fcdf37c853bf4ed9170ff74fe558e0bf259
                                                                                                                • Opcode Fuzzy Hash: 107d706fd5bc319cf7ec8cacf7f285a4a1f9030ada44ac5d5a4ea411b20e1fa0
                                                                                                                • Instruction Fuzzy Hash: B3C08C31032B20CFC3310B04E90EB827BE4FB08B12F00C42DA4574285087B0AC90CB90
                                                                                                                APIs
                                                                                                                • CryptDestroyHash.ADVAPI32(000000B4,00000000,0586D0BD,00000000,00000000,0586E57E,00000000,00000000,00000000,?,0586D0AC,00000000,00000000,00000000,0586E54F,00000000), ref: 05873253
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CryptDestroyHash
                                                                                                                • String ID:
                                                                                                                • API String ID: 174375392-0
                                                                                                                • Opcode ID: 8acf5b32fa1b7f5411241dc2b283df3c4c7790548368abf49adfb0aee20162a1
                                                                                                                • Instruction ID: 36e6ed97580fdd022344859e18151923d20a879ccb4a793a1a981cec87387641
                                                                                                                • Opcode Fuzzy Hash: 8acf5b32fa1b7f5411241dc2b283df3c4c7790548368abf49adfb0aee20162a1
                                                                                                                • Instruction Fuzzy Hash: 65C04C32025125CFD7351F14E4097917BE4AF44312F25085DA4C155065EBB548D0DB94
                                                                                                                APIs
                                                                                                                • bind.WS2_32(?,?,00000010), ref: 058514B8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: bind
                                                                                                                • String ID:
                                                                                                                • API String ID: 1187836755-0
                                                                                                                • Opcode ID: e59657510a0fd3d37bbdca4ce72d265cdae75cae6ac70332110442bf1607e635
                                                                                                                • Instruction ID: 4c46301b042fd7a950e2ff0d8c8d0694500f860ac3985f3d7ce59fec555788f0
                                                                                                                • Opcode Fuzzy Hash: e59657510a0fd3d37bbdca4ce72d265cdae75cae6ac70332110442bf1607e635
                                                                                                                • Instruction Fuzzy Hash: 7CB01230044204BFCF010F00DC09B4A7FA1EB84310F00CC14B1980006087739020EF01
                                                                                                                APIs
                                                                                                                • bind.WS2_32(?,?,00000010), ref: 05851439
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: bind
                                                                                                                • String ID:
                                                                                                                • API String ID: 1187836755-0
                                                                                                                • Opcode ID: e59657510a0fd3d37bbdca4ce72d265cdae75cae6ac70332110442bf1607e635
                                                                                                                • Instruction ID: 4c46301b042fd7a950e2ff0d8c8d0694500f860ac3985f3d7ce59fec555788f0
                                                                                                                • Opcode Fuzzy Hash: e59657510a0fd3d37bbdca4ce72d265cdae75cae6ac70332110442bf1607e635
                                                                                                                • Instruction Fuzzy Hash: 7CB01230044204BFCF010F00DC09B4A7FA1EB84310F00CC14B1980006087739020EF01
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: invalid block type
                                                                                                                • API String ID: 0-1830746294
                                                                                                                • Opcode ID: dda8ca60af9dcbc507e6130e28c91ab46cccd346e59009fbb65cceaace927565
                                                                                                                • Instruction ID: 00d2db12633f22238b8cf7611c646a9a3b21f2a099ee52079864199637f0625d
                                                                                                                • Opcode Fuzzy Hash: dda8ca60af9dcbc507e6130e28c91ab46cccd346e59009fbb65cceaace927565
                                                                                                                • Instruction Fuzzy Hash: 14516EB1A04609CBDB28CF59D88026AFBE6FF85314F14866EDC9A87B80D7749984CF41
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509245363.0000000005340000.00000040.00001000.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5340000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4nF
                                                                                                                • API String ID: 0-3101832914
                                                                                                                • Opcode ID: 551728ee6668e5cca437cc58b12834ef9ccdc90cd0a8851efa0da54a7cb805df
                                                                                                                • Instruction ID: 318230dd71e040f0712ee1587940065788511ee358d95e67e0024e1016ef4c93
                                                                                                                • Opcode Fuzzy Hash: 551728ee6668e5cca437cc58b12834ef9ccdc90cd0a8851efa0da54a7cb805df
                                                                                                                • Instruction Fuzzy Hash: 3F216D3A7154118BD71CCF2CECA292A77A2B749310706413ED557D32E1EAB5B852CB8E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 532c8f548914b69c3c4439cd5254f857e3f1f76801eee784eac1a07c1de57a25
                                                                                                                • Instruction ID: 39e75d968e3541d03ece7d3935aa6df00498dd11081cae9deba891a8cb3a4405
                                                                                                                • Opcode Fuzzy Hash: 532c8f548914b69c3c4439cd5254f857e3f1f76801eee784eac1a07c1de57a25
                                                                                                                • Instruction Fuzzy Hash: 5F428C30A04B45CFCB29CF69C488ABAB7F2FF49314F54896DC886DB651D734A885CB44
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dece2b91172e42bee4dfbfe9f4497f1a03148c2295da9d9d1d3bd640684a3f1a
                                                                                                                • Instruction ID: d736703d08b8576568fa94663078ae7a7ae1f15a24a1e3c521f7fb760d763e85
                                                                                                                • Opcode Fuzzy Hash: dece2b91172e42bee4dfbfe9f4497f1a03148c2295da9d9d1d3bd640684a3f1a
                                                                                                                • Instruction Fuzzy Hash: 31F13BB1A1460A8BD758CF28D5A4765FBA2FF45310F1887ADD95ACB382C735E981CF80
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bc9e298ae590c4cf16f61b49c9546ff41744001168edcd013887b342aaeeee7f
                                                                                                                • Instruction ID: b6763c0774ec812f8bf1f226deb7eec6a263086851f454cd8282ef85e99af57d
                                                                                                                • Opcode Fuzzy Hash: bc9e298ae590c4cf16f61b49c9546ff41744001168edcd013887b342aaeeee7f
                                                                                                                • Instruction Fuzzy Hash: BBD17B71A01A099FDB24CF68C884BAAB7F2FB85310F14896DDC6ADB754D734A941CF90
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0c56b04016651cc060573fb180d4aec767b3632887b82aa507ffd37be0798b0c
                                                                                                                • Instruction ID: 2235614560ab7121d9f5bdb66caf7044cc5d66c4b17fc6f0c661b0a7a1f6e730
                                                                                                                • Opcode Fuzzy Hash: 0c56b04016651cc060573fb180d4aec767b3632887b82aa507ffd37be0798b0c
                                                                                                                • Instruction Fuzzy Hash: D1C1AF36D156A49FDB40CF6984D049ABFF5FF5A21078B859ADE843B352C230B902CBA0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8f35921db32a4ef94135f607179cb2ff1101fa71fd42ba669ccf461e816dbe2e
                                                                                                                • Instruction ID: 054ff0487a6c3bfc39c104a442e3f53ea42fd28e910811afbd201db1694557d7
                                                                                                                • Opcode Fuzzy Hash: 8f35921db32a4ef94135f607179cb2ff1101fa71fd42ba669ccf461e816dbe2e
                                                                                                                • Instruction Fuzzy Hash: FE914071A106208FD75CCF09C494969BBE2FF88320B5AC6EED85A5B366D734A941CF90
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ffe8e837724b4986b10a47518e655eaf0960431bfc6466fab67e6a8e0795797a
                                                                                                                • Instruction ID: 444c1e17cf050b29c549704acf54751d3f317c44bc74b8f953929e0987605bee
                                                                                                                • Opcode Fuzzy Hash: ffe8e837724b4986b10a47518e655eaf0960431bfc6466fab67e6a8e0795797a
                                                                                                                • Instruction Fuzzy Hash: C7814D71A102108FD75CCF09C495969BBE2FF84320B5AC6EED89A5B3A6D734AD41CF90
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: da2255e71ded08727066561cec338bdcfecfbcc2b4622283666124b8b08ea5be
                                                                                                                • Instruction ID: 9a62512f1130d3cfe6eb92128939b1c4f7c956cf46e0daab4edddadd2adba62a
                                                                                                                • Opcode Fuzzy Hash: da2255e71ded08727066561cec338bdcfecfbcc2b4622283666124b8b08ea5be
                                                                                                                • Instruction Fuzzy Hash: 2F816E71A102108FD75CCF09C495969BBE2FF88320B5AC6EED85A5B3A6D734AD41CF90
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e1bf4f3bc8e0dc22c221996550e1f9acfe5788c1d9077efc48b83099664161c4
                                                                                                                • Instruction ID: ffb025c78f77269be09ba19b1b27726d4f02d18eed9f078bd4ee7f9c82559e77
                                                                                                                • Opcode Fuzzy Hash: e1bf4f3bc8e0dc22c221996550e1f9acfe5788c1d9077efc48b83099664161c4
                                                                                                                • Instruction Fuzzy Hash: 7061433277155397E358CEADECC57263B52EB89311F1C8634EE009B646CE39F96296C0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 79b51aa53a66f224a23fafc6fa0f666af77b7d3b1e2ed1270a93c08eab7df5e9
                                                                                                                • Instruction ID: f2814ebaefa6b6edc934097a29094e777a2333248b33a82b94c29f7c93f03f61
                                                                                                                • Opcode Fuzzy Hash: 79b51aa53a66f224a23fafc6fa0f666af77b7d3b1e2ed1270a93c08eab7df5e9
                                                                                                                • Instruction Fuzzy Hash: 5241E313FEB2B809E705057C44512E17F61876B125B1E97EBECA8CB383C0578A4BE6A0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 98b19c1a4816f7edfba6bd68d9bd69fd77fc84e71983e348ca98d9413aa5a774
                                                                                                                • Instruction ID: 8ef8454da85178aec627725c4956d5ccbbaea0456cc5f1c7a0e7ac7d86a351f9
                                                                                                                • Opcode Fuzzy Hash: 98b19c1a4816f7edfba6bd68d9bd69fd77fc84e71983e348ca98d9413aa5a774
                                                                                                                • Instruction Fuzzy Hash: D451A634A082899FDF05CFA8C0945ED7FB5EF99225F2540A9DC91EB256D2309A81CF51
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 90d1297e77af77204435bfbc872a4d7cdc4d7c511e86146db4d2b9029f5e7a7b
                                                                                                                • Instruction ID: 577527a30ca83885b86d1d903ad7debb05eeae5f0795041e4264fb35a4d2c947
                                                                                                                • Opcode Fuzzy Hash: 90d1297e77af77204435bfbc872a4d7cdc4d7c511e86146db4d2b9029f5e7a7b
                                                                                                                • Instruction Fuzzy Hash: 6231C2753107149FE754EA79C8D6D3BB3EABB88A20711081CED42CBA40DA74FD019BA2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 87f59c1c7c3ecf9a0af1f78098841de39ca9d3c1a446f2d2516245292740385a
                                                                                                                • Instruction ID: d6b9cbcba9efa3e0ca80b0d464fe5cc768f8ddffd9d68f8e1ef2b551ee8ac043
                                                                                                                • Opcode Fuzzy Hash: 87f59c1c7c3ecf9a0af1f78098841de39ca9d3c1a446f2d2516245292740385a
                                                                                                                • Instruction Fuzzy Hash: C231C2753107149FE754EA79C8D6D3BB3EABB88A20711081CED42CBA40DA74FD019BA2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5f912319ff9c8c655cc34163ebbe8f761f96949538f857947bf47b8d20d459b4
                                                                                                                • Instruction ID: 5eae0a80618e02d3ea769689f06af05396e65e296b8d0bc04d6e376427f854b3
                                                                                                                • Opcode Fuzzy Hash: 5f912319ff9c8c655cc34163ebbe8f761f96949538f857947bf47b8d20d459b4
                                                                                                                • Instruction Fuzzy Hash: 8621C275A71A9307DBA59D38C8D877263D0EB89701F980634CF45C3686D268EA31DA80
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2506816323.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_400000_Payload 94.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 551728ee6668e5cca437cc58b12834ef9ccdc90cd0a8851efa0da54a7cb805df
                                                                                                                • Instruction ID: defdff1b5bcdad1ca18b336c03e0451096d03510992665be7e3f440dc5ab7c83
                                                                                                                • Opcode Fuzzy Hash: 551728ee6668e5cca437cc58b12834ef9ccdc90cd0a8851efa0da54a7cb805df
                                                                                                                • Instruction Fuzzy Hash: 1621AE3A7114119BD70CCF28ECA252977A2B349310706403FD557E72E0EAB5A911CB8D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8d6602b420c2822211a4aba2fb6d3140222810ca5e52a7c142792df6bcebaf7e
                                                                                                                • Instruction ID: ee19e5d1527bea9a365c6fa96b0d173419360791aa25a5bcde0b16170d6d4cb8
                                                                                                                • Opcode Fuzzy Hash: 8d6602b420c2822211a4aba2fb6d3140222810ca5e52a7c142792df6bcebaf7e
                                                                                                                • Instruction Fuzzy Hash: 4C21C372D10258ABDF04DF5AD845BADBBB6FB88300F55C06AFD45EB141EB70AA019B80
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509423119.00000000053E9000.00000040.00000020.00020000.00000000.sdmp, Offset: 053E9000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_53e9000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                • Instruction ID: 79417c75631d8e4864038356a3bf4cd99b7aaed4c3b17020461a4aa608ca3956
                                                                                                                • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                • Instruction Fuzzy Hash: EC118E73340111AFDB54DF55DC81FA673EAFB8D2A0B1980A5ED09CB352D675E802C760
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 06724dd658b0095f56711ede878f4c849e920b14dd78879be8855f379999854b
                                                                                                                • Instruction ID: f4efcd1c9fd9b37b8562821d97688734935828b1df673cbdcdc2d3a0b022d168
                                                                                                                • Opcode Fuzzy Hash: 06724dd658b0095f56711ede878f4c849e920b14dd78879be8855f379999854b
                                                                                                                • Instruction Fuzzy Hash: EC219C32C198F18EDB818F75905D069FFEEAE4A22175F44C1EE826F291D730B911D7A1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509245363.0000000005340000.00000040.00001000.00020000.00000000.sdmp, Offset: 05340000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5340000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: da1566a2f6af9372ef5ff0064129cc8c7bd33331f23317b37220a35c5510ad97
                                                                                                                • Instruction ID: fa92fa540dea63d83b6a6488a6d14ac8356e969d8533a4eb9aa347867d586fba
                                                                                                                • Opcode Fuzzy Hash: da1566a2f6af9372ef5ff0064129cc8c7bd33331f23317b37220a35c5510ad97
                                                                                                                • Instruction Fuzzy Hash: 86F0C27AB105049FDB25CF24C809FAE73F9FB86216F0441A4DA0ADB241D770F94A8F90
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 286d76b6b50faac6763b4ecd2da1bfcdc0cc6fc6ad806f86dc9d7fcae46ef3c1
                                                                                                                • Instruction ID: 5c88306a143508502dd682679ada8cb7eb31c5700cc01c04703214da4e2c3e2c
                                                                                                                • Opcode Fuzzy Hash: 286d76b6b50faac6763b4ecd2da1bfcdc0cc6fc6ad806f86dc9d7fcae46ef3c1
                                                                                                                • Instruction Fuzzy Hash: A3E08C37128650CFDB619B68F804E92B3E5FF01270F1A88A9ED89D7420D370FC80CA80
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 010ee827c54189a1bbbb01467599cdf112c3ffee6e5d13d9bd03ac654865923b
                                                                                                                • Instruction ID: 1f1ff156aea0bdc1ddaba6650f5ecaa3adf10111c5c19ebeceef9c030ea8e95a
                                                                                                                • Opcode Fuzzy Hash: 010ee827c54189a1bbbb01467599cdf112c3ffee6e5d13d9bd03ac654865923b
                                                                                                                • Instruction Fuzzy Hash: 32C002B9219540CBC34DDF04D4A0964F3B6FB8C724F24899DE88B47781CB36A853CE05
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: CompressLevel0$CompressLevel1$CompressLevel2$CompressLevel3$CompressLevel4$CompressLevel5$CompressLevel6$CompressLevel7$CompressLevel8$CompressLevel9$Enc(0x%08X)$LastRect$LedState$NewFBSize$PointerPos$QualityLevel0$QualityLevel1$QualityLevel2$QualityLevel3$QualityLevel4$QualityLevel5$QualityLevel6$QualityLevel7$QualityLevel8$QualityLevel9$RRE$RichCursor$ServerIdentify$SupportedEncoding$SupportedMessage$Xcursor$ZRLE$ZYWRLE$cache$cacheEnable$cacheZip$copyRect$error$monoZip$raw$solidColor$tight$tightPng$ultra$ultraZip$xorColorZlib$xorEnable$xorMonoZlib$xorZlib$zlibhex
                                                                                                                • API String ID: 0-2159046532
                                                                                                                • Opcode ID: a4611c454c3fbe9f94655c8c4968de2b65d275ea39fea8052b202d1de0e10c6a
                                                                                                                • Instruction ID: b28b8405df8eb2609d609349222c4a8d3e0e82e2636e9fcc7d61cba64f631c59
                                                                                                                • Opcode Fuzzy Hash: a4611c454c3fbe9f94655c8c4968de2b65d275ea39fea8052b202d1de0e10c6a
                                                                                                                • Instruction Fuzzy Hash: DE91A3E5B8672022E665211D3C17FD921894BA190AF094060FF0CFD38AE6BD9E5625DF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ClientCutText$FileTransfer$FixColourMapEntries$FramebufferUpdate$KeyEvent$PalmVNCSetScale$PointerEvent$SetEncodings$SetPixelFormat$SetScale$SetServerInput$SetSingleWindow$TextChat$XvpClientMessage$cli2svr-0x%08X$error
                                                                                                                • API String ID: 0-3425406842
                                                                                                                • Opcode ID: c3b83bc2b0467a092daaedbf96309173d63a05d69552e0a032178aa389d8d834
                                                                                                                • Instruction ID: 76347363f326fbd68bd12afaeef65ee96514f7060effdcb11dafe53cbd7a3661
                                                                                                                • Opcode Fuzzy Hash: c3b83bc2b0467a092daaedbf96309173d63a05d69552e0a032178aa389d8d834
                                                                                                                • Instruction Fuzzy Hash: B521A4E5B8672032E695211D3C07FCA25898BD190AF095060FF0CFD386E6FD9E5625DE
                                                                                                                APIs
                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 058538EB
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000E), ref: 058538FD
                                                                                                                • GetDeviceCaps.GDI32(?,0000000C), ref: 05853906
                                                                                                                • DeleteDC.GDI32(?), ref: 0585390E
                                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 05853942
                                                                                                                • GlobalAlloc.KERNEL32(00000042,?), ref: 0585399F
                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 058539A9
                                                                                                                • GetStockObject.GDI32(0000000F), ref: 058539BE
                                                                                                                • GetDC.USER32(00000000), ref: 058539D4
                                                                                                                • SelectPalette.GDI32(00000000,?,00000000), ref: 058539E2
                                                                                                                • RealizePalette.GDI32(?), ref: 058539EA
                                                                                                                • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 05853A03
                                                                                                                • SelectPalette.GDI32(?,?,00000001), ref: 05853A16
                                                                                                                • RealizePalette.GDI32(?), ref: 05853A1B
                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 05853A25
                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,08000080,00000000), ref: 05853A3D
                                                                                                                • WriteFile.KERNEL32(00000000,?,0000000E,?,00000000), ref: 05853A81
                                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 05853A8F
                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 05853A94
                                                                                                                • GlobalFree.KERNEL32(?), ref: 05853A9D
                                                                                                                • CloseHandle.KERNEL32(?), ref: 05853AA6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: GlobalPalette$File$CapsCreateDeviceObjectRealizeSelectWrite$AllocBitsCloseDeleteFreeHandleLockReleaseStockUnlock
                                                                                                                • String ID: ($6$DISPLAY
                                                                                                                • API String ID: 3380349365-2676095719
                                                                                                                • Opcode ID: e0d0f211ec1bdb9fbf3639d8fcbf257bc09e5cab6c7a4719ce4213c3b376700d
                                                                                                                • Instruction ID: e6f3bcaeea276a6a2be114407e59837ea096bee3c0c01b2dc8285e1c2fe56e38
                                                                                                                • Opcode Fuzzy Hash: e0d0f211ec1bdb9fbf3639d8fcbf257bc09e5cab6c7a4719ce4213c3b376700d
                                                                                                                • Instruction Fuzzy Hash: 6E515872D10608ABDF119FA5DC4AAEEBFB9FF48760F100429F905F6250EB709A40DB60
                                                                                                                APIs
                                                                                                                • select.WS2_32(?,?,00000000,00000000,?), ref: 05835FE4
                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 05836019
                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 058360A6
                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 05836136
                                                                                                                • recvfrom.WS2_32(?,?,00000001,00000002,05831709,00000010), ref: 0583617C
                                                                                                                • __WSAFDIsSet.WS2_32(?,00000000), ref: 05836338
                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 0583634C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: recvfromselect
                                                                                                                • String ID: %s: %s$rfbCheckFds: UDP: connect$rfbCheckFds: UDP: got connection$rfbCheckFds: UDP: recvfrom$rfbCheckFds: select$rfbNewUDPConnection: write
                                                                                                                • API String ID: 2601191967-1366590583
                                                                                                                • Opcode ID: 6419c27f3bb8d955fd0eb4ec572fcb12ff28573db91bff07ce6c083e9024057d
                                                                                                                • Instruction ID: 3940e640281b9186fd88c4125475916d57bb89c864c6a8db24789eac2e186482
                                                                                                                • Opcode Fuzzy Hash: 6419c27f3bb8d955fd0eb4ec572fcb12ff28573db91bff07ce6c083e9024057d
                                                                                                                • Instruction Fuzzy Hash: B4E1E470A08205ABDB10DF6ED88ABAD77A6BF44314F1445A9EC0ADB241FB71ED44CBD1
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset$strlen$sprintf
                                                                                                                • String ID: DATA$MAIL FROM:<%s>$QUIT$RCPT TO:<%s>
                                                                                                                • API String ID: 1633972073-3346415342
                                                                                                                • Opcode ID: 324bd6aa167699887d6721f15bbb2fce5411c096c1604f9df3a5a0caf2c44d59
                                                                                                                • Instruction ID: 5b20b13fb13400c2c28f9f4f3c9c80d7793b1b36516bb158f18b1f52cccc106d
                                                                                                                • Opcode Fuzzy Hash: 324bd6aa167699887d6721f15bbb2fce5411c096c1604f9df3a5a0caf2c44d59
                                                                                                                • Instruction Fuzzy Hash: D8513371A00119ABDF25AFA4CC89DAF77BDBF89205F040499FA49E3101EA34DF598F61
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Bell$FileTransfer$FramebufferUpdate$PalmVNCReSize$ResizeFrameBuffer$ServerCutText$SetColourMapEntries$TextChat$XvpServerMessage$error$svr2cli-0x%08X
                                                                                                                • API String ID: 0-1650017442
                                                                                                                • Opcode ID: 28dfa04f023831b051c3322614e2d233870d2304a43d0cd8526004c982d98612
                                                                                                                • Instruction ID: 62373adb734d21c23fd80fa6778ad6258482411d8dc8a16b3134f1d10226d049
                                                                                                                • Opcode Fuzzy Hash: 28dfa04f023831b051c3322614e2d233870d2304a43d0cd8526004c982d98612
                                                                                                                • Instruction Fuzzy Hash: 3A11DAE5B8672032E695211D3C07FDA22894B91E0AF095060FF0CFD386E6FD9E5625DE
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0585BC90: memset.NTDLL ref: 0585BCAC
                                                                                                                • getpeername.WS2_32 ref: 05831B0B
                                                                                                                • inet_ntoa.WS2_32(?), ref: 05831B16
                                                                                                                • memcpy.NTDLL(00000000,?,?,?,00000001,05857FB3), ref: 05831B4D
                                                                                                                • ioctlsocket.WS2_32 ref: 05831BD8
                                                                                                                • WSAGetLastError.WS2_32 ref: 05831BE3
                                                                                                                • closesocket.WS2_32(00000000), ref: 05831C06
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastclosesocketgetpeernameinet_ntoaioctlsocketmemcpymemset
                                                                                                                • String ID: %s$ other clients:$ accepted UDP client$%s: %s$RFB %03d.%03d$Setting socket to non-blocking failed$rfbNewClient: write$setsockopt failed
                                                                                                                • API String ID: 3487430481-2029152082
                                                                                                                • Opcode ID: f57f2d6379bc3dfefd701dfbcc46111bba064a8a3d91a5519ec2b8e7b620a912
                                                                                                                • Instruction ID: 4c3ef1e9f835ef4244fdc5ee264f00e25d2acca91c22ff13b2da70c33acc8845
                                                                                                                • Opcode Fuzzy Hash: f57f2d6379bc3dfefd701dfbcc46111bba064a8a3d91a5519ec2b8e7b620a912
                                                                                                                • Instruction Fuzzy Hash: 2CE18DB1604B009FC310DF68D889996BBE1FF88611F448A6EE89EC7311E735E904CBD2
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(00000000,00000000,00000000), ref: 058569C4
                                                                                                                • GetProcAddress.KERNEL32(00000000,NSS_Init), ref: 058569E2
                                                                                                                • GetProcAddress.KERNEL32(00000000,NSS_Shutdown), ref: 058569ED
                                                                                                                • GetProcAddress.KERNEL32(00000000,PL_ArenaFinish), ref: 058569F8
                                                                                                                • GetProcAddress.KERNEL32(00000000,PR_Cleanup), ref: 05856A03
                                                                                                                • GetProcAddress.KERNEL32(00000000,PK11_GetInternalKeySlot), ref: 05856A0E
                                                                                                                • GetProcAddress.KERNEL32(00000000,PK11_FreeSlot), ref: 05856A19
                                                                                                                • GetProcAddress.KERNEL32(00000000,PK11SDR_Decrypt), ref: 05856A24
                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 05856A53
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$Library$FreeLoad
                                                                                                                • String ID: NSS_Init$NSS_Shutdown$PK11SDR_Decrypt$PK11_FreeSlot$PK11_GetInternalKeySlot$PL_ArenaFinish$PR_Cleanup
                                                                                                                • API String ID: 2449869053-288527352
                                                                                                                • Opcode ID: cf1b547d37b2c388688333504852755da15cefaf99e393f94483a5b0f7a9c8ca
                                                                                                                • Instruction ID: 1fd9d28c76070a9ed86d013ac5b02d6bd30e63a44a96b04f00d7f620d6631615
                                                                                                                • Opcode Fuzzy Hash: cf1b547d37b2c388688333504852755da15cefaf99e393f94483a5b0f7a9c8ca
                                                                                                                • Instruction Fuzzy Hash: 1521A870904788EADF31EF7A888890AFFE9EB50611F54896DD886D2201F6B5D544CB61
                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(0010043A,00000000,0583F0FB), ref: 05842C04
                                                                                                                • GetProcessHandleCount.KERNEL32(00000000,?), ref: 05842C1A
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 05842C41
                                                                                                                  • Part of subcall function 05842010: VirtualAllocEx.KERNEL32(00000000,?,?,00003000,00000040,00000000,05842C69), ref: 05842021
                                                                                                                  • Part of subcall function 05842010: VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 05842031
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 05842C74
                                                                                                                • GetCurrentProcess.KERNEL32 ref: 05842C7A
                                                                                                                  • Part of subcall function 05842040: GetCurrentProcess.KERNEL32(00000000), ref: 05842051
                                                                                                                  • Part of subcall function 05842040: VirtualFreeEx.KERNEL32(00000000,00000000,?,00004000,00000000), ref: 058420B7
                                                                                                                  • Part of subcall function 05842040: VirtualFreeEx.KERNEL32(00000000,00000000,00000000,00008000), ref: 058420C6
                                                                                                                • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,?,?), ref: 05842D15
                                                                                                                • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 05842D85
                                                                                                                • VirtualFreeEx.KERNEL32(00000000,00000000,?,00004000,?,?,?,?,?,?,?,00000000,?), ref: 05842DA3
                                                                                                                • VirtualFreeEx.KERNEL32(00000000,00000000,00000000,00008000,?,?,?,?,?,?,?,00000000,?), ref: 05842DB2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Virtual$Process$Free$Handle$AllocCloseCurrent$CountCreateMemoryOpenRemoteThreadWrite
                                                                                                                • String ID: d
                                                                                                                • API String ID: 1541768841-2564639436
                                                                                                                • Opcode ID: 53338380e5be90e30962fc9b46eafe3c4f44320b80af59ebab1ae416cf89b2ae
                                                                                                                • Instruction ID: d77d247ec05f31101ecdc7d745d3b5fc86b8a78ba0a952be204a2a6b4ffb99f5
                                                                                                                • Opcode Fuzzy Hash: 53338380e5be90e30962fc9b46eafe3c4f44320b80af59ebab1ae416cf89b2ae
                                                                                                                • Instruction Fuzzy Hash: 9E714C75618309AFD710DF25DC89B6BBBE9FB88614F044919FD46D7240EB30EC058BA2
                                                                                                                APIs
                                                                                                                • select.WS2_32(?,?,00000000,00000000,00000000), ref: 05836529
                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 05836563
                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 05836580
                                                                                                                • accept.WS2_32(00000000,?,00000010), ref: 05836598
                                                                                                                • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 058365C2
                                                                                                                • WSAGetLastError.WS2_32 ref: 058365CD
                                                                                                                • closesocket.WS2_32(00000000), ref: 058365ED
                                                                                                                • setsockopt.WS2_32(00000000,00000006,00000001,00000001,00000004), ref: 05836605
                                                                                                                • inet_ntoa.WS2_32(?), ref: 05836620
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastacceptclosesocketinet_ntoaioctlsocketselectsetsockopt
                                                                                                                • String ID: %s: %s$Got connection from client %s$Setting socket to non-blocking failed$rfbCheckFds: accept$rfbCheckFds: setsockopt$rfbProcessNewConnection: error in select
                                                                                                                • API String ID: 135990593-4130065773
                                                                                                                • Opcode ID: 3ddb854dd8e3acc662dced6a6e4c55b03792ee3bbe0ffe19fc97477dceed5cf9
                                                                                                                • Instruction ID: a9071cdfb5bbfc2d0f5a6b0650b88cad90e12f127f54c1ef6564f3fd01e3906c
                                                                                                                • Opcode Fuzzy Hash: 3ddb854dd8e3acc662dced6a6e4c55b03792ee3bbe0ffe19fc97477dceed5cf9
                                                                                                                • Instruction Fuzzy Hash: F541F331A01609BBDB109BA9DC4AFEAB7A9FB48715F000169FD15D7280EB70ED508BE1
                                                                                                                APIs
                                                                                                                • TryEnterCriticalSection.KERNEL32(058EDBD4), ref: 0585C28E
                                                                                                                • GetForegroundWindow.USER32 ref: 0585C2C1
                                                                                                                • GetWindowThreadProcessId.USER32(00000000,?), ref: 0585C2CE
                                                                                                                • GetWindowTextA.USER32(00000000,?,00000800), ref: 0585C2FD
                                                                                                                • strcmp.NTDLL ref: 0585C31A
                                                                                                                • memset.NTDLL ref: 0585C37E
                                                                                                                • MapVirtualKeyW.USER32(00000000,00000000), ref: 0585C394
                                                                                                                • ToAscii.USER32(?,00000000), ref: 0585C39D
                                                                                                                • isprint.NTDLL ref: 0585C3AC
                                                                                                                • LeaveCriticalSection.KERNEL32(058EDBD4), ref: 0585C405
                                                                                                                • CallNextHookEx.USER32(00000000,?,?,?), ref: 0585C413
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Window$CriticalSection$AsciiCallEnterForegroundHookLeaveNextProcessTextThreadVirtualisprintmemsetstrcmp
                                                                                                                • String ID: [BACKSPACE]$[DELETE]$[RETURN]$[TAB]
                                                                                                                • API String ID: 636170042-1925643605
                                                                                                                • Opcode ID: 4bce053975ef0d01d6046c99e483ea58cf6d048ac6170c8f3aaa5afc6558c000
                                                                                                                • Instruction ID: 9f63fa38b11dedba1a682c9022e451a964a1957831676d2f2381b488dd89c03d
                                                                                                                • Opcode Fuzzy Hash: 4bce053975ef0d01d6046c99e483ea58cf6d048ac6170c8f3aaa5afc6558c000
                                                                                                                • Instruction Fuzzy Hash: 3E41417560430DABDB149BA5D9499FA3BB9FB09364F000069FE06E6150EF74DE44CF61
                                                                                                                APIs
                                                                                                                • SHGetFolderPathAndSubDirW.SHELL32(00000000,0000001A,00000000,00000000,Mozilla\Firefox\,?,00000001), ref: 05858431
                                                                                                                • GetPrivateProfileIntW.KERNEL32(General,StartWithLastProfile,00000000,?), ref: 05858478
                                                                                                                  • Part of subcall function 0586677D: _vsnwprintf.NTDLL ref: 05866792
                                                                                                                • GetPrivateProfileIntW.KERNEL32(?,IsRelative,00000001,?), ref: 058584AC
                                                                                                                • GetPrivateProfileStringW.KERNEL32(?,Path,00000000,?,00000104,?), ref: 058584CE
                                                                                                                  • Part of subcall function 0585BD03: lstrcpynW.KERNEL32(?,058580AE,00000104,?,?,00000001), ref: 0585BE1A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: PrivateProfile$FolderPathString_vsnwprintflstrcpyn
                                                                                                                • String ID: General$IsRelative$Mozilla\Firefox\$Path$Profile%d$StartWithLastProfile$cookies.*$cookies.*$profiles.ini
                                                                                                                • API String ID: 3648148287-2023175217
                                                                                                                • Opcode ID: f1c271021903677806e6a76d9a4045640fcf490e75e90eccb8ac6f56d49cae68
                                                                                                                • Instruction ID: f15c9ee4a16b8a891a0e35829ba7c51059f0709e5df4813a83ef0b3a7d081172
                                                                                                                • Opcode Fuzzy Hash: f1c271021903677806e6a76d9a4045640fcf490e75e90eccb8ac6f56d49cae68
                                                                                                                • Instruction Fuzzy Hash: DB210372A4021C69EF20DAA5CD89FEA73EDEB04654F1044A2FE05E2140EA74EF49CF61
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865D6A: NtCreateKey.NTDLL(00000001,?,?,00000000,00000000,00000000,00000000), ref: 05865D93
                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 0586699D
                                                                                                                • RegNotifyChangeKeyValue.ADVAPI32(?,00000000,0000000F,00000000,00000001), ref: 058669B2
                                                                                                                • CloseHandle.KERNEL32(?), ref: 058669D9
                                                                                                                • CloseHandle.KERNEL32(?), ref: 058669E0
                                                                                                                • ResetEvent.KERNEL32(?), ref: 05866A04
                                                                                                                • RegNotifyChangeKeyValue.ADVAPI32(?,00000000,0000000F,?,00000001), ref: 05866A14
                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 05866A1D
                                                                                                                • CloseHandle.KERNEL32(?), ref: 05866A31
                                                                                                                • CloseHandle.KERNEL32(?), ref: 05866A34
                                                                                                                • ExitThread.KERNEL32 ref: 05866A38
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.exe, xrefs: 058669EF
                                                                                                                • 34fbdedc, xrefs: 058669F4
                                                                                                                • \REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 05866979
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$ChangeCreateEventNotifyValue$ExitObjectResetSingleThreadWait
                                                                                                                • String ID: 34fbdedc$C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.exe$\REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                • API String ID: 1032669053-3909312428
                                                                                                                • Opcode ID: b7175ca0b592651024fca9d26a994cbe9ae25e03095df7685a9e1758dbadb83c
                                                                                                                • Instruction ID: 9c71b0193b51acd5b577c9cb8b95a8cbc6df9e7b8b558e3ffef32672ab9d1a21
                                                                                                                • Opcode Fuzzy Hash: b7175ca0b592651024fca9d26a994cbe9ae25e03095df7685a9e1758dbadb83c
                                                                                                                • Instruction Fuzzy Hash: D0219231A10658BBDB21A7539C4EFAE7E79EF81B51F150020FD01BA181FBB1AD45DAA0
                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(05857931,00000000,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000,00000000), ref: 058560F6
                                                                                                                • WriteFile.KERNEL32(0587789C,05857931,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000,00000000), ref: 05856105
                                                                                                                • WriteFile.KERNEL32(0587789C,05877720,00000001,00000000,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000), ref: 05856116
                                                                                                                • lstrlenA.KERNEL32(?,00000000,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000,00000000), ref: 05856120
                                                                                                                • WriteFile.KERNEL32(0587789C,?,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000,00000000), ref: 05856129
                                                                                                                • WriteFile.KERNEL32(0587789C,05877724,00000001,00000000,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000), ref: 0585613A
                                                                                                                • lstrlenA.KERNEL32(058575FD,00000000,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000,00000000), ref: 05856144
                                                                                                                • WriteFile.KERNEL32(0587789C,058575FD,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000,00000000), ref: 0585614D
                                                                                                                • WriteFile.KERNEL32(0587789C,05877728,00000001,00000000,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000), ref: 0585615E
                                                                                                                • lstrlenA.KERNEL32(?,00000000,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000,00000000), ref: 05856168
                                                                                                                • WriteFile.KERNEL32(0587789C,?,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000,00000000), ref: 05856171
                                                                                                                • WriteFile.KERNEL32(0587789C,0587772C,00000001,00000000,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000), ref: 05856182
                                                                                                                • lstrlenA.KERNEL32(?,00000000,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000,00000000), ref: 0585618C
                                                                                                                • WriteFile.KERNEL32(0587789C,?,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000,00000000), ref: 05856195
                                                                                                                • WriteFile.KERNEL32(0587789C,05877730,00000001,00000000,00000000,?,?,?,?,?,058575FD,05857931,0587789C,00000000,00000000,00000000), ref: 058561A6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileWrite$lstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 618672158-0
                                                                                                                • Opcode ID: 2c9bddb08a4f23af7daa5864710cf8bf4b9599a47df47860223aa3fe3bcbbdab
                                                                                                                • Instruction ID: 1c68f51e44eb7da4852aad6380d35692a9046717d9bd5da7622f497db0e295bd
                                                                                                                • Opcode Fuzzy Hash: 2c9bddb08a4f23af7daa5864710cf8bf4b9599a47df47860223aa3fe3bcbbdab
                                                                                                                • Instruction Fuzzy Hash: 9A21B2B250011CBFDF129F95CD85DEF7FBEEF44290F104462BA04A5060E6729E65EBA0
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000104,00000000,00000000), ref: 05859BFA
                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 05859C0D
                                                                                                                  • Part of subcall function 058628FA: CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000080,00000000,05859C17,?), ref: 0586290C
                                                                                                                  • Part of subcall function 058628FA: GetLastError.KERNEL32 ref: 05862917
                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104), ref: 05859C24
                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 05859C31
                                                                                                                  • Part of subcall function 058628FA: CloseHandle.KERNEL32(00000000), ref: 05862926
                                                                                                                • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 05859C48
                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 05859C55
                                                                                                                • lstrcpyA.KERNEL32(00000000,00000020), ref: 05859C7B
                                                                                                                • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,00000000), ref: 05859C96
                                                                                                                • lstrcatA.KERNEL32(?,00000000), ref: 05859CA3
                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000104), ref: 05859CB5
                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 05859CD7
                                                                                                                • lstrcatA.KERNEL32(?,05877B34), ref: 05859CE1
                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 05859CE7
                                                                                                                • lstrcatA.KERNEL32(?,05877B38), ref: 05859CF1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: lstrcat$EnvironmentExpandStrings$FolderHeapPath$AllocateCloseCreateErrorFileHandleLastProcesslstrcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 2019724977-0
                                                                                                                • Opcode ID: d4c675bb19aca2cd75e55208d893cc760d482444a4f3a7f1ada9b14d56cf9fcd
                                                                                                                • Instruction ID: 8e6e90d8aa00849e2a6a7955b8399e497465a9cb03685b4759a20ca4aec21e3f
                                                                                                                • Opcode Fuzzy Hash: d4c675bb19aca2cd75e55208d893cc760d482444a4f3a7f1ada9b14d56cf9fcd
                                                                                                                • Instruction Fuzzy Hash: 29029A1090C3C8DDEF12DAA8D84C7DE7FA65F22748F084099E9986A293C6FF4558C776
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • memset.NTDLL ref: 05860FC3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateProcessmemset
                                                                                                                • String ID: )$A$D$D$G$H$I$I$N$P$R$T
                                                                                                                • API String ID: 983300431-4026286603
                                                                                                                • Opcode ID: f3a05874fd0cf1a043f4d3772cdf80606a31f92024c593bdf903882d474208d3
                                                                                                                • Instruction ID: 2083df388d9f4bd7cdbbb62978617a7d2154273a11da2a6f6ddaa3b52ff9c387
                                                                                                                • Opcode Fuzzy Hash: f3a05874fd0cf1a043f4d3772cdf80606a31f92024c593bdf903882d474208d3
                                                                                                                • Instruction Fuzzy Hash: E291E271E0428DEFDF11CBA8D889ADDBFB5AF25204F140059E940F7282D3759E15CBAA
                                                                                                                APIs
                                                                                                                • GetDesktopWindow.USER32 ref: 05861A2D
                                                                                                                • GetDC.USER32(00000000), ref: 05861A34
                                                                                                                • CreateCompatibleDC.GDI32 ref: 05861A60
                                                                                                                • CreateCompatibleBitmap.GDI32(00000001,00000001), ref: 05861A7D
                                                                                                                • memset.NTDLL ref: 05861A9C
                                                                                                                • GetDIBits.GDI32(00000000,00000001,00000000,058EDC68,00000000,058680D1,05857FB3), ref: 05861ACE
                                                                                                                • GetDIBits.GDI32(00000000,00000001,00000000,058EDC68,00000000), ref: 05861AEA
                                                                                                                • abs.NTDLL ref: 05861B2C
                                                                                                                • DeleteObject.GDI32 ref: 05861B3D
                                                                                                                • GetDeviceCaps.GDI32(00000026), ref: 05861B57
                                                                                                                • CreateDIBSection.GDI32(058EDC68,00000000,058EE09C,00000000,00000000), ref: 05861B97
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 05861BBB
                                                                                                                • DeleteObject.GDI32(00000000), ref: 05861BCB
                                                                                                                • DeleteObject.GDI32(00000000), ref: 05861BD7
                                                                                                                  • Part of subcall function 058618A6: GetSystemMetrics.USER32(00000000), ref: 058618AF
                                                                                                                  • Part of subcall function 058618A6: GetSystemMetrics.USER32(00000001), ref: 058618B8
                                                                                                                  • Part of subcall function 058618A6: GetDeviceCaps.GDI32(0000000C), ref: 058618DA
                                                                                                                  • Part of subcall function 058618A6: GetDeviceCaps.GDI32(00000018), ref: 058618E9
                                                                                                                  • Part of subcall function 058618A6: GetDeviceCaps.GDI32(00000026), ref: 058618F8
                                                                                                                  • Part of subcall function 058618A6: GetDeviceCaps.GDI32(00000068), ref: 05861910
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CapsDevice$CreateDeleteObject$BitsCompatibleMetricsSystem$BitmapDesktopReleaseSectionWindowmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2768485202-0
                                                                                                                • Opcode ID: 0f5c83a047d6ca0a5836280ee2260d249a6f8d9410730e47884555062631d5ad
                                                                                                                • Instruction ID: e0733eded1dc749cfd924fb6279328b431b6f8b26d6ed7ad22de23e2b777b4f4
                                                                                                                • Opcode Fuzzy Hash: 0f5c83a047d6ca0a5836280ee2260d249a6f8d9410730e47884555062631d5ad
                                                                                                                • Instruction Fuzzy Hash: 04415DB5625245AFEB119F35AC8BA263FBDF7843947040529FD09EA341DE72A848CB20
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00004000,?,?,?), ref: 058434F3
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 05843500
                                                                                                                • Sleep.KERNEL32(00000032), ref: 05843512
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00004000), ref: 0584351B
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 05843522
                                                                                                                • __WSAFDIsSet.WS2_32(00000000,?), ref: 058435D3
                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 058435EB
                                                                                                                • __WSAFDIsSet.WS2_32(00000000,?), ref: 05843600
                                                                                                                • recv.WS2_32(00000000,00000000,00004000,00000000), ref: 05843611
                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 05843643
                                                                                                                • recv.WS2_32(?,00000000,00004000,00000000), ref: 05843657
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 05843690
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 05843697
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$Allocrecv$FreeSleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 4150791310-0
                                                                                                                • Opcode ID: d97cd0d567907e9774c5a503bcecfdfc906f077bc27b45e4023577a2011ae613
                                                                                                                • Instruction ID: 67faaab9feda7a1a002ae4797dd22d9ea57b049d2c3f1664d2fbe298f710af2c
                                                                                                                • Opcode Fuzzy Hash: d97cd0d567907e9774c5a503bcecfdfc906f077bc27b45e4023577a2011ae613
                                                                                                                • Instruction Fuzzy Hash: BA41B0B2A0131D6BCB249F659C89FAA7669BB84350F154968FD29D7280FF70DDC08F60
                                                                                                                APIs
                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 05853AC6
                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 05853ACD
                                                                                                                • GetDesktopWindow.USER32 ref: 05853AF1
                                                                                                                • GetDC.USER32(00000000), ref: 05853AFB
                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 05853B07
                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,00000300), ref: 05853B15
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 05853B22
                                                                                                                • StretchBlt.GDI32(?,00000000,00000000,?,00000300,00000000,00000000,00000000,?,?,40CC0020), ref: 05853B3F
                                                                                                                • memset.NTDLL ref: 05853B73
                                                                                                                • GetDIBits.GDI32(?,?,00000000,00000300,00000036,0000000E,00000000), ref: 05853BC0
                                                                                                                • ReleaseDC.USER32(?,?), ref: 05853BE6
                                                                                                                • DeleteDC.GDI32(?), ref: 05853BEF
                                                                                                                • DeleteObject.GDI32(?), ref: 05853BF8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CompatibleCreateDeleteMetricsObjectSystem$BitmapBitsDesktopReleaseSelectStretchWindowmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 503116900-0
                                                                                                                • Opcode ID: b57099b7ac104ad73ab069f5d1624d02c7058932c4f0cd08eb225f90fa5b8c63
                                                                                                                • Instruction ID: 42528155717bdba198cdbb437314a463b8591a85aad2d8a6ca46cdfacd1b90be
                                                                                                                • Opcode Fuzzy Hash: b57099b7ac104ad73ab069f5d1624d02c7058932c4f0cd08eb225f90fa5b8c63
                                                                                                                • Instruction Fuzzy Hash: BF414C72910608AFDB119FA9DC49EAEBFB9FF48310F14445AF905E7251EB319A00DB51
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,0585803F,0585803B,?,?,05857FA4,0585803F,00000001,?,0585803B,?,?,05863418,00000000,00000000,?), ref: 0585AF02
                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlCompressBuffer), ref: 0585AF16
                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlGetCompressionWorkSpaceSize), ref: 0585AF23
                                                                                                                • strchr.NTDLL ref: 0585AF31
                                                                                                                • strlen.NTDLL ref: 0585AF43
                                                                                                                • memcpy.NTDLL(058ED758,?,00000000,?,?,05857FA4,0585803F,00000001,?,0585803B,?,?,05863418,00000000,00000000,?), ref: 0585AF59
                                                                                                                • atoi.NTDLL ref: 0585AF66
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,0585AD39,00000000,00000000,00000000), ref: 0585AF93
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$CreateHandleModuleThreadatoimemcpystrchrstrlen
                                                                                                                • String ID: RtlCompressBuffer$RtlGetCompressionWorkSpaceSize$ntdll.dll
                                                                                                                • API String ID: 744767331-3740416968
                                                                                                                • Opcode ID: 633aa5769c1df927c2206533363bfe5a53c8b564e16a6d19ecc6333acbfd6f0e
                                                                                                                • Instruction ID: 6d371167fd496af3d0b4964ef20d3f4774941558fb8c6ed3be4d002355bb1d58
                                                                                                                • Opcode Fuzzy Hash: 633aa5769c1df927c2206533363bfe5a53c8b564e16a6d19ecc6333acbfd6f0e
                                                                                                                • Instruction Fuzzy Hash: 6411C4B2616358AF97247B656CCAC277FFDEA81566700012EFD16E7200DE346C04DB62
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000104,00000000,00000000), ref: 0585A21C
                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 0585A22F
                                                                                                                  • Part of subcall function 058628FA: CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000080,00000000,05859C17,?), ref: 0586290C
                                                                                                                  • Part of subcall function 058628FA: GetLastError.KERNEL32 ref: 05862917
                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104), ref: 0585A246
                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 0585A253
                                                                                                                  • Part of subcall function 058628FA: CloseHandle.KERNEL32(00000000), ref: 05862926
                                                                                                                • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0585A26A
                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 0585A277
                                                                                                                • lstrcpyA.KERNEL32(00000000,?), ref: 0585A29D
                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000104), ref: 0585A2D3
                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 0585A2F2
                                                                                                                • lstrcatA.KERNEL32(?,05877B44), ref: 0585A2FC
                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 0585A302
                                                                                                                • lstrcatA.KERNEL32(?,05877B48), ref: 0585A30C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: lstrcat$EnvironmentExpandStrings$Heap$AllocateCloseCreateErrorFileFolderHandleLastPathProcesslstrcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3532340527-0
                                                                                                                • Opcode ID: 2ed1996ef1f58305f9b0c0266d956d9ef415b75dae4de943f396617f242176d4
                                                                                                                • Instruction ID: 6166e84e3563b098bdf91897a478f309aae2996d2b42fcdd01bfe041b511063f
                                                                                                                • Opcode Fuzzy Hash: 2ed1996ef1f58305f9b0c0266d956d9ef415b75dae4de943f396617f242176d4
                                                                                                                • Instruction Fuzzy Hash: E5D1D9209083C9DDEF12DF68D84C7DE3F965F22748F084099FD985A292C6BB8658C776
                                                                                                                APIs
                                                                                                                • strcmp.NTDLL ref: 05856497
                                                                                                                • strcpy.NTDLL ref: 058564BA
                                                                                                                • strlen.NTDLL ref: 058564A4
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • strcmp.NTDLL ref: 058564CA
                                                                                                                • strlen.NTDLL ref: 058564D7
                                                                                                                • strcpy.NTDLL ref: 058564ED
                                                                                                                • strcmp.NTDLL ref: 05856503
                                                                                                                  • Part of subcall function 0585631E: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0585634C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: strcmp$Heapstrcpystrlen$AllocateCryptDataProcessUnprotect
                                                                                                                • String ID: C$H$origin_url$password_value$username_value
                                                                                                                • API String ID: 2836145645-2265250071
                                                                                                                • Opcode ID: 8f51e28fedd7b3d80d784ca5defd1f1adc833eee9de5bbe6315ddd4717c77815
                                                                                                                • Instruction ID: 8acff31908958fc5e315feaf594eb5a5042f274038aa8914517edbb174de0ca6
                                                                                                                • Opcode Fuzzy Hash: 8f51e28fedd7b3d80d784ca5defd1f1adc833eee9de5bbe6315ddd4717c77815
                                                                                                                • Instruction Fuzzy Hash: 42619331D082C9EEEF02DBA8D8447EDBFB66F15314F484099D844B7242D7BA5A14CB76
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,0583E456,00000010,00000001,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FE85
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0583FE8E
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,00000104,00000004,00000001,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FEB7
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0583FEBA
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,058F1800,00000004,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FED4
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0583FED7
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,?,00000004,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FF16
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0583FF1D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: RtlComputeCrc32$ntdll.dll
                                                                                                                • API String ID: 1646373207-1139399520
                                                                                                                • Opcode ID: 5661e3d3ed30326a73a37e5025a229bb91f4f976a10de849179b96fa7345a1be
                                                                                                                • Instruction ID: 6a26c1a66f7237a86418da48b973b7476c30a2a32f79c99f98b49e44e4171126
                                                                                                                • Opcode Fuzzy Hash: 5661e3d3ed30326a73a37e5025a229bb91f4f976a10de849179b96fa7345a1be
                                                                                                                • Instruction Fuzzy Hash: 4E312771A54749BFDB04DBB89C8BB98BFACAF19200F048129AD54D7391D6B4A904CBE1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(%APPDATA%,00000000,00000104,05856FC2,00000000,00000000,?,05857B10,00000000,00000000,00000000,00000000,?,05857D86), ref: 05856A8D
                                                                                                                  • Part of subcall function 0586674E: _vsnprintf.NTDLL ref: 05866763
                                                                                                                • GetPrivateProfileStringA.KERNEL32(Profile0,Path,05877723,00000000,00000104,00000000), ref: 05856AB5
                                                                                                                • strlen.NTDLL ref: 05856ACA
                                                                                                                • memcpy.NTDLL(00000000,00000000,00000001,00000001,00000000,00000000,00000104,%s\Mozilla\Firefox\%s,00000000,00000000), ref: 05856ADF
                                                                                                                  • Part of subcall function 05865649: GetProcessHeap.KERNEL32(00000000,00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865651
                                                                                                                  • Part of subcall function 05865649: RtlFreeHeap.NTDLL(00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865658
                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 05856AFD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$AllocateAttributesEnvironmentExpandFileFreePrivateProfileStringStrings_vsnprintfmemcpystrlen
                                                                                                                • String ID: %APPDATA%$%s\Mozilla\Firefox\%s$%s\Mozilla\Firefox\profiles.ini$Path$Profile0
                                                                                                                • API String ID: 3768548905-3467599828
                                                                                                                • Opcode ID: 857062218361de3e59a2db276364ff5bb00d0ad02ee73e5e894e77c0875230de
                                                                                                                • Instruction ID: 2d18f8d84f9822ecb4f3e42d187facd4f9bc9c5905d3a9f67267a170f5436e3b
                                                                                                                • Opcode Fuzzy Hash: 857062218361de3e59a2db276364ff5bb00d0ad02ee73e5e894e77c0875230de
                                                                                                                • Instruction Fuzzy Hash: 5311A0716413187AC700766ADC8ECAF3FACDE966B5F404428FC09E1101EA79AC01D6B7
                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,?,?,?,00000000,?,?,?,?,?,?), ref: 0583ED93
                                                                                                                • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 0583EDB0
                                                                                                                • CloseHandle.KERNEL32(?), ref: 0583EDC7
                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,LoadLibraryA), ref: 0583EDE3
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0583EDEC
                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,GetProcAddress), ref: 0583EDFB
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0583EDFE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Handle$AddressModuleProcProcess$CloseOpenTimes
                                                                                                                • String ID: GetProcAddress$LoadLibraryA$kernel32.dll
                                                                                                                • API String ID: 2217410615-2012913295
                                                                                                                • Opcode ID: 71bfc8ad0de27ff369078cab0c1b2c462f1a500a48cfc4e1238d167a2ebe9310
                                                                                                                • Instruction ID: 4dd1e11841b8b0a22de86dcecee90875c154a5f510d69dc68cdc1da7c219cdc8
                                                                                                                • Opcode Fuzzy Hash: 71bfc8ad0de27ff369078cab0c1b2c462f1a500a48cfc4e1238d167a2ebe9310
                                                                                                                • Instruction Fuzzy Hash: F31151B2514B44AF9B10DFA69C89C6BBBECEF88650B04891EFD5583351EA74E800CF61
                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(00000000,00000000,05856605,00000001,00000000,00000000,00000000,?,05857A01,00000001,00000000,00000000,?,?,?,05857B10), ref: 058562B5
                                                                                                                • GetProcAddress.KERNEL32(00000000,sqlite3_open), ref: 058562D0
                                                                                                                • GetProcAddress.KERNEL32(00000000,sqlite3_busy_timeout), ref: 058562DB
                                                                                                                • GetProcAddress.KERNEL32(00000000,sqlite3_exec), ref: 058562E6
                                                                                                                • GetProcAddress.KERNEL32(00000000,sqlite3_close), ref: 058562F1
                                                                                                                • FreeLibrary.KERNEL32(00000000,05857A01,00000001,00000000,00000000,?,?,?,05857B10,00000000,00000000), ref: 05856314
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$Library$FreeLoad
                                                                                                                • String ID: sqlite3_busy_timeout$sqlite3_close$sqlite3_exec$sqlite3_open
                                                                                                                • API String ID: 2449869053-916013065
                                                                                                                • Opcode ID: 04f49e1d342d6d746e9d7a24ce47757efce407d64fca2cc331c77405779d6995
                                                                                                                • Instruction ID: 1cd43284a0d7e301317c5e1c1593b1454df5a52171eb70af3f9198cb533ec4e7
                                                                                                                • Opcode Fuzzy Hash: 04f49e1d342d6d746e9d7a24ce47757efce407d64fca2cc331c77405779d6995
                                                                                                                • Instruction Fuzzy Hash: 2201E1B1505B49DBCB34AFB7DC89857BBE8FE44652350887EE99AC2601EB74D840DF20
                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,00000000,0000000F,00000000,?,?,0583ED5A), ref: 0583EAE5
                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,0583ED5A), ref: 0583EAFF
                                                                                                                • GetTokenInformation.ADVAPI32(?,00000019(TokenIntegrityLevel),00000000,00000000,0583ED5A,?,?,?,0583ED5A), ref: 0583EB22
                                                                                                                • GetLastError.KERNEL32(?,?,0583ED5A), ref: 0583EB28
                                                                                                                  • Part of subcall function 058454D0: GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,0583E683,?,00000000), ref: 058454DB
                                                                                                                  • Part of subcall function 058454D0: RtlAllocateHeap.NTDLL(00000000), ref: 058454E4
                                                                                                                  • Part of subcall function 058454D0: Sleep.KERNEL32(00000032), ref: 058454F2
                                                                                                                  • Part of subcall function 058454D0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 058454FB
                                                                                                                  • Part of subcall function 058454D0: HeapAlloc.KERNEL32(00000000), ref: 058454FE
                                                                                                                • GetTokenInformation.ADVAPI32(?,00000019(TokenIntegrityLevel),00000000,0583ED5A,0583ED5A,?,?,0583ED5A), ref: 0583EB50
                                                                                                                • GetSidSubAuthorityCount.ADVAPI32(?,?,?,0583ED5A), ref: 0583EB59
                                                                                                                • GetSidSubAuthority.ADVAPI32(?,00000000,?,?,?,0583ED5A), ref: 0583EB6A
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,?,?,?,0583ED5A), ref: 0583EB75
                                                                                                                • HeapFree.KERNEL32(00000000,?,00000000,?,?,?,0583ED5A), ref: 0583EB7C
                                                                                                                • CloseHandle.KERNEL32(?,?,00000000,?,?,?,0583ED5A), ref: 0583EB86
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,0583ED5A), ref: 0583EB91
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$Token$AuthorityCloseHandleInformationOpen$AllocAllocateCountErrorFreeLastSleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 2806027316-0
                                                                                                                • Opcode ID: 3f6df8c9ea03e3f42938a5b3ff9b2b4f3db154272e29b20528f56b5e9bc71574
                                                                                                                • Instruction ID: 312143cdf3c29aa227ae41f934be6e403b42d27e39ef321d437dfc74f6df222b
                                                                                                                • Opcode Fuzzy Hash: 3f6df8c9ea03e3f42938a5b3ff9b2b4f3db154272e29b20528f56b5e9bc71574
                                                                                                                • Instruction Fuzzy Hash: D4213075911618ABD7209BA6D84EEAF7F7CFF49651F004144FD46E7240EA30EE048BE0
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                  • Part of subcall function 05864690: lstrcpyW.KERNEL32(00000000,05857D90,80000001,?,?,?,0586473B,80000001,05857D90,05879690,00000000), ref: 058646AB
                                                                                                                  • Part of subcall function 05864690: lstrcatW.KERNEL32(00000000,0587968C,?,?,?,0586473B,80000001,05857D90,05879690,00000000), ref: 058646B7
                                                                                                                  • Part of subcall function 05864690: lstrlenW.KERNEL32(00000000,?,?,?,0586473B,80000001,05857D90,05879690,00000000), ref: 058646BE
                                                                                                                • wcslen.NTDLL ref: 058648CD
                                                                                                                • __fprintf_l.LIBCMT ref: 05864910
                                                                                                                • strcmp.NTDLL ref: 05864927
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap__fprintf_llstrcatlstrcpylstrlenstrcmpwcslen
                                                                                                                • String ID: Bitness$Software\Microsoft\Office$\Outlook$x64$x86
                                                                                                                • API String ID: 2684315589-206100058
                                                                                                                • Opcode ID: ae4d2cc1fc3e46a7736637ca5d747155f9909456a9a778aaed58a749ee111bce
                                                                                                                • Instruction ID: db7fc1bde1a390c1acd0491d48ed5639ee0a1e0af1a3676e54f9fd33020e1fec
                                                                                                                • Opcode Fuzzy Hash: ae4d2cc1fc3e46a7736637ca5d747155f9909456a9a778aaed58a749ee111bce
                                                                                                                • Instruction Fuzzy Hash: 3931A471A40309BBEF11B7A89C89FBE77B9AF01354F600064ED15F11A1EB758E009663
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05836B10: htons.WS2_32(058680E7), ref: 05836B31
                                                                                                                  • Part of subcall function 05836B10: inet_addr.WS2_32(05857FB3), ref: 05836B3C
                                                                                                                  • Part of subcall function 05836B10: htonl.WS2_32(000000FF), ref: 05836B47
                                                                                                                  • Part of subcall function 05836B10: gethostbyname.WS2_32(05857FB3), ref: 05836B53
                                                                                                                • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 058367A7
                                                                                                                • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,0585803B,?,?,05863418,00000000,00000000,?,00000001), ref: 058367B2
                                                                                                                • closesocket.WS2_32(00000000), ref: 058367D2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastclosesocketgethostbynamehtonlhtonsinet_addrioctlsocket
                                                                                                                • String ID: %s: %s$Making connection to client on host %s port %d$Setting socket to non-blocking failed$connection failed$setsockopt failed
                                                                                                                • API String ID: 117272891-2080511648
                                                                                                                • Opcode ID: 91735a5e2867c361ecedbb20c0d689f99ad2a2db42f52878c5988d6dc110c4f9
                                                                                                                • Instruction ID: c16757432e838274595cfb0dda0b551dc9c620b3f09a66b7b4be9edf38f38378
                                                                                                                • Opcode Fuzzy Hash: 91735a5e2867c361ecedbb20c0d689f99ad2a2db42f52878c5988d6dc110c4f9
                                                                                                                • Instruction Fuzzy Hash: C7312731B10604BBD3108B6E9C8B9EABF99FB48726F500225FD15C6240FB31EC108BD1
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset$strlen
                                                                                                                • String ID: AUTH LOGIN$EHLO Here
                                                                                                                • API String ID: 3337090206-4110179881
                                                                                                                • Opcode ID: 54f4cf7cd221bd2aaae2eae5193acc68a4edeb36a453bbbfdc14b2a01243efae
                                                                                                                • Instruction ID: 73eeba1ad9453603c958b0ca2c4313ebf1f4c9252f354268ed83959e468b6eb2
                                                                                                                • Opcode Fuzzy Hash: 54f4cf7cd221bd2aaae2eae5193acc68a4edeb36a453bbbfdc14b2a01243efae
                                                                                                                • Instruction Fuzzy Hash: 54515471A01219ABCF18EB58CC88CEE776DBF05264F040595F909E7291EB34AF45CBA1
                                                                                                                APIs
                                                                                                                • _chkstk.NTDLL(?,05836415,?,00000000,00000000), ref: 05832D98
                                                                                                                • select.WS2_32(?,00000000,?,00000000,?), ref: 05832E0B
                                                                                                                • WSAGetLastError.WS2_32 ref: 05832E1D
                                                                                                                • recv.WS2_32(?,?,00002000,00000000), ref: 05832E50
                                                                                                                Strings
                                                                                                                • rfbSendFileTransferChunk() select failed: %d, xrefs: 05832E20
                                                                                                                • rfbSendFileTransferChunk(): %d, xrefs: 05832EE3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast_chkstkrecvselect
                                                                                                                • String ID: rfbSendFileTransferChunk() select failed: %d$rfbSendFileTransferChunk(): %d
                                                                                                                • API String ID: 1903325616-2707889403
                                                                                                                • Opcode ID: 935d88074f1dd0f5a1dc82e753b1aaebf4702a2dd5ae99742afa11932b953f96
                                                                                                                • Instruction ID: a0f9ecb13cb6a3765f19578ab5ac0b431ca4807c5c5514ce5a6966f5caf3ae29
                                                                                                                • Opcode Fuzzy Hash: 935d88074f1dd0f5a1dc82e753b1aaebf4702a2dd5ae99742afa11932b953f96
                                                                                                                • Instruction Fuzzy Hash: 3F41E875A006045FD724DF28DC8ABFA77E9FB44211F00066DFD1EC6280EB756D458BA1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05842F70: _stricmp.NTDLL(00000000,00000000,Function_0004B59A,?,00000000,?,?,?,05847B8C,?,?,05843EB6,connection), ref: 05842FB2
                                                                                                                • _stricmp.NTDLL(00000000,gzip,?,?,?,00000000,00000000), ref: 05843B7D
                                                                                                                • EnterCriticalSection.KERNEL32(058F1794,?,?,?,00000000,00000000), ref: 05843BA4
                                                                                                                • LeaveCriticalSection.KERNEL32(058F1794,00000000), ref: 05843BD0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection_stricmp$EnterLeave
                                                                                                                • String ID: Content-Encoding$Content-Length$Transfer-Encoding$chunked$gzip
                                                                                                                • API String ID: 3138772701-1096365409
                                                                                                                • Opcode ID: b70d507cc7fc6fff760a2a8b136270ffdac843196c7b80462bc582324ce8edea
                                                                                                                • Instruction ID: 0b70861355fe1d1ed17ac36860ca9778c23f7a8cf58f6d738759720098fee995
                                                                                                                • Opcode Fuzzy Hash: b70d507cc7fc6fff760a2a8b136270ffdac843196c7b80462bc582324ce8edea
                                                                                                                • Instruction Fuzzy Hash: 5131A231B003089BDB14ABADD8999EDB7ACEF58115F400469ED06E7341EEB49D458FE2
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05842F70: _stricmp.NTDLL(00000000,00000000,Function_0004B59A,?,00000000,?,?,?,05847B8C,?,?,05843EB6,connection), ref: 05842FB2
                                                                                                                • atoi.NTDLL ref: 0584781A
                                                                                                                • _stricmp.NTDLL(00000000,gzip,?,0584326F,?,?,?,?,?,?,00000000,connection,keep-alive), ref: 05847842
                                                                                                                • _stricmp.NTDLL(00000000,chunked,?,?,0584326F,?,?,?,?,?,?,00000000,connection,keep-alive), ref: 05847877
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: _stricmp$atoi
                                                                                                                • String ID: chunked$content-encoding$content-length$gzip$transfer-encoding
                                                                                                                • API String ID: 3016901871-124606438
                                                                                                                • Opcode ID: e4408b1b3ee012e255ac5ffe6a188a09f7ff7b46a73aefd48af71cef8c4f7d4e
                                                                                                                • Instruction ID: a04a780c19ed1bcf440273584ca41652d1545583c4b791803fd4692af5da458e
                                                                                                                • Opcode Fuzzy Hash: e4408b1b3ee012e255ac5ffe6a188a09f7ff7b46a73aefd48af71cef8c4f7d4e
                                                                                                                • Instruction Fuzzy Hash: FD21D3706047888AD730EB7888967A6B6D9EF10200F44896EDCABD3251E760FC4ACF17
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,NtQuerySystemTime,?,00000000,?,?,?,?,?,?,?,?,05846F45,?,00000000,?), ref: 05846E87
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 05846E8A
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,NtQuerySystemInformation,?,00000000,?,?,?,?,?,?,?,?,05846F45,?,00000000,?), ref: 05846EB7
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 05846EBA
                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05846F0E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                • String ID: NtQuerySystemInformation$NtQuerySystemTime$ntdll.dll
                                                                                                                • API String ID: 2353208022-2807022315
                                                                                                                • Opcode ID: db88e1dfcf703b5cbb63cb5ec401a19ac4108586ba45c3eda675143e626461cc
                                                                                                                • Instruction ID: f6ae557a8a145c20b617ca4feb3421bf72b7b0a89f8562f363c553a2738633c4
                                                                                                                • Opcode Fuzzy Hash: db88e1dfcf703b5cbb63cb5ec401a19ac4108586ba45c3eda675143e626461cc
                                                                                                                • Instruction Fuzzy Hash: 0C112E75A70208DAD710EAA9ED4BDBA7BEDAB88600F048515FD04D3244EFB1B904CFA0
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05857624: ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000104,?,?,?,?,?,?,?,05857AFA,?,05857D86,?,?), ref: 05857659
                                                                                                                  • Part of subcall function 05862529: CreateDirectoryW.KERNEL32(?,00000000,05862160,?,?,00000103,%s\%s\%s.%s,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},?,?,?,00000103,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723}), ref: 0586252F
                                                                                                                • wcslen.NTDLL ref: 058576A5
                                                                                                                • memcpy.NTDLL(00000000,\log,0000000A,00000000,00000000), ref: 058576B5
                                                                                                                • CreateFileW.KERNEL32(00000000,40000000,00000002,00000000,00000004,00000000,00000000), ref: 058576D2
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 05857723
                                                                                                                  • Part of subcall function 0586674E: _vsnprintf.NTDLL ref: 05866763
                                                                                                                • strlen.NTDLL ref: 05857701
                                                                                                                • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 05857714
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile$CloseDirectoryEnvironmentExpandHandleStringsWrite_vsnprintfmemcpystrlenwcslen
                                                                                                                • String ID: %s%d%d%d%d$\log
                                                                                                                • API String ID: 4039266737-3666835295
                                                                                                                • Opcode ID: f42f2ac0afa799f8cd34ecc19ab0ed33d8774c40f36ef24e340cd48bce776d60
                                                                                                                • Instruction ID: 5b7ef5198562f57f45f8e71f97c08c0447a1c49ec56058c6a5491d7977df58bd
                                                                                                                • Opcode Fuzzy Hash: f42f2ac0afa799f8cd34ecc19ab0ed33d8774c40f36ef24e340cd48bce776d60
                                                                                                                • Instruction Fuzzy Hash: BD1177B1A0131876D720A7A99C4EECF7EACDF45754F004025FE05F6140E674AE05C6F6
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0583E4D0: PathCombineA.KERNELBASE(Global\{AD3EBBCA-D942-886C-AD3E-CABB824AEA00},Global\,00000000,00000000), ref: 0583E4FD
                                                                                                                  • Part of subcall function 0583E4D0: PathCombineA.SHLWAPI(Global\{2C240B38-28B0-DE58-2C24-380BA08C4000},Global\,00000000), ref: 0583E514
                                                                                                                  • Part of subcall function 0583E4D0: PathCombineA.SHLWAPI(Global\{9F624598-6310-E9A0-9F62-9845686A6200},Global\,00000000), ref: 0583E52B
                                                                                                                • OpenEventA.KERNEL32(00000002,00000000,Global\{2C240B38-28B0-DE58-2C24-380BA08C4000}), ref: 0583FB34
                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,Global\{9F624598-6310-E9A0-9F62-9845686A6200}), ref: 0583FB49
                                                                                                                • SetEvent.KERNEL32(00000000), ref: 0583FB56
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0583FB61
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0583FB68
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0583FB6F
                                                                                                                Strings
                                                                                                                • Global\{9F624598-6310-E9A0-9F62-9845686A6200}, xrefs: 0583FB41
                                                                                                                • Global\{2C240B38-28B0-DE58-2C24-380BA08C4000}, xrefs: 0583FB2A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CombineEventPath$CloseHandle$CreateObjectOpenSingleWait
                                                                                                                • String ID: Global\{2C240B38-28B0-DE58-2C24-380BA08C4000}$Global\{9F624598-6310-E9A0-9F62-9845686A6200}
                                                                                                                • API String ID: 982347930-1134674532
                                                                                                                • Opcode ID: 318576d696764086e2854fe3fb7bc22c6d393902643454a736dd92936e8bd4da
                                                                                                                • Instruction ID: 5f205c2f55907d5bb9479b34edf26ed224970efeebfec035c7b3bc5e35143c57
                                                                                                                • Opcode Fuzzy Hash: 318576d696764086e2854fe3fb7bc22c6d393902643454a736dd92936e8bd4da
                                                                                                                • Instruction Fuzzy Hash: D6018F72611654A7D72027A7AC4EE1B3EA9EBC9762F040119FE06D6240DFB8D805D7A0
                                                                                                                APIs
                                                                                                                • OpenEventA.KERNEL32(00000002,00000000,Global\{2C240B38-28B0-DE58-2C24-380BA08C4000}), ref: 0583FB34
                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,Global\{9F624598-6310-E9A0-9F62-9845686A6200}), ref: 0583FB49
                                                                                                                • SetEvent.KERNEL32(00000000), ref: 0583FB56
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0583FB61
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0583FB68
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0583FB6F
                                                                                                                  • Part of subcall function 0583E4D0: PathCombineA.KERNELBASE(Global\{AD3EBBCA-D942-886C-AD3E-CABB824AEA00},Global\,00000000,00000000), ref: 0583E4FD
                                                                                                                  • Part of subcall function 0583E4D0: PathCombineA.SHLWAPI(Global\{2C240B38-28B0-DE58-2C24-380BA08C4000},Global\,00000000), ref: 0583E514
                                                                                                                  • Part of subcall function 0583E4D0: PathCombineA.SHLWAPI(Global\{9F624598-6310-E9A0-9F62-9845686A6200},Global\,00000000), ref: 0583E52B
                                                                                                                Strings
                                                                                                                • Global\{9F624598-6310-E9A0-9F62-9845686A6200}, xrefs: 0583FB41
                                                                                                                • Global\{2C240B38-28B0-DE58-2C24-380BA08C4000}, xrefs: 0583FB2A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CombineEventPath$CloseHandle$CreateObjectOpenSingleWait
                                                                                                                • String ID: Global\{2C240B38-28B0-DE58-2C24-380BA08C4000}$Global\{9F624598-6310-E9A0-9F62-9845686A6200}
                                                                                                                • API String ID: 982347930-1134674532
                                                                                                                • Opcode ID: fc2bd79eafe17e5db50177e0a9275ec22594a5b4f559bae017738e25faa2fa64
                                                                                                                • Instruction ID: 5ad7adb5ad3b57313788e7490dced847503989569a3acaa34c95f04379d95b30
                                                                                                                • Opcode Fuzzy Hash: fc2bd79eafe17e5db50177e0a9275ec22594a5b4f559bae017738e25faa2fa64
                                                                                                                • Instruction Fuzzy Hash: 3DF08171510659A7D72027679C4EE173EADFBC9762F040118FE0292144DF78D804C7A0
                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 05873C0E
                                                                                                                • memset.NTDLL ref: 05873C30
                                                                                                                • memset.NTDLL ref: 05873C4C
                                                                                                                • memset.NTDLL ref: 05873C5A
                                                                                                                • memset.NTDLL ref: 05873C90
                                                                                                                • memset.NTDLL ref: 05873CAF
                                                                                                                • memset.NTDLL ref: 05873CC2
                                                                                                                • memset.NTDLL ref: 05873CDC
                                                                                                                • memcpy.NTDLL(?,?,00000050,?,00000000,00000090,?,00000000,00000098), ref: 05873D11
                                                                                                                  • Part of subcall function 0587480D: memcpy.NTDLL(?,75FF5059,00000050,?,?), ref: 05874826
                                                                                                                  • Part of subcall function 0587480D: memcpy.NTDLL(?,?,00000050,?,?,75FF5059,?,?,75FF5059,00000050,?,?), ref: 0587484F
                                                                                                                  • Part of subcall function 0587480D: memcpy.NTDLL(?,?,00000050,?,?,?,?,?,75FF5059,?), ref: 058748D2
                                                                                                                  • Part of subcall function 0587480D: memcpy.NTDLL(?,?,00000050,?,?,?,?,?,?,?), ref: 0587495F
                                                                                                                • memcpy.NTDLL(?,?,00000050), ref: 05873DF4
                                                                                                                • memcpy.NTDLL(?,?,00000050,?,?,00000050), ref: 05873DFF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset$memcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 368790112-0
                                                                                                                • Opcode ID: 3ab31da95b9047a65bba61be11c4f7af31cc22e9d1687835d08c84bb0b4d6dd0
                                                                                                                • Instruction ID: e248cd3b7ed6799ce15e0a577d919c7a83095ccbcb80abb27de839f5b93588ac
                                                                                                                • Opcode Fuzzy Hash: 3ab31da95b9047a65bba61be11c4f7af31cc22e9d1687835d08c84bb0b4d6dd0
                                                                                                                • Instruction Fuzzy Hash: FD61C4B1D0022DABCF21DF95CC84EEEBBB8FB48714F004199EA08B6201D7315A45CFA6
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • rfbProcessClientInitMessage: client gone, xrefs: 05832475
                                                                                                                • refusing new client %s, xrefs: 05832577
                                                                                                                • rfbProcessClientInitMessage: read, xrefs: 05832498
                                                                                                                • rfbProcessClientInitMessage: write, xrefs: 05832434
                                                                                                                • %s: %s, xrefs: 0583249D
                                                                                                                • -dontdisconnect: Not shared & existing client, xrefs: 05832565
                                                                                                                • Not shared - closing connection to client %s, xrefs: 058325D2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memsetstrncpy
                                                                                                                • String ID: refusing new client %s$%s: %s$-dontdisconnect: Not shared & existing client$Not shared - closing connection to client %s$rfbProcessClientInitMessage: client gone$rfbProcessClientInitMessage: read$rfbProcessClientInitMessage: write
                                                                                                                • API String ID: 388311670-2796739189
                                                                                                                • Opcode ID: 3a40455b8771a7f80f7780566c7fc44cfcb626eb41ecc5198d0c7e8fe73a2e83
                                                                                                                • Instruction ID: 84cd1a6a8d3dce519cacb45f8e305cfe0692381c7b801f00c20234e2747c9fcc
                                                                                                                • Opcode Fuzzy Hash: 3a40455b8771a7f80f7780566c7fc44cfcb626eb41ecc5198d0c7e8fe73a2e83
                                                                                                                • Instruction Fuzzy Hash: 0681F0B5A043009BE714CF29DC8AA6677D6AF88315F0841B8ED4AD7341EB74ED00C7E2
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000410,00000000,00000000,00000001), ref: 05867A19
                                                                                                                • lstrcatW.KERNEL32(00000000,?), ref: 05867A23
                                                                                                                • Wow64DisableWow64FsRedirection.KERNEL32(?), ref: 05867A3B
                                                                                                                • memset.NTDLL ref: 05867A4C
                                                                                                                • memset.NTDLL ref: 05867A58
                                                                                                                • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 05867A78
                                                                                                                • CloseHandle.KERNEL32(?,?,00000000), ref: 05867A94
                                                                                                                • CloseHandle.KERNEL32(?), ref: 05867A99
                                                                                                                • Wow64RevertWow64FsRedirection.KERNEL32(?), ref: 05867AA9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Wow64$CloseHandleHeapProcessRedirectionmemset$AllocateCreateDisableEnvironmentExpandRevertStringslstrcat
                                                                                                                • String ID:
                                                                                                                • API String ID: 3580905267-0
                                                                                                                • Opcode ID: a90701b818dbdd3c111a5ef5287de75f058b37343ee403fa62b01094af732646
                                                                                                                • Instruction ID: f64f2126f4eecff39dff9456eead8b42d3b301259f94f83a54ce829ad99e13a6
                                                                                                                • Opcode Fuzzy Hash: a90701b818dbdd3c111a5ef5287de75f058b37343ee403fa62b01094af732646
                                                                                                                • Instruction Fuzzy Hash: DE71302176434CA9EB10CFE5AC55BEE3775FF48754F50611AFA08DB2A0E2B28D80C75A
                                                                                                                APIs
                                                                                                                • sscanf.NTDLL ref: 058320E7
                                                                                                                  • Part of subcall function 05836650: __WSAFDIsSet.WS2_32(?,?), ref: 05836700
                                                                                                                  • Part of subcall function 05836650: shutdown.WS2_32(?,00000002), ref: 05836727
                                                                                                                  • Part of subcall function 05836650: closesocket.WS2_32(?), ref: 05836731
                                                                                                                Strings
                                                                                                                • Protocol version sent %d.%d, using %d.%d, xrefs: 0583216A
                                                                                                                • rfbProcessClientProtocolVersion: read, xrefs: 058320B1
                                                                                                                • Client Protocol Version %d.%d, xrefs: 0583211B
                                                                                                                • %s: %s, xrefs: 058320B6
                                                                                                                • rfbProcessClientProtocolVersion: not a valid RFB client: %s, xrefs: 058320F9
                                                                                                                • RFB %03d.%03d, xrefs: 058320DC
                                                                                                                • RFB protocol version mismatch - server %d.%d, client %d.%d, xrefs: 05832148
                                                                                                                • rfbProcessClientProtocolVersion: client gone, xrefs: 05832092
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: closesocketshutdownsscanf
                                                                                                                • String ID: %s: %s$Client Protocol Version %d.%d$Protocol version sent %d.%d, using %d.%d$RFB %03d.%03d$RFB protocol version mismatch - server %d.%d, client %d.%d$rfbProcessClientProtocolVersion: client gone$rfbProcessClientProtocolVersion: not a valid RFB client: %s$rfbProcessClientProtocolVersion: read
                                                                                                                • API String ID: 2951908414-2260065322
                                                                                                                • Opcode ID: 8ff0d481de2eae24d8854b93c0543b9b4af0a8e6814e945fbfcf64318a88b405
                                                                                                                • Instruction ID: 99f424bf69828319571dae29df28cacaf477c7f729cf8867cd73a84af025f05d
                                                                                                                • Opcode Fuzzy Hash: 8ff0d481de2eae24d8854b93c0543b9b4af0a8e6814e945fbfcf64318a88b405
                                                                                                                • Instruction Fuzzy Hash: 0F31B271614204ABD310EB5CDC4BEABB7E9EB84605F044559FD4AC2241FA70ED54CBE7
                                                                                                                APIs
                                                                                                                • WaitForSingleObject.KERNEL32(000000FF), ref: 0585C848
                                                                                                                • EnterCriticalSection.KERNEL32(058EDC14), ref: 0585C885
                                                                                                                • LeaveCriticalSection.KERNEL32(058EDC14), ref: 0585C8F0
                                                                                                                • EnterCriticalSection.KERNEL32(058EDC14), ref: 0585C8FA
                                                                                                                • LeaveCriticalSection.KERNEL32(058EDC14,?,00000000), ref: 0585C93A
                                                                                                                • ResetEvent.KERNEL32 ref: 0585C957
                                                                                                                • WaitForSingleObject.KERNEL32(000000FF), ref: 0585C965
                                                                                                                • ExitThread.KERNEL32 ref: 0585C97E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeaveObjectSingleWait$EventExitResetThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 283908491-0
                                                                                                                • Opcode ID: 5e0a39175e2fc2f1dbfe1cefff0981ac0077921ede64476daabd3d4eef371e6d
                                                                                                                • Instruction ID: dcd7c5ab4facf7990e9b0bba54808eb9e04c67637d1ed36f49794f4f50dc04b0
                                                                                                                • Opcode Fuzzy Hash: 5e0a39175e2fc2f1dbfe1cefff0981ac0077921ede64476daabd3d4eef371e6d
                                                                                                                • Instruction Fuzzy Hash: 673194306143099BDB00FF25D849A6A7B69FF55365F80411CFD16E6291DFB0AC89CFA2
                                                                                                                APIs
                                                                                                                • ReadProcessMemory.KERNEL32(00000000,771AFA10,?,00000014,?,00000000,00000000,00000000), ref: 05842336
                                                                                                                • Sleep.KERNEL32(000003E8), ref: 058423A1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: MemoryProcessReadSleep
                                                                                                                • String ID: 3
                                                                                                                • API String ID: 2973240108-1842515611
                                                                                                                • Opcode ID: 0ed734e731034745c44da630dd464f5bc264b1d005fa1dbfde1a28613fca0a9f
                                                                                                                • Instruction ID: 8f1a639918c6901dae5ea0a02fa110b597343791b218bae0e5896c9f12ec5e5e
                                                                                                                • Opcode Fuzzy Hash: 0ed734e731034745c44da630dd464f5bc264b1d005fa1dbfde1a28613fca0a9f
                                                                                                                • Instruction Fuzzy Hash: AC41167661811DABEB10CA69DC45EBEBBB9FB45704F084295FD46D7240DA31ED01CFA0
                                                                                                                APIs
                                                                                                                • send.WS2_32(?,02506857,?,00000000), ref: 05836A03
                                                                                                                • WSAGetLastError.WS2_32 ref: 05836A1F
                                                                                                                • select.WS2_32(?,00000000,?,00000000,00000000), ref: 05836A70
                                                                                                                • WSAGetLastError.WS2_32 ref: 05836A7C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$selectsend
                                                                                                                • String ID: %s: %s$WriteExact: select$WriteExact: write returned 0?
                                                                                                                • API String ID: 3849214359-1006224034
                                                                                                                • Opcode ID: 68ba04c58c6e4f15d5a77e22a0af80859d8708a211e04b93847eaa398ac19fa0
                                                                                                                • Instruction ID: 3714169b7002855215d7bf39ec05cd89032c4256e61a9c9648b40d4e210b12b0
                                                                                                                • Opcode Fuzzy Hash: 68ba04c58c6e4f15d5a77e22a0af80859d8708a211e04b93847eaa398ac19fa0
                                                                                                                • Instruction Fuzzy Hash: 0531B671B04218AFD7109F5ED88A7A9BBA4FB44325F108166FD09CB240FBB5DD548BD1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05857624: ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000104,?,?,?,?,?,?,?,05857AFA,?,05857D86,?,?), ref: 05857659
                                                                                                                  • Part of subcall function 05862529: CreateDirectoryW.KERNEL32(?,00000000,05862160,?,?,00000103,%s\%s\%s.%s,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},?,?,?,00000103,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723}), ref: 0586252F
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,00000000), ref: 05857A7B
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 05857A8F
                                                                                                                • CreateFileA.KERNEL32(log,40000000,00000002,00000000,00000004,00000000,00000000), ref: 05857AA5
                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 05857ABB
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 05857ACB
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 05857AEA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Directory$Current$CreateFileHeap$AllocateCloseEnvironmentExpandHandlePointerProcessStrings
                                                                                                                • String ID: log
                                                                                                                • API String ID: 941948721-2403297477
                                                                                                                • Opcode ID: 078723f91825a16179ba863c12d2847014107c22ffe1939a50fa5e6483ad9c3b
                                                                                                                • Instruction ID: f86a046d18fbc7a7a65e00f6eaaa30d113e4ce52fcb2804e2edd254867feda90
                                                                                                                • Opcode Fuzzy Hash: 078723f91825a16179ba863c12d2847014107c22ffe1939a50fa5e6483ad9c3b
                                                                                                                • Instruction Fuzzy Hash: 8111E171A04358BEEB117BB9AC4EE9E7F6CEB01264F148164FD51E21C1EB719E008661
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup,00000000,00000104,000493E0,?,0586393F), ref: 05866892
                                                                                                                  • Part of subcall function 0586677D: _vsnwprintf.NTDLL ref: 05866792
                                                                                                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\Payload 94.75 (4).225.exe,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.exe,00000000), ref: 058668BA
                                                                                                                  • Part of subcall function 05865649: GetProcessHeap.KERNEL32(00000000,00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865651
                                                                                                                  • Part of subcall function 05865649: RtlFreeHeap.NTDLL(00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865658
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.exe, xrefs: 058668A4, 058668A9, 058668B4
                                                                                                                • C:\Users\user\Desktop\Payload 94.75 (4).225.exe, xrefs: 058668B5
                                                                                                                • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup, xrefs: 0586688D
                                                                                                                • %s\%s.exe, xrefs: 0586689E
                                                                                                                • 34fbdedc, xrefs: 05866898
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$AllocateCopyEnvironmentExpandFileFreeStrings_vsnwprintf
                                                                                                                • String ID: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup$%s\%s.exe$34fbdedc$C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.exe$C:\Users\user\Desktop\Payload 94.75 (4).225.exe
                                                                                                                • API String ID: 272449189-1878354154
                                                                                                                • Opcode ID: 73b344abc12f3a42426f213c688e1342682a06a9bc0bf7079f9dcadbe5f21d44
                                                                                                                • Instruction ID: aebde241fbd7c1fa31f20dc45c6ea69f9ee94b67cbc483c09903b0dcab302046
                                                                                                                • Opcode Fuzzy Hash: 73b344abc12f3a42426f213c688e1342682a06a9bc0bf7079f9dcadbe5f21d44
                                                                                                                • Instruction Fuzzy Hash: 59E04F7278531436EA10315F7C0EE9B1EFC8BC3E31F150059FE08E5251A9A86D4191FA
                                                                                                                APIs
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,00000000), ref: 05859F10
                                                                                                                  • Part of subcall function 058627FF: CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 0586281E
                                                                                                                  • Part of subcall function 058627FF: GetFileSize.KERNEL32(00000000,00000000,00000000,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 0586282E
                                                                                                                  • Part of subcall function 058627FF: ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 05862853
                                                                                                                  • Part of subcall function 058627FF: CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},34fbdedc), ref: 0586286A
                                                                                                                • strstr.NTDLL ref: 05859F4D
                                                                                                                • strstr.NTDLL ref: 05859F5B
                                                                                                                • strstr.NTDLL ref: 05859F7E
                                                                                                                • strstr.NTDLL ref: 05859F8F
                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(00000025,0000003D,00000050,?,?,771A8A60,00000104), ref: 05859FAD
                                                                                                                • lstrcatA.KERNEL32(0000003D,-00000005,?,?,771A8A60,00000104), ref: 05859FB7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: strstr$File$EnvironmentExpandStrings$CloseCreateHandleReadSizelstrcat
                                                                                                                • String ID:
                                                                                                                • API String ID: 522968896-0
                                                                                                                • Opcode ID: 84c83cad9ce36544f13d03c4aeb0893fa4c4de7e12a201c082b12113720770cd
                                                                                                                • Instruction ID: 21e9db262754995f17f9f52e319d196f87d944c872fd28c5c03fb3a57868adf7
                                                                                                                • Opcode Fuzzy Hash: 84c83cad9ce36544f13d03c4aeb0893fa4c4de7e12a201c082b12113720770cd
                                                                                                                • Instruction Fuzzy Hash: 6491722190C388E9EF01D7E4D849BEEBBB1EF15714F14005EE548BB2D1E6B71A84C76A
                                                                                                                APIs
                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 0584565B
                                                                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 05845667
                                                                                                                • ioctlsocket.WS2_32(00000000,8004667E,?), ref: 05845684
                                                                                                                • closesocket.WS2_32(00000000), ref: 05845690
                                                                                                                • htons.WS2_32(?), ref: 058456AB
                                                                                                                • connect.WS2_32(00000000,?,00000010), ref: 058456C1
                                                                                                                • shutdown.WS2_32(00000000,00000002), ref: 0584575B
                                                                                                                • closesocket.WS2_32(00000000), ref: 05845762
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: closesocket$Startupconnecthtonsioctlsocketshutdownsocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 1044823664-0
                                                                                                                • Opcode ID: 0185c923884ba421f1c69b360b456a6e5fd110004d36e06b3b9a9dc058d3686b
                                                                                                                • Instruction ID: ac125067dd57d31d85f548618ed7956370a176ef70bf8eb50b082ffae26cb7dd
                                                                                                                • Opcode Fuzzy Hash: 0185c923884ba421f1c69b360b456a6e5fd110004d36e06b3b9a9dc058d3686b
                                                                                                                • Instruction Fuzzy Hash: BB31A73664120C5BDB10DFA8D889EEF77A9EF44260F540128FD19E7280EB34DD45CBA2
                                                                                                                APIs
                                                                                                                • WaitForSingleObject.KERNEL32(0000039C,00000000), ref: 0583EED3
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0583EF0F
                                                                                                                • CloseHandle.KERNEL32(?), ref: 0583EF15
                                                                                                                • UnregisterWait.KERNEL32(?), ref: 0583EF22
                                                                                                                • GetLastError.KERNEL32 ref: 0583EF2C
                                                                                                                • InterlockedDecrement.KERNEL32(058F17EC), ref: 0583EF4E
                                                                                                                • SetEvent.KERNEL32(00000390), ref: 0583EF5F
                                                                                                                • GetLastError.KERNEL32 ref: 0583EF82
                                                                                                                  • Part of subcall function 05842BD0: OpenProcess.KERNEL32(0010043A,00000000,0583F0FB), ref: 05842C04
                                                                                                                  • Part of subcall function 05842BD0: GetProcessHandleCount.KERNEL32(00000000,?), ref: 05842C1A
                                                                                                                  • Part of subcall function 05842BD0: CloseHandle.KERNEL32(00000000), ref: 05842C41
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Handle$Close$ErrorLastProcessWait$CountDecrementEventInterlockedObjectOpenSingleUnregister
                                                                                                                • String ID:
                                                                                                                • API String ID: 2151151281-0
                                                                                                                • Opcode ID: ba7cbdfe65b6141914302e7828a9a4143320a9311d63f955f4c78ec609c33b09
                                                                                                                • Instruction ID: 5dea39ed18d5c7e4650f3848570e171d85895922e6e420c9941a642133c47a09
                                                                                                                • Opcode Fuzzy Hash: ba7cbdfe65b6141914302e7828a9a4143320a9311d63f955f4c78ec609c33b09
                                                                                                                • Instruction Fuzzy Hash: D021B6716107089BD720AB29DC4EBAB7B9DFB44311F00496AFD5AD2640DA75F844CBE1
                                                                                                                APIs
                                                                                                                • GetWindowRect.USER32(?,?), ref: 05858EF8
                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 05858F01
                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 05858F1A
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 05858F25
                                                                                                                • PrintWindow.USER32(?,00000000,00000000), ref: 05858F30
                                                                                                                • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 05858F59
                                                                                                                • DeleteObject.GDI32(?), ref: 05858F63
                                                                                                                • DeleteDC.GDI32(00000000), ref: 05858F6A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CompatibleCreateDeleteObjectWindow$BitmapPrintRectSelect
                                                                                                                • String ID:
                                                                                                                • API String ID: 2993826089-0
                                                                                                                • Opcode ID: 70bed8907e149fb96fe8a361081e02c47a8bb8a5df37d38f05605725210a56c5
                                                                                                                • Instruction ID: c7c57084425905d499eb4172f1973f1b1768cf7640ead77ce68a20f68d5d9345
                                                                                                                • Opcode Fuzzy Hash: 70bed8907e149fb96fe8a361081e02c47a8bb8a5df37d38f05605725210a56c5
                                                                                                                • Instruction Fuzzy Hash: 6911BD7291011ABFCF11DFAAED4DDAFBFB9FF88211B104124F919E2110DA31AA10DB60
                                                                                                                APIs
                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 05862B83
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 05862BA0
                                                                                                                • CloseHandle.KERNEL32(00000000,00000002,00000000), ref: 05862BAC
                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 05862BBF
                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,00000002,00000000), ref: 05862BF6
                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000002,00000000), ref: 05862C05
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$CreateCurrentFirstProcessProcess32SnapshotToolhelp32
                                                                                                                • String ID:
                                                                                                                • API String ID: 302381771-0
                                                                                                                • Opcode ID: 7c02b6487c033dc54efb33756690d42eae979c5c6a6372b16f0fe9f7fd62ea31
                                                                                                                • Instruction ID: af7f29aa4b97ec4d08c7711b93c5f59f6b6554e90458b26a371da0fc9536ed17
                                                                                                                • Opcode Fuzzy Hash: 7c02b6487c033dc54efb33756690d42eae979c5c6a6372b16f0fe9f7fd62ea31
                                                                                                                • Instruction Fuzzy Hash: C4019B35901629AADB21BB749C0DFAE3BA9FF05264F104591FC46E2150EA34DD418E95
                                                                                                                APIs
                                                                                                                • SetEvent.KERNEL32(00000288,00000000,00007FFF,771B0F00,05844EF9,00008000,00000000,058448D0,00007FFF,00000000,05844900,127.0.0.1,00000000,?,00000000), ref: 05848720
                                                                                                                • WaitForSingleObject.KERNEL32(0000028C,000000FF,?,?,0583F978), ref: 0584872C
                                                                                                                • CloseHandle.KERNEL32(0000028C,?,?,0583F978), ref: 0584873C
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,0583F978), ref: 05848741
                                                                                                                • shutdown.WS2_32(00000284,00000002), ref: 0584874E
                                                                                                                • closesocket.WS2_32(00000284), ref: 05848758
                                                                                                                • GetProcessHeap.KERNEL32(00000000,054A66B8,?,?,0583F978), ref: 05848767
                                                                                                                • HeapFree.KERNEL32(00000000,?,?,0583F978), ref: 0584876E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleHeap$EventFreeObjectProcessSingleWaitclosesocketshutdown
                                                                                                                • String ID:
                                                                                                                • API String ID: 4205208968-0
                                                                                                                • Opcode ID: e7c49e64ad2ccbfce125e25a9cb266d6d285c57f33c51d67a0595f6b9579afce
                                                                                                                • Instruction ID: 3fc531838429317d36ac4560bef75d55af6d0735593a4a6eef3574a62aa1cfe0
                                                                                                                • Opcode Fuzzy Hash: e7c49e64ad2ccbfce125e25a9cb266d6d285c57f33c51d67a0595f6b9579afce
                                                                                                                • Instruction Fuzzy Hash: 0EF031B5220B049BC620ABA9E98DD477BB8BB48721B104B08F966D32D0DB34F805CF60
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: strcpystrlen$memcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3828849734-0
                                                                                                                • Opcode ID: 68755d5dcc9208e1ab3d7b19736f49a8c360b894f241865bee21086994a191d8
                                                                                                                • Instruction ID: fd7c815fedc83b07538ebe36aedb3cceebe6d6f935c1508edf1825a87c0e53de
                                                                                                                • Opcode Fuzzy Hash: 68755d5dcc9208e1ab3d7b19736f49a8c360b894f241865bee21086994a191d8
                                                                                                                • Instruction Fuzzy Hash: 7931B0759047596ACB21EB288C8CFEA7BBC5F04324F0485DAEDA9E7142D674CF848F12
                                                                                                                APIs
                                                                                                                  • Part of subcall function 058647F7: ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000104,?,?,?,00000001,?,?,?,?,?,05864FC3,?,00000000,?), ref: 0586482C
                                                                                                                  • Part of subcall function 05862529: CreateDirectoryW.KERNEL32(?,00000000,05862160,?,?,00000103,%s\%s\%s.%s,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},?,?,?,00000103,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723}), ref: 0586252F
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,00000000,?,00000000,?,?,?,?,?,?), ref: 05864FE6
                                                                                                                • SetCurrentDirectoryW.KERNEL32(00000000), ref: 05864FF5
                                                                                                                • DeleteFileA.KERNEL32(00000000), ref: 05865075
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 058650C6
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Directory$Current$AllocateCreateDeleteEnvironmentExpandFileHeapStrings
                                                                                                                • String ID: exe$exe
                                                                                                                • API String ID: 2740683256-1228119078
                                                                                                                • Opcode ID: 55333cad5f36cfae1237b5e9f08bb7ff415af0385ec2f552ad3d9e695840b232
                                                                                                                • Instruction ID: b6aff835f97d974c7ce970cea049e3c1da1ea49af20e41136215d5cfa9fe3dce
                                                                                                                • Opcode Fuzzy Hash: 55333cad5f36cfae1237b5e9f08bb7ff415af0385ec2f552ad3d9e695840b232
                                                                                                                • Instruction Fuzzy Hash: EE41AF31A04309ABDB21AB68DC59BFEBBB5BF01250F944418EC51E7150EF32DE44DB92
                                                                                                                APIs
                                                                                                                • recv.WS2_32(?,?,00000014,00000000), ref: 05834F0F
                                                                                                                Strings
                                                                                                                • rfbProcessUDPInput: key event incorrect length, xrefs: 05834FD6
                                                                                                                • %s: %s, xrefs: 05834F27
                                                                                                                • rfbProcessUDPInput: read, xrefs: 05834F22
                                                                                                                • rfbProcessUDPInput: ptr event incorrect length, xrefs: 05834F75
                                                                                                                • rfbProcessUDPInput: unknown message type %d, xrefs: 05834F56
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: recv
                                                                                                                • String ID: %s: %s$rfbProcessUDPInput: key event incorrect length$rfbProcessUDPInput: ptr event incorrect length$rfbProcessUDPInput: read$rfbProcessUDPInput: unknown message type %d
                                                                                                                • API String ID: 1507349165-4269210480
                                                                                                                • Opcode ID: 2beadb72c98cac647475d453de143522a4dde9f25fb89abcca1f2e5a9b31edd4
                                                                                                                • Instruction ID: 5f09094319987be302f05346f7d248351c06f5da65b45b669aea966e0713c616
                                                                                                                • Opcode Fuzzy Hash: 2beadb72c98cac647475d453de143522a4dde9f25fb89abcca1f2e5a9b31edd4
                                                                                                                • Instruction Fuzzy Hash: D3310A72E550295BEB14967CAC8E9B5FBD8EB89211F1803B6FC0DD3601E9769C60C3E1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 058561AD: SHGetSpecialFolderPathA.SHELL32(00000000,00000000,0000001C,00000000,00000000,00000000,00000000), ref: 05856282
                                                                                                                • DeleteFileA.KERNEL32(00000074,00000000,00000000,?,05857A01,00000001,00000000,00000000,?,?,?,05857B10,00000000,00000000), ref: 058565BE
                                                                                                                • CopyFileA.KERNEL32(?,00000074,00000000), ref: 058565C8
                                                                                                                  • Part of subcall function 0586853F: DeleteFileA.KERNEL32(00000000,00000000,058565E3,00000001,dll,00000001,?,05857A01,00000001,00000000,00000000,?,?,?,05857B10,00000000), ref: 05868566
                                                                                                                • FreeLibrary.KERNEL32(?,00000000,00000000,?,05857A01,00000001,00000000,00000000,?,?,?,05857B10,00000000,00000000), ref: 058566BA
                                                                                                                • DeleteFileA.KERNEL32(00000001,00000000,00000000,?,05857A01,00000001,00000000,00000000,?,?,?,05857B10,00000000,00000000), ref: 058566C8
                                                                                                                • DeleteFileA.KERNEL32(00000074,00000000,00000000,?,05857A01,00000001,00000000,00000000,?,?,?,05857B10,00000000,00000000), ref: 058566D7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: File$Delete$CopyFolderFreeLibraryPathSpecial
                                                                                                                • String ID: dll
                                                                                                                • API String ID: 4288763896-1037284150
                                                                                                                • Opcode ID: fcd501a25d76cdd22b00e878557831e8d753057368500360a77ff6fb07b84d46
                                                                                                                • Instruction ID: 862b9904e3e57c72431eb8b62856decb1f23e5d2e25b50295edb901288aa95dd
                                                                                                                • Opcode Fuzzy Hash: fcd501a25d76cdd22b00e878557831e8d753057368500360a77ff6fb07b84d46
                                                                                                                • Instruction Fuzzy Hash: B1517371C0828DEEDF01DFE5D888BDEBFB5AF11318F0440A9E940B6252D7764A48CB65
                                                                                                                APIs
                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 05836136
                                                                                                                • recvfrom.WS2_32(?,?,00000001,00000002,05831709,00000010), ref: 0583617C
                                                                                                                • __WSAFDIsSet.WS2_32(?,00000000), ref: 05836338
                                                                                                                • __WSAFDIsSet.WS2_32(?,?), ref: 0583634C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: recvfrom
                                                                                                                • String ID: %s: %s$rfbCheckFds: UDP: recvfrom
                                                                                                                • API String ID: 846543921-1677425314
                                                                                                                • Opcode ID: e8552de36e7541e6bd677e3ecb3e255ebfe6218628398ac331d53c57ae501c5e
                                                                                                                • Instruction ID: 9b096b2db803f4487957a19b0550526f6acbc52a08bff50a5e2a428d8729b3d3
                                                                                                                • Opcode Fuzzy Hash: e8552de36e7541e6bd677e3ecb3e255ebfe6218628398ac331d53c57ae501c5e
                                                                                                                • Instruction Fuzzy Hash: D441BE70A09305ABDB10DF6EC88ABA973A5BF44714F144569EC0ADB281FB30ED44CBD2
                                                                                                                APIs
                                                                                                                • strlen.NTDLL ref: 0585954B
                                                                                                                • strlen.NTDLL ref: 05859560
                                                                                                                • lstrcatA.KERNEL32(?,?,?,?,771A8A60,00000104,00000000), ref: 058595F1
                                                                                                                • memset.NTDLL ref: 05859602
                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,05859D0F,?,?,?,?,?,771A8A60), ref: 0585963B
                                                                                                                • CloseHandle.KERNEL32(05859D0F,?,00000000,?,?,?,?,?,771A8A60,00000104,00000000), ref: 05859657
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,771A8A60,00000104,00000000), ref: 0585965C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandlestrlen$CreateProcesslstrcatmemset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2874605536-0
                                                                                                                • Opcode ID: 0caf548cce145142c5b44d14a8eb4f409c0606579fc618b0994fba913c6a3f20
                                                                                                                • Instruction ID: 0966e3f46b386b1a9a983b330e0460d01fbb070f26a2b934c30ec03090e03316
                                                                                                                • Opcode Fuzzy Hash: 0caf548cce145142c5b44d14a8eb4f409c0606579fc618b0994fba913c6a3f20
                                                                                                                • Instruction Fuzzy Hash: 17416661D082CCEDEF01D7E8D84CBDEBFB9AF15258F080058E94477152C6BA5A18C7B6
                                                                                                                APIs
                                                                                                                  • Part of subcall function 058647F7: ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000104,?,?,?,00000001,?,?,?,?,?,05864FC3,?,00000000,?), ref: 0586482C
                                                                                                                  • Part of subcall function 05862529: CreateDirectoryW.KERNEL32(?,00000000,05862160,?,?,00000103,%s\%s\%s.%s,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},?,?,?,00000103,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723}), ref: 0586252F
                                                                                                                  • Part of subcall function 05863DB4: RtlAllocateHeap.NTDLL(00000008,?,0586418D,00000000,?,?,?,?,00000000), ref: 05863DC0
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,00000000,?,05857DBC,00000000,00000000,?,?), ref: 0586531D
                                                                                                                • SetCurrentDirectoryW.KERNEL32(00000000,00000001), ref: 05865333
                                                                                                                • DeleteFileA.KERNEL32(00000000), ref: 0586539C
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 058653EB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Directory$Current$AllocateCreateDeleteEnvironmentExpandFileHeapStrings
                                                                                                                • String ID: exe$exe
                                                                                                                • API String ID: 2740683256-1228119078
                                                                                                                • Opcode ID: a0169ddecaad1b41daefdcc6147440898974f127fa5953a4f417587d6854d3bd
                                                                                                                • Instruction ID: c47917ebe40c0299fd12fb807924607136ea594599b4be0193050901804eb1d5
                                                                                                                • Opcode Fuzzy Hash: a0169ddecaad1b41daefdcc6147440898974f127fa5953a4f417587d6854d3bd
                                                                                                                • Instruction Fuzzy Hash: DC31A071A00309FBDF00ABA4E94ABADBBB5FF01615F604059EC41E6190EFB59E50DA12
                                                                                                                APIs
                                                                                                                • recv.WS2_32(?,00000000,00000000,00000000), ref: 05836887
                                                                                                                • WSAGetLastError.WS2_32 ref: 058368A1
                                                                                                                • select.WS2_32(?,?,00000000,?,00000000), ref: 0583690C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastrecvselect
                                                                                                                • String ID: %s: %s$ReadExact: select$ReadExact: select timeout
                                                                                                                • API String ID: 2792163092-4035862068
                                                                                                                • Opcode ID: dc9e1d33a3be2280bb217b554f1582454a12bfdf2559dbebb204474eea8a9e06
                                                                                                                • Instruction ID: 8d45dfeafbecdfc71681020acb17dcf75e557f6d20d512772981c1f0c0b67e18
                                                                                                                • Opcode Fuzzy Hash: dc9e1d33a3be2280bb217b554f1582454a12bfdf2559dbebb204474eea8a9e06
                                                                                                                • Instruction Fuzzy Hash: 7B31C932A00109ABD7148F5EE84B6A9FBA4E788721F148166FD1DCA280F671ED408BE1
                                                                                                                APIs
                                                                                                                • _stricmp.NTDLL(HTTP/1.0,00000000,?,?,00000000,00000000,?,?,?,?,05843332,?,00000000), ref: 0584810F
                                                                                                                • _stricmp.NTDLL(HTTP/1.1,00000000,?,?,?,00000000,00000000,?,?,?,?,05843332,?,00000000), ref: 05848129
                                                                                                                • _strnicmp.NTDLL(00000000,GET,00000003,?,?,00000000,?,?,?,00000000,00000000,?,?,?,?,05843332), ref: 05848192
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: _stricmp$_strnicmp
                                                                                                                • String ID: GET$HTTP/1.0$HTTP/1.1
                                                                                                                • API String ID: 1931492451-3659896442
                                                                                                                • Opcode ID: 2829ea555028898aaae61cca0abc191002043a24ec00ec7a04df348af2907f8f
                                                                                                                • Instruction ID: 5987da0ac410bb28a436225731055553a18291217fe31a3fddbe135a263129a3
                                                                                                                • Opcode Fuzzy Hash: 2829ea555028898aaae61cca0abc191002043a24ec00ec7a04df348af2907f8f
                                                                                                                • Instruction Fuzzy Hash: BE314375A103085BCB04EBA8CD959FEB3B9FF58205F400459DD16E3350EB74AE14CEA2
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$htonsstrcpystrlen
                                                                                                                • String ID: 0.0.0.0
                                                                                                                • API String ID: 1850101993-3771769585
                                                                                                                • Opcode ID: e0cb8ffc8f63d38ea09ac2233796f564efe7c87694c7be84aa74695cec604241
                                                                                                                • Instruction ID: 1571734fab402f065e6c7cc407a64236477e5081d49423985ee221f7d5d8e7d1
                                                                                                                • Opcode Fuzzy Hash: e0cb8ffc8f63d38ea09ac2233796f564efe7c87694c7be84aa74695cec604241
                                                                                                                • Instruction Fuzzy Hash: 7521C075901248BFCB00DB55C884EEABBF8EF49214F14C08AED89DB241D671EE46CBA1
                                                                                                                APIs
                                                                                                                • htons.WS2_32(058680E7), ref: 05836B31
                                                                                                                • inet_addr.WS2_32(05857FB3), ref: 05836B3C
                                                                                                                • htonl.WS2_32(000000FF), ref: 05836B47
                                                                                                                • gethostbyname.WS2_32(05857FB3), ref: 05836B53
                                                                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 05836B7F
                                                                                                                • connect.WS2_32(00000000,?,00000010), ref: 05836B92
                                                                                                                • closesocket.WS2_32(00000000), ref: 05836B9D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: closesocketconnectgethostbynamehtonlhtonsinet_addrsocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 298246419-0
                                                                                                                • Opcode ID: 692563670b6dfff200b8b908727f5c88f6fb81c8f67aaf35206b1a4bd03cd6c4
                                                                                                                • Instruction ID: b4eae68a5459fac27846e92f4e81a499d8a18805327d86c44b33fd6151ce936b
                                                                                                                • Opcode Fuzzy Hash: 692563670b6dfff200b8b908727f5c88f6fb81c8f67aaf35206b1a4bd03cd6c4
                                                                                                                • Instruction Fuzzy Hash: A3112731E11618ABDB10DFAD980AA9D7BF8FF05721F004659FC18D7280F77599008B95
                                                                                                                APIs
                                                                                                                • GetWindowTextA.USER32(?,?,00000020), ref: 05867AE8
                                                                                                                • strcmp.NTDLL ref: 05867AFA
                                                                                                                • PostMessageW.USER32(CorpVPN,00000100,0000000D,00000000), ref: 05867B17
                                                                                                                • PostMessageW.USER32(00000043,00000101,0000000D,00000000), ref: 05867B25
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: MessagePost$TextWindowstrcmp
                                                                                                                • String ID: CorpVPN$CorpVPN
                                                                                                                • API String ID: 3277478563-1292887688
                                                                                                                • Opcode ID: f58c1cf35d76efae520556ad0c74f0f46d9228b8c2d79aca78dfe9d4c051c15c
                                                                                                                • Instruction ID: b32a4efa6ddace3ea68a5a626db09fd7b769903f92e54d2bc811b8e406862abf
                                                                                                                • Opcode Fuzzy Hash: f58c1cf35d76efae520556ad0c74f0f46d9228b8c2d79aca78dfe9d4c051c15c
                                                                                                                • Instruction Fuzzy Hash: E9018431948388BEEB01D6A8DC09FCE7FA99B15354F048095E944EA181D6F59A8487E1
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNEL32(ntdll.dll,05800000,00000000,?,05846A70,00000000), ref: 058467CD
                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 058467E1
                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlSetLastWin32Error), ref: 058467EE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                • String ID: RtlNtStatusToDosError$RtlSetLastWin32Error$ntdll.dll
                                                                                                                • API String ID: 667068680-2897241497
                                                                                                                • Opcode ID: fee629981c3f750ff1dca4c023f963cdaed3692b3c60caa9ae474838dba06870
                                                                                                                • Instruction ID: 947f34c544a64fe6c5820cd46e9386ae533993c30d791ffbd045a62bbac8c934
                                                                                                                • Opcode Fuzzy Hash: fee629981c3f750ff1dca4c023f963cdaed3692b3c60caa9ae474838dba06870
                                                                                                                • Instruction Fuzzy Hash: F0F0BD35631209DB9B14AAE7E95FDAA7FDCEE8A6517044019FC05D3200EB74BC40EF61
                                                                                                                APIs
                                                                                                                • __WSAFDIsSet.WS2_32(?,058C1C08), ref: 0585314E
                                                                                                                • __WSAFDIsSet.WS2_32(?,05851B67), ref: 05853192
                                                                                                                • __WSAFDIsSet.WS2_32(?,05851B67), ref: 058531ED
                                                                                                                • __WSAFDIsSet.WS2_32(?,058C1C08), ref: 05853213
                                                                                                                • __WSAFDIsSet.WS2_32(?,05851B67), ref: 05853252
                                                                                                                  • Part of subcall function 05851D1C: send.WS2_32(05851B67,?,?,00000000), ref: 05851D3B
                                                                                                                • __WSAFDIsSet.WS2_32(?,058C1C08), ref: 05853290
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: send
                                                                                                                • String ID:
                                                                                                                • API String ID: 2809346765-0
                                                                                                                • Opcode ID: 1edba229e162d83cae9e63b0720c0a85af17b2a3fd4039cc33d0f611621d41e4
                                                                                                                • Instruction ID: 1e71cf08c9e55976558478a5f33f38d6732f58efba0256cfc0894379963afde1
                                                                                                                • Opcode Fuzzy Hash: 1edba229e162d83cae9e63b0720c0a85af17b2a3fd4039cc33d0f611621d41e4
                                                                                                                • Instruction Fuzzy Hash: 41415172604B05BBDB21AEA8CC84EE773EDBF043A5F540919FD56D2150EB30E9498B61
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(053E4640), ref: 058446A4
                                                                                                                • htons.WS2_32(?), ref: 058446B6
                                                                                                                  • Part of subcall function 05845150: EnterCriticalSection.KERNEL32(053E4660,?,00000000,?,058446D2,?), ref: 05845160
                                                                                                                  • Part of subcall function 05845150: LeaveCriticalSection.KERNEL32(053E4660,?,00000000,?,058446D2,?), ref: 05845182
                                                                                                                • LeaveCriticalSection.KERNEL32(053E4640,?), ref: 05844736
                                                                                                                • htons.WS2_32(?), ref: 05844748
                                                                                                                • shutdown.WS2_32(00000000,00000002), ref: 05844772
                                                                                                                • closesocket.WS2_32(00000000), ref: 05844779
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeavehtons$closesocketshutdown
                                                                                                                • String ID:
                                                                                                                • API String ID: 414431970-0
                                                                                                                • Opcode ID: c69e7dbe3cedb56e11606ec2de7ff6c852689577cc8cdb09391de8aeec074d34
                                                                                                                • Instruction ID: c1a8f71e0e2293295416b2954cddea2bef50a6ab306ab62607ded50d6c1160bb
                                                                                                                • Opcode Fuzzy Hash: c69e7dbe3cedb56e11606ec2de7ff6c852689577cc8cdb09391de8aeec074d34
                                                                                                                • Instruction Fuzzy Hash: D0318075A112099FCB04DF99D889D6AFBB5FF49210B15C159EC069B321DB30ED41CF91
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: strncmp
                                                                                                                • String ID: false$null$true
                                                                                                                • API String ID: 1114863663-2913297407
                                                                                                                • Opcode ID: a5c9a5561e29e895cc64ef619906802d0def895d8d425b538a6cc277df0be9b6
                                                                                                                • Instruction ID: edd1e410a0b7658f4f016c6d3c0bd4c775c4cf5ff68609e6de5fdbac3a5d8cc0
                                                                                                                • Opcode Fuzzy Hash: a5c9a5561e29e895cc64ef619906802d0def895d8d425b538a6cc277df0be9b6
                                                                                                                • Instruction Fuzzy Hash: E511E96174C30AA6DA309A58CC4AF3E77D6FB56974F240426FD07E5140E6E4CD819FA3
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,00000000,?,00000000,00000001,?,?,?,05857B10,00000000,00000000,00000000,00000000,?,05857D86), ref: 058579AF
                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,05857B10,00000000,00000000,00000000,00000000,?,05857D86), ref: 058579BC
                                                                                                                • CreateFileA.KERNEL32(0000006C,40000000,00000002,00000000,00000004,00000000,00000000,?,?,?,05857B10,00000000,00000000,00000000,00000000,?), ref: 058579D6
                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,?,?,05857B10,00000000,00000000,00000000,00000000,?,05857D86), ref: 058579EC
                                                                                                                  • Part of subcall function 05856581: DeleteFileA.KERNEL32(00000074,00000000,00000000,?,05857A01,00000001,00000000,00000000,?,?,?,05857B10,00000000,00000000), ref: 058565BE
                                                                                                                  • Part of subcall function 05856581: CopyFileA.KERNEL32(?,00000074,00000000), ref: 058565C8
                                                                                                                  • Part of subcall function 05856FAE: SetCurrentDirectoryA.KERNEL32(00000000,00000000,00000000,00000000), ref: 05857046
                                                                                                                  • Part of subcall function 05856FAE: FreeLibrary.KERNEL32(00000000,00000000,00000000,00000000), ref: 0585705D
                                                                                                                • SetCurrentDirectoryW.KERNEL32(00000000,?,?,?,05857B10,00000000,00000000,00000000,00000000,?,05857D86), ref: 05857A0E
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,05857B10,00000000,00000000,00000000,00000000,?,05857D86), ref: 05857A29
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CurrentDirectoryFile$Heap$AllocateCloseCopyCreateDeleteFreeHandleLibraryPointerProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 2180046782-0
                                                                                                                • Opcode ID: e81adf46285f4529b4b4f75402f0c33bee7de5d7b410a094201a640a738c1e0b
                                                                                                                • Instruction ID: 73558ccd48aca748a6c5985e0dee3e05bb54ec93b36d7cd9986fa64ba4c52320
                                                                                                                • Opcode Fuzzy Hash: e81adf46285f4529b4b4f75402f0c33bee7de5d7b410a094201a640a738c1e0b
                                                                                                                • Instruction Fuzzy Hash: A611E771604258BEEF126B699C8DEAF3F6CEB017F8F008164FD11E2081EB718E0086B1
                                                                                                                APIs
                                                                                                                • GetCursorInfo.USER32(00000000,00000000), ref: 05861C49
                                                                                                                • GetIconInfo.USER32(?,00000000), ref: 05861C5E
                                                                                                                • GetObjectW.GDI32(?,00000018,00000000), ref: 05861C94
                                                                                                                • DrawIconEx.USER32(05861998,?,?,?,?,00000000,00000000,00000003), ref: 05861CB1
                                                                                                                • DeleteObject.GDI32(?), ref: 05861CC0
                                                                                                                • DeleteObject.GDI32(058588FE), ref: 05861CC5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Object$DeleteIconInfo$CursorDraw
                                                                                                                • String ID:
                                                                                                                • API String ID: 3994200480-0
                                                                                                                • Opcode ID: f3ed04cac32fdfed09ba6d171e54b62db02654588780c4cc10e13da3cf355fc8
                                                                                                                • Instruction ID: 1d5aed9c6e108a89927166060821feb0503dae3de29416814d09e510dc79893f
                                                                                                                • Opcode Fuzzy Hash: f3ed04cac32fdfed09ba6d171e54b62db02654588780c4cc10e13da3cf355fc8
                                                                                                                • Instruction Fuzzy Hash: 2121B93291061CBFEB419BE8DC49BEEBFB9FB08315F100021E611B6160DB716E09DBA1
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,00000000), ref: 0583E8BB
                                                                                                                • GetCurrentProcess.KERNEL32 ref: 0583E8BF
                                                                                                                • ReadProcessMemory.KERNEL32(00000000,10000000,?,00000014,?), ref: 0583E8E2
                                                                                                                • ReadProcessMemory.KERNEL32(00000000,?,?,000000E0,00000014), ref: 0583E906
                                                                                                                • VirtualFreeEx.KERNEL32(00000000,10000000,?,00004000), ref: 0583E921
                                                                                                                • VirtualFreeEx.KERNEL32(00000000,10000000,00000000,00008000), ref: 0583E930
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Process$CurrentFreeMemoryReadVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 3406743107-0
                                                                                                                • Opcode ID: 57be886d62cb7c7d0239cac4de07015306677b1b89fe80e6a491e7869518bd19
                                                                                                                • Instruction ID: f760717f598f3063c2ebeb576a18ffeec3583536407686a1285dbc86d689435f
                                                                                                                • Opcode Fuzzy Hash: 57be886d62cb7c7d0239cac4de07015306677b1b89fe80e6a491e7869518bd19
                                                                                                                • Instruction Fuzzy Hash: A211B631224305AFE720C699DC86FBB77ACEB89660F044519FE59C7180EB74EC04CBA5
                                                                                                                APIs
                                                                                                                  • Part of subcall function 058549D3: strlen.NTDLL ref: 058549DF
                                                                                                                • memcpy.NTDLL(XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX,?,00000020,?), ref: 0585BF1D
                                                                                                                • strlen.NTDLL ref: 0585BF36
                                                                                                                • strcpy.NTDLL ref: 0585BF4D
                                                                                                                  • Part of subcall function 05865649: GetProcessHeap.KERNEL32(00000000,00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865651
                                                                                                                  • Part of subcall function 05865649: RtlFreeHeap.NTDLL(00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865658
                                                                                                                  • Part of subcall function 0585BEB6: CreateThread.KERNELBASE(00000000,00000000,0585BE9A,00000000,00000000,00000000), ref: 0585BEC3
                                                                                                                  • Part of subcall function 0585BEB6: CloseHandle.KERNELBASE(00000000,0585C019), ref: 0585BED9
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}, xrefs: 0585BF52
                                                                                                                • XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, xrefs: 0585BF18
                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg, xrefs: 0585BF5E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heapstrlen$CloseCreateFreeHandleProcessThreadmemcpystrcpy
                                                                                                                • String ID: C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}$C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
                                                                                                                • API String ID: 1698195926-1019064042
                                                                                                                • Opcode ID: 1921bc94fe0b4acc5b630ecc9af88661751e6c2c15d5d51a2b8d45a4bedc4af4
                                                                                                                • Instruction ID: 740b00dadc9f3eebd4906afd1070974218c42c9cbfa17fa4edc21760749d76bf
                                                                                                                • Opcode Fuzzy Hash: 1921bc94fe0b4acc5b630ecc9af88661751e6c2c15d5d51a2b8d45a4bedc4af4
                                                                                                                • Instruction Fuzzy Hash: 28018435A113007AE720B7699C4EF9B3AB8AB90651F004458FD06E6180EE74AD05CBB3
                                                                                                                APIs
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 0586558F
                                                                                                                • Process32First.KERNEL32(00000000,00000128), ref: 058655A2
                                                                                                                • Process32Next.KERNEL32(00000000,00000128), ref: 058655BC
                                                                                                                • strlen.NTDLL ref: 058655CF
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • memcpy.NTDLL(00000000,?,00000001,?,00000002,00000000,?,00000000), ref: 058655EE
                                                                                                                • CloseHandle.KERNEL32(00000000,00000002,00000000,?,00000000), ref: 058655F8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: HeapProcess32$AllocateCloseCreateFirstHandleNextProcessSnapshotToolhelp32memcpystrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 153146163-0
                                                                                                                • Opcode ID: 34877013676e283703bd8e1a2a4c0377f4e5ccfcc9472b6bf529adacf02d6cbf
                                                                                                                • Instruction ID: 48343d2a3b4206d8aad70f155ebd8ff8165db2597a37b816a9f77f68619e04ab
                                                                                                                • Opcode Fuzzy Hash: 34877013676e283703bd8e1a2a4c0377f4e5ccfcc9472b6bf529adacf02d6cbf
                                                                                                                • Instruction Fuzzy Hash: 9101DB72A003186BD720A6699C8DEEF37BEEFC4350F400155FD4AD6140EE74DD958E62
                                                                                                                APIs
                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 05859296
                                                                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 058592AB
                                                                                                                • gethostbyname.WS2_32(058ED758), ref: 058592BD
                                                                                                                • memcpy.NTDLL(0585A70A,?,?), ref: 058592D1
                                                                                                                • htons.WS2_32(00000002), ref: 058592E8
                                                                                                                • connect.WS2_32(00000000,?,00000010), ref: 058592F9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Startupconnectgethostbynamehtonsmemcpysocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 3789965056-0
                                                                                                                • Opcode ID: 1272e61262eca04124d6a7ee42378e01237f7e9fce4186b70715495ed6ebb888
                                                                                                                • Instruction ID: aa384da183dd01fd10b350d4f0555f2cf8e94bce42af166b41ca1a1ee4fb7502
                                                                                                                • Opcode Fuzzy Hash: 1272e61262eca04124d6a7ee42378e01237f7e9fce4186b70715495ed6ebb888
                                                                                                                • Instruction Fuzzy Hash: B7019E31620218AAEB109BA5AC0EFBA7BACEF04B25F040455FE16D61C0F7B0D904C762
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(058F1794,?,0583F92F), ref: 058433D5
                                                                                                                • LeaveCriticalSection.KERNEL32(058F1794,?,0583F92F), ref: 058433F5
                                                                                                                • DeleteCriticalSection.KERNEL32(058F1794), ref: 05843400
                                                                                                                • InitializeCriticalSection.KERNEL32(058F1794,?,0583F92F), ref: 0584341B
                                                                                                                • EnterCriticalSection.KERNEL32(058F1794), ref: 05843426
                                                                                                                • LeaveCriticalSection.KERNEL32(058F1794,?,0583F92F), ref: 05843450
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeave$DeleteInitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 3377349702-0
                                                                                                                • Opcode ID: b3fdb9bc3cfa1da18bba2ec118234d8d64445e2b5421f344a4aa00ef533ff380
                                                                                                                • Instruction ID: 33adc13b1048ea82ad65d7f36713ab89b6e5d36acd310957bf2f58917400da2b
                                                                                                                • Opcode Fuzzy Hash: b3fdb9bc3cfa1da18bba2ec118234d8d64445e2b5421f344a4aa00ef533ff380
                                                                                                                • Instruction Fuzzy Hash: 1D014C34620255DB8B529B16FA0FDE83FE4AB6C6627040009BD0AD2244EF75E880CFA0
                                                                                                                APIs
                                                                                                                • TerminateThread.KERNEL32(00000000,00000000,00000001,00000000,00000000,0585AF80,?,?,05857FA4,0585803F,00000001,?,0585803B,?,?,05863418), ref: 0585AE7E
                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00000FA0,00000001,00000000,00000000,0585AF80,?,?,05857FA4,0585803F,00000001,?,0585803B,?,?,05863418), ref: 0585AE8F
                                                                                                                • TerminateThread.KERNEL32(00000000,?,?,05857FA4,0585803F,00000001,?,0585803B,?,?,05863418,00000000,00000000,?,00000001), ref: 0585AE9C
                                                                                                                • TerminateThread.KERNEL32(00000000,00000000,00000001,00000000,00000000,0585AF80,?,?,05857FA4,0585803F,00000001,?,0585803B,?,?,05863418), ref: 0585AEB5
                                                                                                                • CloseHandle.KERNEL32(?,?,05857FA4,0585803F,00000001,?,0585803B,?,?,05863418,00000000,00000000,?,00000001), ref: 0585AEBD
                                                                                                                • CloseHandle.KERNEL32(00000000,00000001,00000000,00000000,0585AF80,?,?,05857FA4,0585803F,00000001,?,0585803B,?,?,05863418,00000000), ref: 0585AECF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: TerminateThread$CloseHandle$ObjectSingleWait
                                                                                                                • String ID:
                                                                                                                • API String ID: 4049502481-0
                                                                                                                • Opcode ID: 4a682787f4706a18a6076059025f4210125b77df56c71cbe1259ff1f734e57da
                                                                                                                • Instruction ID: b38fb987924f6f94c9085cffc84f673c63dea5c015359d20ba17c742056f6592
                                                                                                                • Opcode Fuzzy Hash: 4a682787f4706a18a6076059025f4210125b77df56c71cbe1259ff1f734e57da
                                                                                                                • Instruction Fuzzy Hash: A7F0FBB69235185F9700BFA9ACCA826BFFDBB48655344453EFD06DB110CA71BC089B50
                                                                                                                APIs
                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 058618AF
                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 058618B8
                                                                                                                • GetDeviceCaps.GDI32(0000000C), ref: 058618DA
                                                                                                                • GetDeviceCaps.GDI32(00000018), ref: 058618E9
                                                                                                                • GetDeviceCaps.GDI32(00000026), ref: 058618F8
                                                                                                                • GetDeviceCaps.GDI32(00000068), ref: 05861910
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CapsDevice$MetricsSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 1293321917-0
                                                                                                                • Opcode ID: f3a1645b0ae8890e1743725a4a3619c304bf6f82f015c380607fe7cbef129c36
                                                                                                                • Instruction ID: 3d5f2b29d0aec6b36bed6b25221b03d15ed336e3bd2e6a034896f706cc590413
                                                                                                                • Opcode Fuzzy Hash: f3a1645b0ae8890e1743725a4a3619c304bf6f82f015c380607fe7cbef129c36
                                                                                                                • Instruction Fuzzy Hash: 6E01A23097A3989FE7239B70BD0B7523FB5B714354F04001ABE08AE292CFA2B408DB51
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05859343: recv.WS2_32(?,00000000,0585A751,00000000), ref: 0585935F
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0585A496
                                                                                                                • memset.NTDLL ref: 0585A4CA
                                                                                                                • Sleep.KERNEL32(000007D0), ref: 0585A509
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateEnvironmentExpandProcessSleepStringsmemsetrecv
                                                                                                                • String ID: "%hs" %hs %d "%hs"$"%s" %s %d "%s"
                                                                                                                • API String ID: 2833139233-2463160068
                                                                                                                • Opcode ID: b70bc17b17df76f9095e47198635483d3dc7360ed802bd4c21a7922adb295d74
                                                                                                                • Instruction ID: 45748b307bfd0988eab00dfa4f793674f0d8341636d891c51c950c10b919cd1f
                                                                                                                • Opcode Fuzzy Hash: b70bc17b17df76f9095e47198635483d3dc7360ed802bd4c21a7922adb295d74
                                                                                                                • Instruction Fuzzy Hash: EF517D75E40308BADF00ABE4DC49EEEBB75EF04611F104416FE10FA1A0E6328E54DB96
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05859281: WSAStartup.WS2_32(00000202,?), ref: 05859296
                                                                                                                • SetThreadDesktop.USER32 ref: 058593A6
                                                                                                                • closesocket.WS2_32(00000000), ref: 05859532
                                                                                                                  • Part of subcall function 0585930C: send.WS2_32(?,0000000A,?,00000000), ref: 05859328
                                                                                                                  • Part of subcall function 05859343: recv.WS2_32(?,00000000,0585A751,00000000), ref: 0585935F
                                                                                                                  • Part of subcall function 05858FED: GetDesktopWindow.USER32 ref: 05858FF6
                                                                                                                  • Part of subcall function 05858FED: GetWindowRect.USER32(00000000,?), ref: 05859001
                                                                                                                  • Part of subcall function 05858FED: GetDC.USER32(00000000), ref: 05859009
                                                                                                                  • Part of subcall function 05858FED: CreateCompatibleDC.GDI32(00000000), ref: 05859019
                                                                                                                  • Part of subcall function 05858FED: CreateCompatibleBitmap.GDI32(?,?,?), ref: 0585902C
                                                                                                                  • Part of subcall function 05858FED: SelectObject.GDI32(00000000,00000000), ref: 05859033
                                                                                                                  • Part of subcall function 05858FED: CreateCompatibleBitmap.GDI32(?,?,?), ref: 0585907E
                                                                                                                  • Part of subcall function 05858FED: CreateCompatibleDC.GDI32(?), ref: 05859086
                                                                                                                  • Part of subcall function 05858FED: SelectObject.GDI32(00000000,?), ref: 0585908E
                                                                                                                  • Part of subcall function 05858FED: SetStretchBltMode.GDI32(00000000,00000004), ref: 05859097
                                                                                                                  • Part of subcall function 05858FED: StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 058590B6
                                                                                                                  • Part of subcall function 05858FED: DeleteObject.GDI32(?), ref: 058590BF
                                                                                                                  • Part of subcall function 05858FED: DeleteDC.GDI32(00000000), ref: 058590C6
                                                                                                                • GetDesktopWindow.USER32 ref: 05859486
                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 05859491
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CompatibleCreateWindow$DesktopObject$BitmapDeleteRectSelectStretch$ModeStartupThreadclosesocketrecvsend
                                                                                                                • String ID: MAKEITSAD
                                                                                                                • API String ID: 1254182247-3537846584
                                                                                                                • Opcode ID: 61d636b4284723c4c3d5c5aac44c22939a440ba78eb8265cbe4d4248ab7c9524
                                                                                                                • Instruction ID: 949746f0af3eafa6bba76c0b5ad64a18152b05974316836db784013860adc635
                                                                                                                • Opcode Fuzzy Hash: 61d636b4284723c4c3d5c5aac44c22939a440ba78eb8265cbe4d4248ab7c9524
                                                                                                                • Instruction Fuzzy Hash: 7341B372509704FADE15B7A4AD0AFEE3B69EF09630F140045FE01EA0D2DF269B19CA56
                                                                                                                APIs
                                                                                                                • GetCurrentProcessId.KERNEL32(00000000), ref: 0583EBAD
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,00000000,00000001,?), ref: 0583ECFD
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0583ED04
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                • String ID: RtlComputeCrc32$ntdll.dll
                                                                                                                • API String ID: 4190356694-1139399520
                                                                                                                • Opcode ID: 341527c5fb2b2bbba951264a56f002653fccd894e9bb681516f05423ec06bb32
                                                                                                                • Instruction ID: c2a90008ed9fcfe4a4f46da7a340ebf0748ee9f2c7193e0f7d5f788eeefd8c18
                                                                                                                • Opcode Fuzzy Hash: 341527c5fb2b2bbba951264a56f002653fccd894e9bb681516f05423ec06bb32
                                                                                                                • Instruction Fuzzy Hash: B5419E759252448FE714CF28E4CB7A57FA9B799304F14419AFC8887352EB71784ACF90
                                                                                                                APIs
                                                                                                                • _stricmp.NTDLL(HTTP/1.0,00000000,-00000008,?,?,00000000), ref: 05847FB7
                                                                                                                • _stricmp.NTDLL(HTTP/1.1,00000000,?,-00000008,?,?,00000000), ref: 05847FD1
                                                                                                                • atoi.NTDLL ref: 05848006
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: _stricmp$atoi
                                                                                                                • String ID: HTTP/1.0$HTTP/1.1
                                                                                                                • API String ID: 3016901871-813083674
                                                                                                                • Opcode ID: 1296dd4f46871b77ac7a5da5a568634f9c65ccc591f194eefabb21e85eb80e2d
                                                                                                                • Instruction ID: f34e87abee33b9c4aa91ce7b66000c5564202ad2aa7c5a645bcc7cc6fc7e1ca6
                                                                                                                • Opcode Fuzzy Hash: 1296dd4f46871b77ac7a5da5a568634f9c65ccc591f194eefabb21e85eb80e2d
                                                                                                                • Instruction Fuzzy Hash: 3E415D71A002199BCB14EBA8C9599FEB3B9FF94204F440059DD16E7350DB74AE49CF92
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,00001000,00000040,?,F0U5R4R6Q8H1P3E5,?,00000001,0585AFEE,00000000,00000000,?,00000000), ref: 058642DB
                                                                                                                • VirtualAllocEx.KERNEL32(00000000,?,00000001,0585AFEE,00000000,00000000,?,00000000,?,?,?,?,?,?,0585B045,?), ref: 058642E2
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00008000,00000000,?,00000000,?,?,?,?,?,?,0585B045,?,00000000,05857EA4), ref: 05864363
                                                                                                                • VirtualFreeEx.KERNEL32(00000000,?,?,?,?,?,?,0585B045,?,00000000,05857EA4,00000000), ref: 0586436A
                                                                                                                  • Part of subcall function 058640A4: memset.NTDLL ref: 058640DD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CurrentProcessVirtual$AllocFreememset
                                                                                                                • String ID: F0U5R4R6Q8H1P3E5
                                                                                                                • API String ID: 1190633705-132364068
                                                                                                                • Opcode ID: e65961b7327a2e413bfda8532b95de2e242ffe5e710e506264f4c4a20f1053cd
                                                                                                                • Instruction ID: a41e2abcc1cf3f4cab4858c6fd58b1ccdc13abca81bac2b1e15db81d32d70e12
                                                                                                                • Opcode Fuzzy Hash: e65961b7327a2e413bfda8532b95de2e242ffe5e710e506264f4c4a20f1053cd
                                                                                                                • Instruction Fuzzy Hash: 4221F372601B12A7CB211B699EC4F6FB7A8BF44705F250020FF41E7150EB60EC0087A9
                                                                                                                APIs
                                                                                                                  • Part of subcall function 058581EA: SHGetFolderPathAndSubDirW.SHELL32(00000000,00000021,00000000,00000000,Low,?), ref: 05858206
                                                                                                                  • Part of subcall function 058583AD: SHGetFolderPathAndSubDirW.SHELL32(00000000,0000001C,00000000,00000000,Packages,?), ref: 058583C9
                                                                                                                  • Part of subcall function 05858412: SHGetFolderPathAndSubDirW.SHELL32(00000000,0000001A,00000000,00000000,Mozilla\Firefox\,?,00000001), ref: 05858431
                                                                                                                  • Part of subcall function 05858412: GetPrivateProfileIntW.KERNEL32(General,StartWithLastProfile,00000000,?), ref: 05858478
                                                                                                                  • Part of subcall function 05858412: GetPrivateProfileIntW.KERNEL32(?,IsRelative,00000001,?), ref: 058584AC
                                                                                                                  • Part of subcall function 05858412: GetPrivateProfileStringW.KERNEL32(?,Path,00000000,?,00000104,?), ref: 058584CE
                                                                                                                • SHGetFolderPathAndSubDirW.SHELL32(00000000,?,00000000,00000000,?,?,?,00000001), ref: 05858579
                                                                                                                  • Part of subcall function 05858093: FindFirstFileW.KERNEL32(?,?,?,?,05858221), ref: 058580C4
                                                                                                                  • Part of subcall function 05858093: lstrcmpW.KERNEL32(?,058778F8,?,00000001), ref: 058580EA
                                                                                                                  • Part of subcall function 05858093: lstrcmpW.KERNEL32(?,058778FC), ref: 05858100
                                                                                                                  • Part of subcall function 05858093: DeleteFileW.KERNEL32(?,?,?,?), ref: 0585816B
                                                                                                                  • Part of subcall function 05858093: GetLastError.KERNEL32 ref: 05858175
                                                                                                                  • Part of subcall function 05858093: memcpy.NTDLL(00000000,?,00000208), ref: 0585819E
                                                                                                                  • Part of subcall function 05858093: CreateThread.KERNEL32(00000000,00000000,05858056,00000000,00000000,00000000), ref: 058581B4
                                                                                                                  • Part of subcall function 05858093: CloseHandle.KERNEL32(00000000), ref: 058581BF
                                                                                                                  • Part of subcall function 05858093: FindNextFileW.KERNEL32(0587790C,?), ref: 058581CF
                                                                                                                  • Part of subcall function 05858093: FindClose.KERNEL32(0587790C), ref: 058581E0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath$FileFindPrivateProfile$Closelstrcmp$CreateDeleteErrorFirstHandleLastNextStringThreadmemcpy
                                                                                                                • String ID: Cookies$Cookies-journal$\Google\Chrome\User Data\Default\$\Google\Chrome\User Data\Default\
                                                                                                                • API String ID: 2399662836-1780317571
                                                                                                                • Opcode ID: 8a5f17f97b46ee0c117c511b60e1b9ed27c4cae3393dbab8241c682be27f112b
                                                                                                                • Instruction ID: 01b28a8d455326e3f39894d350be9c46a40ec9da9c4a41422559c9817ba74eb4
                                                                                                                • Opcode Fuzzy Hash: 8a5f17f97b46ee0c117c511b60e1b9ed27c4cae3393dbab8241c682be27f112b
                                                                                                                • Instruction Fuzzy Hash: 98014471A4030DAAEB10AB959C49FAEBBB4EB04724F20045AEE04E6140D6719E44CF91
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Process$CurrentWow64
                                                                                                                • String ID:
                                                                                                                • API String ID: 1905925150-0
                                                                                                                • Opcode ID: 0aa0ea3b6c5dc6ab2670e7846af124f83c0481e5546aa09b148c901784bad583
                                                                                                                • Instruction ID: 23338fcc4d12cc3e74d61f35dcb562ec3ece6b6549daf99c5ef4ed14cbda1fee
                                                                                                                • Opcode Fuzzy Hash: 0aa0ea3b6c5dc6ab2670e7846af124f83c0481e5546aa09b148c901784bad583
                                                                                                                • Instruction Fuzzy Hash: 5C519EB1F012299BDB14DBAAD855ABEB776FF85310F148169EC05E3204EB34AE018F91
                                                                                                                APIs
                                                                                                                • memcpy.NTDLL(?,75FF5059,00000050,?,?), ref: 05874826
                                                                                                                • memcpy.NTDLL(?,?,00000050,?,?,75FF5059,?,?,75FF5059,00000050,?,?), ref: 0587484F
                                                                                                                • memcpy.NTDLL(?,?,00000050,?,?,?,?,?,75FF5059,?), ref: 058748D2
                                                                                                                  • Part of subcall function 0587523B: memcpy.NTDLL(75FF5059,?,00000050,?,?,?,?), ref: 05875277
                                                                                                                • memcpy.NTDLL(?,?,00000050,?,?,?,?,?,?,?), ref: 0587495F
                                                                                                                • memcpy.NTDLL(?,?,00000050,?,?,00000050,?,?,?,?,?,?,?), ref: 0587496F
                                                                                                                • memset.NTDLL ref: 058749D7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 438689982-0
                                                                                                                • Opcode ID: 2a40aed6564ea5a5dc841ec16e2e84616b428593d6d3881228a56a54bd61b155
                                                                                                                • Instruction ID: 61bf011b5261ee142baff4fad81b8475e7c22f7f28272be1cc02185727b0c89c
                                                                                                                • Opcode Fuzzy Hash: 2a40aed6564ea5a5dc841ec16e2e84616b428593d6d3881228a56a54bd61b155
                                                                                                                • Instruction Fuzzy Hash: D051807291021CAADF51EFA4CC88EDE777DAF09240F4445A1BA0CE6010DB35EF999F91
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • strchr.NTDLL ref: 058556D2
                                                                                                                • memset.NTDLL ref: 05855753
                                                                                                                • strchr.NTDLL ref: 0585576B
                                                                                                                • memcpy.NTDLL(?,00000000,-00000001,?,00000000,?,05856B49,?), ref: 058557C6
                                                                                                                  • Part of subcall function 0585563E: isalnum.NTDLL ref: 05855646
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heapstrchr$AllocateProcessisalnummemcpymemset
                                                                                                                • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                                                                • API String ID: 1815315571-1713319389
                                                                                                                • Opcode ID: dadfea88eedee5510010b8db2815b0256021d7855073898982a5fbe21712ae5f
                                                                                                                • Instruction ID: 421260be35f239f23621540266cd3fbd04f95d4cabb164e012afa0dc0f97f4e9
                                                                                                                • Opcode Fuzzy Hash: dadfea88eedee5510010b8db2815b0256021d7855073898982a5fbe21712ae5f
                                                                                                                • Instruction Fuzzy Hash: 1A511AB2D04298AFDF018FA9C4917EEBBB5EF55320F158099DD94A7342D2349B0ACB51
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: isprintisspace$tolower
                                                                                                                • String ID:
                                                                                                                • API String ID: 2599356591-0
                                                                                                                • Opcode ID: fa0e54cfc6b4dd6cfd8cfcf6247037621b3ae2dd8b47fa335b5e109ae37f7dcb
                                                                                                                • Instruction ID: 50aa45ca51b99c88c22f124510f7f00849cf1506a89ec0a0b48f4511a42d9751
                                                                                                                • Opcode Fuzzy Hash: fa0e54cfc6b4dd6cfd8cfcf6247037621b3ae2dd8b47fa335b5e109ae37f7dcb
                                                                                                                • Instruction Fuzzy Hash: 6D41F329209B8A8EEB12CF3D84547B67FD9AF52254F1800E9DCC2CB292D675CC55C7A1
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: _snprintfmemcpy
                                                                                                                • String ID: %s (%s)$LibVNCServer 0.9.9 - Modified by PVV$unknown
                                                                                                                • API String ID: 4101084087-3779504064
                                                                                                                • Opcode ID: 3db1d7f17065faec7fe7a2cb92c794c698ec103815aa3f8e2c107c5aa2401aa8
                                                                                                                • Instruction ID: 937f48aadde81a4fde2e81a30f7bc7d44f3a8b3829e01d6ede44911ad8436404
                                                                                                                • Opcode Fuzzy Hash: 3db1d7f17065faec7fe7a2cb92c794c698ec103815aa3f8e2c107c5aa2401aa8
                                                                                                                • Instruction Fuzzy Hash: D041B335A0474A8FCB15CF28C899EE6B7F6FF45304F0885E5CC5ADB211E675DA4A8B80
                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(0010043A,00000000,?,?,00000001,?,?,?,?,?,0583F12B,?,?,?,?,?), ref: 05842A8D
                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,0583F12B,?,?,?,?,?), ref: 05842AAB
                                                                                                                • memcpy.NTDLL(00000000,05800000,?,?,?,?,?,0583F12B,?,?,?,?,?), ref: 05842AC5
                                                                                                                  • Part of subcall function 0583EE10: OpenProcess.KERNEL32(00000400,00000000,?,05800000,000000F8,00000000,?,00000000,000000F8,?,0583F12B), ref: 0583EE33
                                                                                                                  • Part of subcall function 0583EE10: GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,0583F12B,?,?,?), ref: 0583EE50
                                                                                                                  • Part of subcall function 0583EE10: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,0583F12B,?,?,?,?,?), ref: 0583EE63
                                                                                                                  • Part of subcall function 05842840: lstrcmpA.KERNEL32(058B83B8,?,000000F8,00000000,05842AF6,?,00000000,?,00000000,000000F8,?,0583F12B), ref: 05842867
                                                                                                                • VirtualFree.KERNEL32(?,?,00008000,?,?,?,?,?,?,0583F12B), ref: 05842BAA
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,0583F12B,?,?,?,?,?), ref: 05842BB5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Process$CloseHandleOpenVirtual$AllocFreeTimeslstrcmpmemcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 4137130289-0
                                                                                                                • Opcode ID: 4877c92c76ae3ea40c9ad8fcb52c76cde0bd3ac0a14bde51dd5a667454b7a7aa
                                                                                                                • Instruction ID: 6a8021cb82dde47fe84a2cc2ab20256c3f115183212099c5d3b53b989da012ac
                                                                                                                • Opcode Fuzzy Hash: 4877c92c76ae3ea40c9ad8fcb52c76cde0bd3ac0a14bde51dd5a667454b7a7aa
                                                                                                                • Instruction Fuzzy Hash: E9414CB9608305AFE710DF59CC84D6BB7E9FB88224F04891DFD4A97241D630EC048FA2
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5c5fd5fd387db935e2b0022b7aa64541ac56ffbb9ff9fe287d4d3fbcc826924a
                                                                                                                • Instruction ID: 3678fec74b9cb83a542a71c69f11b276f7dd1648c61cb7eebee4795c8d3287c0
                                                                                                                • Opcode Fuzzy Hash: 5c5fd5fd387db935e2b0022b7aa64541ac56ffbb9ff9fe287d4d3fbcc826924a
                                                                                                                • Instruction Fuzzy Hash: 8F413376504709AADB61DA78CC84EE773EDBF04364F044A19FD6BC2150EB30FA598B61
                                                                                                                APIs
                                                                                                                • memcpy.NTDLL(?,05853081,00000004,?,00000000,00000000), ref: 05852B9D
                                                                                                                • memcpy.NTDLL(?,05853086,F5FE8314,?,00000000,00000000), ref: 05852BF0
                                                                                                                • memcpy.NTDLL(058C1C08,05853085,00000004,?,00000000,00000000), ref: 05852C1D
                                                                                                                • inet_pton.WS2_32(00000002,058C1C08,05851B67), ref: 05852C2F
                                                                                                                • htons.WS2_32(F6330775), ref: 05852C3A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$htonsinet_pton
                                                                                                                • String ID:
                                                                                                                • API String ID: 2368498052-0
                                                                                                                • Opcode ID: 0673bdae3d1247ace02ac6ed86a0726e03415b66ae176cacb9d664de59d71fe1
                                                                                                                • Instruction ID: c05ed93071cfe05976337d62bfc3d70f60b4bdc472e1cc52ddc19ae71922b0ea
                                                                                                                • Opcode Fuzzy Hash: 0673bdae3d1247ace02ac6ed86a0726e03415b66ae176cacb9d664de59d71fe1
                                                                                                                • Instruction Fuzzy Hash: 82311979504609BADB10DF548848FFB77BCAB14320F00455AED93D6081EB34DE48CBA6
                                                                                                                APIs
                                                                                                                • _chkstk.NTDLL(?,05867C32,00000000,?,?), ref: 05867742
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                  • Part of subcall function 05855F12: memcpy.NTDLL(?,?,?,?,00000000,?,ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e,00000038,?,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg,?,?,0585BFD1,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg,058EDBC4), ref: 05855F4A
                                                                                                                  • Part of subcall function 05855F12: memcpy.NTDLL(?,058766D8,00000048,?,?,?,?,00000000,?,ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e,00000038,?,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg), ref: 05855F5A
                                                                                                                  • Part of subcall function 05855F12: memcpy.NTDLL(?,05876720,00001000,?,058766D8,00000048,?,?,?,?,00000000,?,ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e,00000038,?), ref: 05855F6D
                                                                                                                  • Part of subcall function 05861784: memset.NTDLL ref: 058616FE
                                                                                                                • strlen.NTDLL ref: 05867807
                                                                                                                • strlen.NTDLL ref: 05867827
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$Heapstrlen$AllocateProcess_chkstkmemset
                                                                                                                • String ID: %ws$%ws %ws
                                                                                                                • API String ID: 4221223490-1054722811
                                                                                                                • Opcode ID: c29bdc739e9462868a10b99fa9200d86824a305ba6bbb596f8a8d75239d7fddb
                                                                                                                • Instruction ID: 6157c3127b902f4807e61ed23ccb12ab354cf8134a59efa49ffdc4c6c6426dce
                                                                                                                • Opcode Fuzzy Hash: c29bdc739e9462868a10b99fa9200d86824a305ba6bbb596f8a8d75239d7fddb
                                                                                                                • Instruction Fuzzy Hash: 5431A571A00348BEDB11ABA9CC89FFF7B78EF45718F004069ED15E6241DA749E41CBA6
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05842F70: _stricmp.NTDLL(00000000,00000000,Function_0004B59A,?,00000000,?,?,?,05847B8C,?,?,05843EB6,connection), ref: 05842FB2
                                                                                                                • EnterCriticalSection.KERNEL32(058F1794,?,00000000,?,?,00000000,00000000,00000000), ref: 05843D09
                                                                                                                • LeaveCriticalSection.KERNEL32(058F1794,00000000,?,00000000), ref: 05843D33
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeave_stricmp
                                                                                                                • String ID: Content-Encoding$Content-Length$Transfer-Encoding
                                                                                                                • API String ID: 1697614634-1576297316
                                                                                                                • Opcode ID: 841065613abe4a721016b2759baaeb29acc073256270e392258e11fc93d886e7
                                                                                                                • Instruction ID: 9841baab902f9a728a76aa43b854dd0294a5bcf5c2db57e18f099e55ca97ce22
                                                                                                                • Opcode Fuzzy Hash: 841065613abe4a721016b2759baaeb29acc073256270e392258e11fc93d886e7
                                                                                                                • Instruction Fuzzy Hash: 8A316235B006089BCB14EBADD8999FEB7B9EF58215F400159FE06E3250DF205D49CAE2
                                                                                                                APIs
                                                                                                                • memcpy.NTDLL(05851B67,058C1C28,00000004,?,05851B67,?,058C1C08,05851B67,?,?,058C1C08,?), ref: 05852D0A
                                                                                                                • getsockopt.WS2_32(058C1C08,0000FFFF,00001007,?,?), ref: 05852D3D
                                                                                                                • memcpy.NTDLL(?,058C1C28,00000004), ref: 05852D81
                                                                                                                • memcpy.NTDLL(00000002,058C1BEA,00000002,?,058C1C28,00000004), ref: 05852D90
                                                                                                                • memcpy.NTDLL(?,?,0000000A), ref: 05852DA4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$getsockopt
                                                                                                                • String ID:
                                                                                                                • API String ID: 2968321401-0
                                                                                                                • Opcode ID: 0514e886b18ac3071ad8ead289a1e6e890cc47e9217939e120cf9601b7bd30ea
                                                                                                                • Instruction ID: 131d11a3782481ed84f7741cad00cc1b6a8ea799673ea6f6d7a9b59d2e25fac4
                                                                                                                • Opcode Fuzzy Hash: 0514e886b18ac3071ad8ead289a1e6e890cc47e9217939e120cf9601b7bd30ea
                                                                                                                • Instruction Fuzzy Hash: 2431B676A0034DAADF10DF98C884EFABBB8BF55321F10016AEE45E7151E670EA44CBD1
                                                                                                                APIs
                                                                                                                • lstrcpynW.KERNEL32(?,?,00000104,058580AE,?,?,00000001), ref: 0585BD9E
                                                                                                                • lstrlenW.KERNEL32(058580AE,?), ref: 0585BDCF
                                                                                                                • lstrlenW.KERNEL32(?), ref: 0585BDDB
                                                                                                                • lstrcatW.KERNEL32(?,058580AE), ref: 0585BDEE
                                                                                                                • lstrcpynW.KERNEL32(?,058580AE,00000104,?,?,00000001), ref: 0585BE1A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: lstrcpynlstrlen$lstrcat
                                                                                                                • String ID:
                                                                                                                • API String ID: 1337986084-0
                                                                                                                • Opcode ID: cb03f8c01da6c0dc0758e9a7924c0669a02ed9361f4e158d4743c042d5c798ab
                                                                                                                • Instruction ID: cb41ee84644dc5554ce6bbd6eb144b54273fe8a58b542ef0e894224ce7239f14
                                                                                                                • Opcode Fuzzy Hash: cb03f8c01da6c0dc0758e9a7924c0669a02ed9361f4e158d4743c042d5c798ab
                                                                                                                • Instruction Fuzzy Hash: 4731B0B5500308ABCF20ABA9C889BBA73ADBF24366F184465EE47D7041E734DE40CB60
                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 05863485
                                                                                                                • memset.NTDLL ref: 05863492
                                                                                                                • memcpy.NTDLL(?,00000000,00000010,?,00000000,00000011,?,00000000,00000011,00000000,00000000), ref: 058634A1
                                                                                                                • memcpy.NTDLL(?,00000000,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},00000026,00000010,?,?,?,?,?,?,?,00000000,00000000), ref: 058634C2
                                                                                                                Strings
                                                                                                                • {66FC1451-ED27-40BE-95A1-9AB6A43B0723}, xrefs: 058634AD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpymemset
                                                                                                                • String ID: {66FC1451-ED27-40BE-95A1-9AB6A43B0723}
                                                                                                                • API String ID: 1297977491-2914161000
                                                                                                                • Opcode ID: 9d85a8cf84fbefa33b46e44cb9925cbe8afec8fdeb2921075689642efe6494a6
                                                                                                                • Instruction ID: 9c0c2c6d9406b2a5ed0fa725883e0ad57417c628f58d4a45c5b2ebcbb3771d2f
                                                                                                                • Opcode Fuzzy Hash: 9d85a8cf84fbefa33b46e44cb9925cbe8afec8fdeb2921075689642efe6494a6
                                                                                                                • Instruction Fuzzy Hash: 49215372B502196AEF11E668DD99FEE736D9F44350F500865EE05F7080FE70AF84CA62
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • kafwDadfcx__a_dwfDSwS, xrefs: 0586B8B9, 0586B8BE, 0586B8CD, 0586B8CE
                                                                                                                • From: "%s"<%s>To: "%s"<%s>Subject: %sMIME-Version:1.0Content-Type:multipart/mixed;boundary="%s"--%sContent-Type: text/plain; charset="utf-8"%s--%s, xrefs: 0586B8E6
                                                                                                                • An Email, xrefs: 0586B8CF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memset
                                                                                                                • String ID: An Email$From: "%s"<%s>To: "%s"<%s>Subject: %sMIME-Version:1.0Content-Type:multipart/mixed;boundary="%s"--%sContent-Type: text/plain; charset="utf-8"%s--%s$kafwDadfcx__a_dwfDSwS
                                                                                                                • API String ID: 2221118986-1602922942
                                                                                                                • Opcode ID: 3ac94be6490f7ff5b7f61aa53d9223c8f05d6b897eb5008625bef8503431b27a
                                                                                                                • Instruction ID: 93a04681708feb460924287d3b298693bb90418f872f107618916c6218a3e9a4
                                                                                                                • Opcode Fuzzy Hash: 3ac94be6490f7ff5b7f61aa53d9223c8f05d6b897eb5008625bef8503431b27a
                                                                                                                • Instruction Fuzzy Hash: 00214F71A0021CABEF14EEA4CC46FEE77BDEF44245F400059FE49EA180E675AD588B96
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05861F03: abs.NTDLL ref: 05861F9B
                                                                                                                  • Part of subcall function 05861F03: DeleteObject.GDI32(00000000), ref: 05861FB6
                                                                                                                  • Part of subcall function 05861F03: CreateDIBSection.GDI32(058EDC68,00000000,058EE09C,00000000,00000000,00000000), ref: 05861FD5
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 05861955
                                                                                                                • BitBlt.GDI32(?,00000000,?,00000000,?,00000000,00CC0020,?,058588FE), ref: 0586197C
                                                                                                                • SelectObject.GDI32(00000000), ref: 0586198D
                                                                                                                • SelectObject.GDI32(00000000), ref: 0586199F
                                                                                                                • GetDIBits.GDI32(00000000,00000000,?,058EDC68,00000000,?,058588FE), ref: 058619BD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Object$Select$BitsCreateDeleteSection
                                                                                                                • String ID:
                                                                                                                • API String ID: 1524447442-0
                                                                                                                • Opcode ID: f6df8e58c3e8e5b2628a5f1cfe5b8ac9f56d330ab5aa7f22040b2dd032a91aef
                                                                                                                • Instruction ID: f43203bd3f1ee59eae954940b7ab193eb83f43ce99da2af94d1f507b1231d8f8
                                                                                                                • Opcode Fuzzy Hash: f6df8e58c3e8e5b2628a5f1cfe5b8ac9f56d330ab5aa7f22040b2dd032a91aef
                                                                                                                • Instruction Fuzzy Hash: BB219A32214145BFDF138F75EC0AE5A3F7BFB89350B044025FD089A221DA33A864EB60
                                                                                                                APIs
                                                                                                                • memcpy.NTDLL(00000008,Your viewer cannot handle required authentication methods,Your viewer cannot handle required authentication methods,?,?,00000000,05832187), ref: 058322AF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy
                                                                                                                • String ID: %s: %s$Your viewer cannot handle required authentication methods$rfbClientConnFailed("%s")$rfbClientConnFailed: write
                                                                                                                • API String ID: 3510742995-625126516
                                                                                                                • Opcode ID: cfba25fcf18de6220a4ffe9751b6853ab10d263e439303f9077b92b7fa8d4d2b
                                                                                                                • Instruction ID: 7348b863d91c8f06f193194fbe0abfe6e9ea862240e7d3d07563792c691abb4b
                                                                                                                • Opcode Fuzzy Hash: cfba25fcf18de6220a4ffe9751b6853ab10d263e439303f9077b92b7fa8d4d2b
                                                                                                                • Instruction Fuzzy Hash: 8C110C72B0060127EB00565D9C46AEABB9ADFC4216B084135FD09DB306FEB5ED16C6F6
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000000), ref: 05842051
                                                                                                                • ReadProcessMemory.KERNEL32(00000000,00000000,?,00000014,?), ref: 05842078
                                                                                                                • ReadProcessMemory.KERNEL32(00000000,?,?,000000E0,00000014), ref: 0584209C
                                                                                                                • VirtualFreeEx.KERNEL32(00000000,00000000,?,00004000,00000000), ref: 058420B7
                                                                                                                • VirtualFreeEx.KERNEL32(00000000,00000000,00000000,00008000), ref: 058420C6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Process$FreeMemoryReadVirtual$Current
                                                                                                                • String ID:
                                                                                                                • API String ID: 2408826894-0
                                                                                                                • Opcode ID: 107d6d8d988ab4f02efe8de9c3a9bef84fc74cd8581182fde918c8a914854120
                                                                                                                • Instruction ID: ebeefbdb2dab5cbcc19dff571198fdb7ec7861a0a7b60254a6a1e720b8b66ada
                                                                                                                • Opcode Fuzzy Hash: 107d6d8d988ab4f02efe8de9c3a9bef84fc74cd8581182fde918c8a914854120
                                                                                                                • Instruction Fuzzy Hash: 6D11C63121870AABD620C695DC85F7B77ECFB84A50F004618FD07C6180FBA1EC00CA66
                                                                                                                APIs
                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 05851C3E
                                                                                                                • strncpy.NTDLL ref: 05851C64
                                                                                                                • strchr.NTDLL ref: 05851C6C
                                                                                                                • atoi.NTDLL ref: 05851C7C
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,05851BD3,00000000,00000000,00000000), ref: 05851C95
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateStartupThreadatoistrchrstrncpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 211572970-0
                                                                                                                • Opcode ID: c1fe3809dd7bd9642557abcad8dc2e67ebf202e3522429ba0cc900345ca0010d
                                                                                                                • Instruction ID: 49e9c058ee90ac6c908467e6aeedd502ade8e936237c431ac4f0256d1f7d00f7
                                                                                                                • Opcode Fuzzy Hash: c1fe3809dd7bd9642557abcad8dc2e67ebf202e3522429ba0cc900345ca0010d
                                                                                                                • Instruction Fuzzy Hash: F201F9B16453186FD7116E759C8DFBA3A9CAB06355F000429FD8AEA140D9725C44CAA6
                                                                                                                APIs
                                                                                                                • socket.WS2_32(00000002,00000001,00000006), ref: 058436C0
                                                                                                                • ioctlsocket.WS2_32 ref: 058436E0
                                                                                                                • htons.WS2_32(?), ref: 058436F9
                                                                                                                • connect.WS2_32(00000000,?,00000010), ref: 05843713
                                                                                                                  • Part of subcall function 05847080: __WSAFDIsSet.WS2_32(00000000,?), ref: 058470CE
                                                                                                                • closesocket.WS2_32(00000000), ref: 05843738
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: closesocketconnecthtonsioctlsocketsocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 3176789575-0
                                                                                                                • Opcode ID: b41051ce5afd3c96c680198b7e16834f33016a7a7eb71d656761d7a7e73c9c73
                                                                                                                • Instruction ID: f4ddb8f29abf47fecfac4cd77bc4ea830cdeca96713685adbaf6648607089cf9
                                                                                                                • Opcode Fuzzy Hash: b41051ce5afd3c96c680198b7e16834f33016a7a7eb71d656761d7a7e73c9c73
                                                                                                                • Instruction Fuzzy Hash: F401E5715146486BD6109F789C0EAAB7799EF44334F008B1AFD69C21D0FB70D854CBD2
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,0000DC44,00000000,00000000,771AF380), ref: 0583E6EC
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0583E6F5
                                                                                                                • Sleep.KERNEL32(00000032), ref: 0583E702
                                                                                                                • GetProcessHeap.KERNEL32(00000000,0000DC44), ref: 0583E70F
                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 0583E712
                                                                                                                • memcpy.NTDLL(00000000,058A99F8,0000DC44), ref: 0583E725
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocProcess$Sleepmemcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 423069818-0
                                                                                                                • Opcode ID: 2ac2d8f9b4fa137594bc27788a84af370458a190e9b473998e1bd4c629e36b6f
                                                                                                                • Instruction ID: 924edb8a2453d708b86af2793dc1acf710f9fdc75cfce2256fd546eecfae7859
                                                                                                                • Opcode Fuzzy Hash: 2ac2d8f9b4fa137594bc27788a84af370458a190e9b473998e1bd4c629e36b6f
                                                                                                                • Instruction Fuzzy Hash: 2B012B3278431423E714B6AD8C4AF5ABA9CAF80B51F100211FE08EB2C0DEE0DD00C6E5
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0584839C
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 058483A3
                                                                                                                • htons.WS2_32(?), ref: 058483B1
                                                                                                                • shutdown.WS2_32(?,00000002), ref: 058483C8
                                                                                                                • closesocket.WS2_32(?), ref: 058483CF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$FreeProcessclosesockethtonsshutdown
                                                                                                                • String ID:
                                                                                                                • API String ID: 1917777758-0
                                                                                                                • Opcode ID: 81062be3c0971dc09ca9e483f81eb37abe7b1d17be87977855725b35c1686cc8
                                                                                                                • Instruction ID: 160a212d54f93f5d238c080ae8a6e00071c85a7a95d2199c48beb16d539f385d
                                                                                                                • Opcode Fuzzy Hash: 81062be3c0971dc09ca9e483f81eb37abe7b1d17be87977855725b35c1686cc8
                                                                                                                • Instruction Fuzzy Hash: B90108B5A10308AFC714DFA9D889D6BBBB8FB8D710B408599F959D7211D734EC01CBA1
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: isspace$memmovestrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1856428949-0
                                                                                                                • Opcode ID: c6c5d04d92591460397ef82316738b515c04c9852671c0ff8fe3bdbdb7e310ba
                                                                                                                • Instruction ID: 1cfe8008d92154812678447519d7349572ba5485e425be851737cdc9ff08403f
                                                                                                                • Opcode Fuzzy Hash: c6c5d04d92591460397ef82316738b515c04c9852671c0ff8fe3bdbdb7e310ba
                                                                                                                • Instruction Fuzzy Hash: 53F0B446708BA72AD72352BD0CCCB3B6ECCAFDA072F58016AEC84D5040D669DD42C7A3
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0585BC90: memset.NTDLL ref: 0585BCAC
                                                                                                                • htonl.WS2_32 ref: 0583146D
                                                                                                                • GetComputerNameA.KERNEL32 ref: 058314BC
                                                                                                                Strings
                                                                                                                • WARNING: Width (%d) is not a multiple of 4. VncViewer has problems with that., xrefs: 05831374
                                                                                                                • LibVNCServer, xrefs: 0583142E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ComputerNamehtonlmemset
                                                                                                                • String ID: LibVNCServer$WARNING: Width (%d) is not a multiple of 4. VncViewer has problems with that.
                                                                                                                • API String ID: 624574785-854315836
                                                                                                                • Opcode ID: 1ff2210c56cc7b0dbc3ecc9d6ac1aa298c748c5304c8a92f5bcf86d5a658133b
                                                                                                                • Instruction ID: bf01a2709a518cebf3ccae3404eac923bf4aa23763282a4207a2f75f3d6e3e84
                                                                                                                • Opcode Fuzzy Hash: 1ff2210c56cc7b0dbc3ecc9d6ac1aa298c748c5304c8a92f5bcf86d5a658133b
                                                                                                                • Instruction Fuzzy Hash: AE51BBB0906B448FC362CF2A84897C7FBE8BB19304F504A2ED9AE87211D7706648CF95
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 058659DC
                                                                                                                • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 058659FE
                                                                                                                  • Part of subcall function 058658AF: GetVersionExW.KERNEL32(?), ref: 058658CB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProcVersion
                                                                                                                • String ID: RtlGetVersion$ntdll.dll
                                                                                                                • API String ID: 3310240892-1489217083
                                                                                                                • Opcode ID: 3f10c03916b003a7d0a1f73685fed8bfac3b4a38aa60f31e1908dbc5975c9a80
                                                                                                                • Instruction ID: d8441ba65c236e6ec51bfbb34d2221e383d541505203ee70c5576d2a04ad49ce
                                                                                                                • Opcode Fuzzy Hash: 3f10c03916b003a7d0a1f73685fed8bfac3b4a38aa60f31e1908dbc5975c9a80
                                                                                                                • Instruction Fuzzy Hash: E4414874608358DFEF38CE21D895BBE7BA2FB02249F54419EEC46A6642D7308D84CF02
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05862529: CreateDirectoryW.KERNEL32(?,00000000,05862160,?,?,00000103,%s\%s\%s.%s,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},?,?,?,00000103,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723}), ref: 0586252F
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • GetLocalTime.KERNEL32(?), ref: 05853F39
                                                                                                                • Sleep.KERNEL32 ref: 05853F8E
                                                                                                                • ExitThread.KERNEL32 ref: 05853FB3
                                                                                                                Strings
                                                                                                                • %s\%d-%02d-%02d_%02d-%02d-%02d_%d.dat, xrefs: 05853F63
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateCreateDirectoryExitLocalProcessSleepThreadTime
                                                                                                                • String ID: %s\%d-%02d-%02d_%02d-%02d-%02d_%d.dat
                                                                                                                • API String ID: 2443286109-248006403
                                                                                                                • Opcode ID: 078a6aae55c7b0133d013e0815a86ad35f09b733859467f2921e17239d4838d6
                                                                                                                • Instruction ID: 526c828351207d2450e542c183f5092995d9c22f8812d10a37fdc75b6da9ffd8
                                                                                                                • Opcode Fuzzy Hash: 078a6aae55c7b0133d013e0815a86ad35f09b733859467f2921e17239d4838d6
                                                                                                                • Instruction Fuzzy Hash: 8A218271904318AEDB11AFA9DC4AABEBBBCAF04761F000455FD40E6180EF389D84DB61
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0583FE50: GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,0583E456,00000010,00000001,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FE85
                                                                                                                  • Part of subcall function 0583FE50: GetProcAddress.KERNEL32(00000000), ref: 0583FE8E
                                                                                                                  • Part of subcall function 0583FE50: GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,00000104,00000004,00000001,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FEB7
                                                                                                                  • Part of subcall function 0583FE50: GetProcAddress.KERNEL32(00000000), ref: 0583FEBA
                                                                                                                  • Part of subcall function 0583FE50: GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,058F1800,00000004,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FED4
                                                                                                                  • Part of subcall function 0583FE50: GetProcAddress.KERNEL32(00000000), ref: 0583FED7
                                                                                                                  • Part of subcall function 0583FE50: GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,?,00000004,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FF16
                                                                                                                  • Part of subcall function 0583FE50: GetProcAddress.KERNEL32(00000000), ref: 0583FF1D
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,0584493B,00000010,?,?,?,?,?,?,?,?,?,05844937,?), ref: 058434BA
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 058434C1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: RtlComputeCrc32$ntdll.dll
                                                                                                                • API String ID: 1646373207-1139399520
                                                                                                                • Opcode ID: ab8fbb3542a0b5dd3cc6e679aac9177bc3d1e7428a1c54e1ac14694f2f82a4c7
                                                                                                                • Instruction ID: 2fe5bea6c3deb6f8a7b9c149cc4c63db94337dba59d6cda94d4fb0721b7d8917
                                                                                                                • Opcode Fuzzy Hash: ab8fbb3542a0b5dd3cc6e679aac9177bc3d1e7428a1c54e1ac14694f2f82a4c7
                                                                                                                • Instruction Fuzzy Hash: BA019632B002089FCB08EF59ED4A9EEBBB9EF8D211F10C165ED09DB351D670AD00CA91
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0583FE50: GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,0583E456,00000010,00000001,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FE85
                                                                                                                  • Part of subcall function 0583FE50: GetProcAddress.KERNEL32(00000000), ref: 0583FE8E
                                                                                                                  • Part of subcall function 0583FE50: GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,00000104,00000004,00000001,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FEB7
                                                                                                                  • Part of subcall function 0583FE50: GetProcAddress.KERNEL32(00000000), ref: 0583FEBA
                                                                                                                  • Part of subcall function 0583FE50: GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,058F1800,00000004,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FED4
                                                                                                                  • Part of subcall function 0583FE50: GetProcAddress.KERNEL32(00000000), ref: 0583FED7
                                                                                                                  • Part of subcall function 0583FE50: GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,?,00000004,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FF16
                                                                                                                  • Part of subcall function 0583FE50: GetProcAddress.KERNEL32(00000000), ref: 0583FF1D
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,?,00000010,00000000), ref: 05845590
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 05845597
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: RtlComputeCrc32$ntdll.dll
                                                                                                                • API String ID: 1646373207-1139399520
                                                                                                                • Opcode ID: 6b2d95a2f4ee4caaac05c57f5880fc65a2dcb42651af6e12534dd544a778af4b
                                                                                                                • Instruction ID: e560138925a10e71759e47569d4d132fe5115ad10eeb07024910fed024685941
                                                                                                                • Opcode Fuzzy Hash: 6b2d95a2f4ee4caaac05c57f5880fc65a2dcb42651af6e12534dd544a778af4b
                                                                                                                • Instruction Fuzzy Hash: 17F04F716047049FD704AF55D84ED2ABBECEB89710F058469E91A9B372D671EC04CB90
                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(kernel32,BaseThreadInitThunk,0583E829,?,00000000), ref: 05841BFA
                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 05841C01
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: BaseThreadInitThunk$kernel32
                                                                                                                • API String ID: 1646373207-1937564914
                                                                                                                • Opcode ID: de6e37deba8fce53072eb213c7fbc940ed828cbe1eed977b24b4ef88937fed53
                                                                                                                • Instruction ID: ff732ded4de9c04e9b4740368ea8c110168c0a1f8101f317fd5aa02d109dccb7
                                                                                                                • Opcode Fuzzy Hash: de6e37deba8fce53072eb213c7fbc940ed828cbe1eed977b24b4ef88937fed53
                                                                                                                • Instruction Fuzzy Hash: EFF092B8660600CFC714CF56E49EE507FE5BB8C70174481AAEC0AC7321EA74A800CF10
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: htonsinet_ntoasprintf
                                                                                                                • String ID: %s:%d
                                                                                                                • API String ID: 3427704805-1029262843
                                                                                                                • Opcode ID: 0b922f55cacd4d9f10e590ccc8b605dd1422882eb8f049d5ad34f0d1533c12a3
                                                                                                                • Instruction ID: a58c40a594f32398fb9980478f4d6195ed25a5914b635da10dee0d5b2e176aa6
                                                                                                                • Opcode Fuzzy Hash: 0b922f55cacd4d9f10e590ccc8b605dd1422882eb8f049d5ad34f0d1533c12a3
                                                                                                                • Instruction Fuzzy Hash: E2D05B715106206BD7001795AC0E8777EBCEF445127000889FD95D7141E634FC54E7A0
                                                                                                                APIs
                                                                                                                • memcpy.NTDLL(?,?,00000002,00000000), ref: 05852A4B
                                                                                                                • memcpy.NTDLL(?,?,00000002,?,?,00000002,00000000), ref: 05852A65
                                                                                                                • strncpy.NTDLL ref: 05852A9A
                                                                                                                • strncpy.NTDLL ref: 05852AC9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpystrncpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 1306114417-0
                                                                                                                • Opcode ID: d0dee46a3986795958913601e97980fbc0418d164cfea6e84ff910ac06a0db62
                                                                                                                • Instruction ID: 4507b7f5c38c0da673cab0b3d223d3e0a4c578c321efd0de91471039c6ec6003
                                                                                                                • Opcode Fuzzy Hash: d0dee46a3986795958913601e97980fbc0418d164cfea6e84ff910ac06a0db62
                                                                                                                • Instruction Fuzzy Hash: C931A4768086589EDB21CA788C59FDB7BFC9F09324F1406C6DA6DE7182D930DB448F52
                                                                                                                APIs
                                                                                                                • _chkstk.NTDLL(?,05839FC2,?,00000000,00000000), ref: 0583ADD8
                                                                                                                • memcpy.NTDLL(00000094,?,?), ref: 0583B130
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: _chkstkmemcpy
                                                                                                                • String ID: %s: %s$rfbSendUpdateBuf: write
                                                                                                                • API String ID: 3042239697-3966518347
                                                                                                                • Opcode ID: 1d1a8922cce88b868d4c280a9cba9d649a8cd5c872227a831cce3cebd1d7a3fe
                                                                                                                • Instruction ID: fc1519e5ca4a3f2a94210258adfe860770a28f66dbb3817c0df7d458c1fb8154
                                                                                                                • Opcode Fuzzy Hash: 1d1a8922cce88b868d4c280a9cba9d649a8cd5c872227a831cce3cebd1d7a3fe
                                                                                                                • Instruction Fuzzy Hash: 87D190B1A04B449FDB15CF68C981BDABBF5BF88300F1484ADD89ED7342D674A941CBA1
                                                                                                                APIs
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00000000,771B2F30,0584596E,00000000,771ADF40,00000000,?,?,0583F3A8,?), ref: 0584551B
                                                                                                                • HeapReAlloc.KERNEL32(00000000,?,?,0583F3A8,?), ref: 0584551E
                                                                                                                • Sleep.KERNEL32(00000032,?,?,0583F3A8,?), ref: 0584552A
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,?,0583F3A8,?), ref: 05845534
                                                                                                                • HeapReAlloc.KERNEL32(00000000,?,?,0583F3A8,?), ref: 05845537
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocProcess$Sleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 207374558-0
                                                                                                                • Opcode ID: df51847a27e9c73b4a0c29fb0f11a4ec55a47f52ec8c0b0d7f41ede2eca622ce
                                                                                                                • Instruction ID: 15866a977b764637a7b976b6bb4ba1f9aace9ded72cbd8b7a7e17b6da5017896
                                                                                                                • Opcode Fuzzy Hash: df51847a27e9c73b4a0c29fb0f11a4ec55a47f52ec8c0b0d7f41ede2eca622ce
                                                                                                                • Instruction Fuzzy Hash: DED062713A565967E56057B35C8EF6B2E5DEB45A95F000404BD0DC5080EE60D904CA31
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • memcpy.NTDLL(000000A0,?,0000000C), ref: 0583D1F4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateProcessmemcpy
                                                                                                                • String ID: %s: %s$getBgColour: bpp %d?$rfbSendUpdateBuf: write
                                                                                                                • API String ID: 1874444438-1755319287
                                                                                                                • Opcode ID: 72a5f3fa9cc92c55d5f5f32c81c18e063fdd76f238921cc1fed9f1e192ad9a61
                                                                                                                • Instruction ID: 6f4889d047420ea05fe2f6c9009a7d53adf528e1ec9722b9e6db1e4ea37eff91
                                                                                                                • Opcode Fuzzy Hash: 72a5f3fa9cc92c55d5f5f32c81c18e063fdd76f238921cc1fed9f1e192ad9a61
                                                                                                                • Instruction Fuzzy Hash: F591BE71A05B058BD720CE7CDC85AAAB7E5EF88205F048569ED5EC7341E639F902CBA1
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • memcpy.NTDLL(00000000,?,?), ref: 0583DB94
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateProcessmemcpy
                                                                                                                • String ID: %s: %s$getBgColour: bpp %d?$rfbSendUpdateBuf: write
                                                                                                                • API String ID: 1874444438-1755319287
                                                                                                                • Opcode ID: 6f375b5c2b426b56c1d599e3200499429ea22d20eac71b717ada34243344dbac
                                                                                                                • Instruction ID: ff841303b998a32668cea4352140ce86e2fc8e4af2e932c148d8a023416bf583
                                                                                                                • Opcode Fuzzy Hash: 6f375b5c2b426b56c1d599e3200499429ea22d20eac71b717ada34243344dbac
                                                                                                                • Instruction Fuzzy Hash: A991BF72A05B058BD710CF7CCD85AAAB7E5EF84241F048569EC5EC7341E635F902CBA1
                                                                                                                APIs
                                                                                                                • memcpy.NTDLL(00000000,?,?), ref: 0583CD17
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                  • Part of subcall function 058369C0: send.WS2_32(?,02506857,?,00000000), ref: 05836A03
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateProcessmemcpysend
                                                                                                                • String ID: %s: %s$lzo deflation error: %d$rfbSendUpdateBuf: write
                                                                                                                • API String ID: 1191017421-1069452758
                                                                                                                • Opcode ID: 2511b5142d201dd529535b5cc6bffe3a9e77a175fbb720da5b1d7d2a5e590f9c
                                                                                                                • Instruction ID: e039c8d2d56797dcb6e2aeb2e72a02cf0064a938be6ec5abaafa8925cf342b28
                                                                                                                • Opcode Fuzzy Hash: 2511b5142d201dd529535b5cc6bffe3a9e77a175fbb720da5b1d7d2a5e590f9c
                                                                                                                • Instruction Fuzzy Hash: 2E91ADB1A04B058FD720CF38CD85AA6B7E6EF84205F14856DE85ED7241E679FE01CBA1
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: closesocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 2781271927-0
                                                                                                                • Opcode ID: cc3f8e70baac625b09e20f7f4c35afe77f10771bd03b0788205983d1921f36ce
                                                                                                                • Instruction ID: 537e83845b1faeeba6fb2117ce50ab2c7851dd853e1a08329da69799491ce5b4
                                                                                                                • Opcode Fuzzy Hash: cc3f8e70baac625b09e20f7f4c35afe77f10771bd03b0788205983d1921f36ce
                                                                                                                • Instruction Fuzzy Hash: D451C130104B058BD725CF38C8996E6B7A6FB95319F648A19D8ABCB294D736FC468680
                                                                                                                APIs
                                                                                                                • _chkstk.NTDLL(?,058439D1,00000000,00000001,?,00000000,?,00000000,?,00000000,00000001,?,00000000,00000000), ref: 05843758
                                                                                                                • WaitForSingleObject.KERNEL32(?,00000000), ref: 058437A6
                                                                                                                • select.WS2_32(00000000,?,00000000,00000000,00000000), ref: 058437DB
                                                                                                                • recv.WS2_32(?,?,00004000,00000000), ref: 05843819
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ObjectSingleWait_chkstkrecvselect
                                                                                                                • String ID:
                                                                                                                • API String ID: 2648677746-0
                                                                                                                • Opcode ID: caddacb4af3eff3503ef429612ce6fd8993c8489557ac8fe05714a76ec22ded3
                                                                                                                • Instruction ID: aa3afcc63102d51f87091da7ecd17ef4b588062d62551db87ea58444311a2dcd
                                                                                                                • Opcode Fuzzy Hash: caddacb4af3eff3503ef429612ce6fd8993c8489557ac8fe05714a76ec22ded3
                                                                                                                • Instruction Fuzzy Hash: 79417171A002199BDB20CF69DC89BAAB7E5FF48325F1086A5ED19DB280D770DD90CF90
                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 0586B1D9
                                                                                                                  • Part of subcall function 0586A3FF: strlen.MSVCRT ref: 0586A40A
                                                                                                                  • Part of subcall function 0586A184: _vsnprintf.MSVCRT ref: 0586A194
                                                                                                                  • Part of subcall function 0586A184: _vsnprintf.MSVCRT ref: 0586A1C9
                                                                                                                Strings
                                                                                                                • POST %s HTTP/1.1HOST: %sPragma: no-cacheConnection: closeAccept: */*User-Agent: %sContent-Type: application/octet-streamContent-Length: %d, xrefs: 0586B218
                                                                                                                • Mozilla/4.0(compatible;MSIE6.0;WindowsNT5.1), xrefs: 0586B1C0
                                                                                                                • GET %s HTTP/1.1HOST: %sPragma: no-cacheConnection: closeAccept: */*User-Agent: %s, xrefs: 0586B267
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: _vsnprintf$memsetstrlen
                                                                                                                • String ID: GET %s HTTP/1.1HOST: %sPragma: no-cacheConnection: closeAccept: */*User-Agent: %s$Mozilla/4.0(compatible;MSIE6.0;WindowsNT5.1)$POST %s HTTP/1.1HOST: %sPragma: no-cacheConnection: closeAccept: */*User-Agent: %sContent-Type: application/octet-streamContent-Length: %d
                                                                                                                • API String ID: 2164319037-2572017797
                                                                                                                • Opcode ID: 6b6c1844237ad450ca611cea6ab17a09684177613a9a51782e831c7ad329ca85
                                                                                                                • Instruction ID: b9963d025a82c759d798dfd7bf926b515a6d4fa4f5c78f42e4e8009ed88d7609
                                                                                                                • Opcode Fuzzy Hash: 6b6c1844237ad450ca611cea6ab17a09684177613a9a51782e831c7ad329ca85
                                                                                                                • Instruction Fuzzy Hash: B2312F72A10219ABCB14EBA8CC55EEEB37DAF54200F444559ED05E7190EF34AE48CBA2
                                                                                                                APIs
                                                                                                                • _chkstk.NTDLL(?,0585BF68,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg,?,00000000,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},00000000,?,00000001,?,?), ref: 058629BA
                                                                                                                  • Part of subcall function 05855F12: memcpy.NTDLL(?,?,?,?,00000000,?,ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e,00000038,?,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg,?,?,0585BFD1,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg,058EDBC4), ref: 05855F4A
                                                                                                                  • Part of subcall function 05855F12: memcpy.NTDLL(?,058766D8,00000048,?,?,?,?,00000000,?,ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e,00000038,?,?,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg), ref: 05855F5A
                                                                                                                  • Part of subcall function 05855F12: memcpy.NTDLL(?,05876720,00001000,?,058766D8,00000048,?,?,?,?,00000000,?,ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e,00000038,?), ref: 05855F6D
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • memcpy.NTDLL(00000000,?,00000000,ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e,00000038,00000001,?,00000000,?,?,0585BF68,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.cfg,?,00000000,C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723},00000000), ref: 058629FB
                                                                                                                • memset.NTDLL ref: 05862A25
                                                                                                                Strings
                                                                                                                • ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e, xrefs: 058629CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy$Heap$AllocateProcess_chkstkmemset
                                                                                                                • String ID: ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e
                                                                                                                • API String ID: 3379796992-249090663
                                                                                                                • Opcode ID: e3c476c67fbc0455e772bd5a5362092848bb7620d3ebd0f31d43a329cc658fee
                                                                                                                • Instruction ID: da5ae1efcd4e849c47b46503929103019288b9da9f262b6eaa332817864e7134
                                                                                                                • Opcode Fuzzy Hash: e3c476c67fbc0455e772bd5a5362092848bb7620d3ebd0f31d43a329cc658fee
                                                                                                                • Instruction Fuzzy Hash: 1A11A275A00258AFDB11AE988C84DEF7BACEF41390F100065FD05AB140EA709E05DB62
                                                                                                                APIs
                                                                                                                • memcpy.NTDLL(00000004,0583C752,0583C753,0583C752,00000000,No authentication mode is registered!,00000000,00000000), ref: 058321F3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy
                                                                                                                • String ID: %s: %s$rfbClientSendString("%s")$rfbClientSendString: write
                                                                                                                • API String ID: 3510742995-3448006018
                                                                                                                • Opcode ID: ab7be54d5a38026946e52deb2091c8743dcb853c76180f0b1721e703d55f3740
                                                                                                                • Instruction ID: fea8fd02b5bd5efafdb23c41151a8b934a68c51ef554c47f5d925646d94edd0f
                                                                                                                • Opcode Fuzzy Hash: ab7be54d5a38026946e52deb2091c8743dcb853c76180f0b1721e703d55f3740
                                                                                                                • Instruction Fuzzy Hash: 121129737002052BEB085A6DEC4ADAABB9EDEC42117048125FD09C7206FE75FD0587F6
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(058ED68C,0585803F,00000000,?,0585418C,00000000,00000005,000003E8,00000001,00000000,00000001,00000000,000003E8,00000000,00000005,00000000), ref: 05854064
                                                                                                                  • Part of subcall function 05853FD7: strchr.NTDLL ref: 0585402C
                                                                                                                  • Part of subcall function 05853DD3: memcpy.NTDLL(c6a441f5,00000000,00000008,00000000,00000000), ref: 05853E49
                                                                                                                • LeaveCriticalSection.KERNEL32(058ED68C), ref: 05854096
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,05853E9F,00000000,00000000,058ED6B0), ref: 058540C4
                                                                                                                • WaitForSingleObject.KERNEL32(000000FF), ref: 058540FD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$CreateEnterLeaveObjectSingleThreadWaitmemcpystrchr
                                                                                                                • String ID:
                                                                                                                • API String ID: 3912957640-0
                                                                                                                • Opcode ID: 15edd47fc3cef2a25065f56899fb3fca4ad0e7b385414e105b0c607be4d7c4b2
                                                                                                                • Instruction ID: 8fb83acad43edb4b7f29e434d6e801e35011966291857d9eb2f60dbc55b71dc4
                                                                                                                • Opcode Fuzzy Hash: 15edd47fc3cef2a25065f56899fb3fca4ad0e7b385414e105b0c607be4d7c4b2
                                                                                                                • Instruction Fuzzy Hash: 8A1194B551A345DFCB10BF25A88A4173FB8BB06321704052EFC4EDA225DF71E8888F91
                                                                                                                APIs
                                                                                                                • memset.NTDLL ref: 0583E442
                                                                                                                  • Part of subcall function 0583FE50: GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,0583E456,00000010,00000001,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FE85
                                                                                                                  • Part of subcall function 0583FE50: GetProcAddress.KERNEL32(00000000), ref: 0583FE8E
                                                                                                                  • Part of subcall function 0583FE50: GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,00000104,00000004,00000001,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FEB7
                                                                                                                  • Part of subcall function 0583FE50: GetProcAddress.KERNEL32(00000000), ref: 0583FEBA
                                                                                                                  • Part of subcall function 0583FE50: GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,058F1800,00000004,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FED4
                                                                                                                  • Part of subcall function 0583FE50: GetProcAddress.KERNEL32(00000000), ref: 0583FED7
                                                                                                                  • Part of subcall function 0583FE50: GetModuleHandleA.KERNEL32(ntdll.dll,RtlComputeCrc32,00000000,?,00000004,?,0583E456,?,00000001,00000000,00000104,?), ref: 0583FF16
                                                                                                                  • Part of subcall function 0583FE50: GetProcAddress.KERNEL32(00000000), ref: 0583FF1D
                                                                                                                • memset.NTDLL ref: 0583E482
                                                                                                                • StringFromGUID2.OLE32(?,00000000,00000040,?,?,?,?,?,?,?), ref: 0583E497
                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000001,00000104,00000000,00000000,?,?,?,?,?,?,?), ref: 0583E4B7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc$memset$ByteCharFromMultiStringWide
                                                                                                                • String ID:
                                                                                                                • API String ID: 846226551-0
                                                                                                                • Opcode ID: 27c6519a85f79ba4831c818341e53ddddcb55e69b052d2c2d1033392fe87c13b
                                                                                                                • Instruction ID: 96f89c5674643116719bf058e424677e63a2a17ec2b1ecace0243c1efd4eeb5b
                                                                                                                • Opcode Fuzzy Hash: 27c6519a85f79ba4831c818341e53ddddcb55e69b052d2c2d1033392fe87c13b
                                                                                                                • Instruction Fuzzy Hash: 2E116175B40308AFDB10DF94CC49F9ABBB8AF49710F104295B71CBB2D0D6B0AA048F96
                                                                                                                APIs
                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,00000000,?,00000001,?,?,?,?,?,?,?,0583F0DA,?,00000000,?), ref: 0583E3A4
                                                                                                                • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0583F0DA,?,00000000,?), ref: 0583E3C1
                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,0583F0DA,?,00000000,?,?,?), ref: 0583E3C9
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,0583F0DA,?,00000000,?,?,?), ref: 0583E3D0
                                                                                                                  • Part of subcall function 0583FFA0: StringFromGUID2.OLE32(?,?,00000040,00000000), ref: 0583FFE8
                                                                                                                  • Part of subcall function 0583FFA0: GlobalFindAtomW.KERNEL32(?), ref: 0583FFF5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Process$AtomCloseErrorFindFromGlobalHandleLastOpenStringTimes
                                                                                                                • String ID:
                                                                                                                • API String ID: 2260662780-0
                                                                                                                • Opcode ID: 80afde44fa08698c2fbb860023de2246b33e4a3be44791d02ab76cac1afb56bb
                                                                                                                • Instruction ID: 4ef3c99bc2225dcdb886e46e62efa7bca81fc213c89bb07da81613dc78799b23
                                                                                                                • Opcode Fuzzy Hash: 80afde44fa08698c2fbb860023de2246b33e4a3be44791d02ab76cac1afb56bb
                                                                                                                • Instruction Fuzzy Hash: 60F0C837A0551CA7C7119A99EC89DDFBB7CEB88611F404156FE09E3140EA31ED0547F1
                                                                                                                APIs
                                                                                                                • socket.WS2_32(00000002,00000001,00000000), ref: 05851712
                                                                                                                • htons.WS2_32(?), ref: 05851732
                                                                                                                • htonl.WS2_32(00000000), ref: 0585173E
                                                                                                                • closesocket.WS2_32(00000000), ref: 05851762
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: closesockethtonlhtonssocket
                                                                                                                • String ID:
                                                                                                                • API String ID: 1591171468-0
                                                                                                                • Opcode ID: a29458c9a30a3d7b342bec5db0b6d93dbd9ab7c8e759ececd8b1d67d9ae10391
                                                                                                                • Instruction ID: c95632c7775aa27e78f80b215884c889653369801ea7e9d4e9453196cb04d69a
                                                                                                                • Opcode Fuzzy Hash: a29458c9a30a3d7b342bec5db0b6d93dbd9ab7c8e759ececd8b1d67d9ae10391
                                                                                                                • Instruction Fuzzy Hash: 00F0AF36214B0166EA10177DA80EF2B6AE5EF81730F20450EFDA4C61C8EF70D840C716
                                                                                                                APIs
                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,00000000,00000000,05866F7D,?,00000000,00000000), ref: 05866F07
                                                                                                                • CloseHandle.KERNEL32 ref: 05866F19
                                                                                                                • CloseHandle.KERNEL32 ref: 05866F21
                                                                                                                • Sleep.KERNEL32(00001388), ref: 05866F34
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle$ProcessSleepTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 2417299260-0
                                                                                                                • Opcode ID: 3601b47597067635733bf163b49cab030d87a304611051d10083206915ce9cfd
                                                                                                                • Instruction ID: cd4d0e265bebfd9070a95f74c6fe458d845c85bb612b5df1d4364db618af5233
                                                                                                                • Opcode Fuzzy Hash: 3601b47597067635733bf163b49cab030d87a304611051d10083206915ce9cfd
                                                                                                                • Instruction Fuzzy Hash: 1DF0E4B153A255DF9710AF66BC8FC053FE8B608254754842AF946D2142CB30A8448B91
                                                                                                                APIs
                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,00003000,00000040,0583F0FB,00000000,?,?,05842C38), ref: 058420FB
                                                                                                                • VirtualAllocEx.KERNEL32(00000000,?,?,05842C38), ref: 05842102
                                                                                                                • GetCurrentProcess.KERNEL32(10000000,00000000,?,?,?,?,05842C38), ref: 05842119
                                                                                                                • ReadProcessMemory.KERNEL32(00000000,?,?,05842C38), ref: 05842120
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Process$Current$AllocMemoryReadVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 524981487-0
                                                                                                                • Opcode ID: 332514ddd07e2cc40892cfd6e364577babb114b4b8f5cfe09965f4c85151ec48
                                                                                                                • Instruction ID: d3d6fff4f53049ac004712bdf4e28c1a0153e2d53c4ab2163699b2ed88c877b0
                                                                                                                • Opcode Fuzzy Hash: 332514ddd07e2cc40892cfd6e364577babb114b4b8f5cfe09965f4c85151ec48
                                                                                                                • Instruction Fuzzy Hash: D8F0827562561ABFD6509B95EC8DE677BACEB08651F000144FE15D7240EB60FC048BF0
                                                                                                                APIs
                                                                                                                • InitializeCriticalSection.KERNEL32(058EE1A0), ref: 0586297F
                                                                                                                  • Part of subcall function 0586674E: _vsnprintf.NTDLL ref: 05866763
                                                                                                                Strings
                                                                                                                • %s%s, xrefs: 0586299C
                                                                                                                • {66FC1451-ED27-40BE-95A1-9AB6A43B0723}, xrefs: 05862987
                                                                                                                • ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e, xrefs: 058629A3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CriticalInitializeSection_vsnprintf
                                                                                                                • String ID: %s%s$ed785b99cfd13c0c739ae03e1d951934ed785b99cfd13c0c739ae03e${66FC1451-ED27-40BE-95A1-9AB6A43B0723}
                                                                                                                • API String ID: 494593633-1067152647
                                                                                                                • Opcode ID: a376a61c4ab92f53604a75fcc42f75cdc23c22ba9190c32987d51c702d551d6a
                                                                                                                • Instruction ID: f58c8c6bd1a19fdb7a49fbe5ece0ac8b6a4bc332516ce335d8e6ce8b73095538
                                                                                                                • Opcode Fuzzy Hash: a376a61c4ab92f53604a75fcc42f75cdc23c22ba9190c32987d51c702d551d6a
                                                                                                                • Instruction Fuzzy Hash: DCE08670B80308EAF710F6A49C4BFB976BC9B14941F508090FD55E1180FEB4AE488A72
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: /tor/rendezvous2/%s$404 Not found
                                                                                                                • API String ID: 0-2191833329
                                                                                                                • Opcode ID: 56205c518088d4d9326b838f3cee1d3d61369ceca16fed1950a8743b0a54c008
                                                                                                                • Instruction ID: 4c7100b0fb793262f2c8dbb99df9a2536374aee8895d1e28d5e1636594f244a7
                                                                                                                • Opcode Fuzzy Hash: 56205c518088d4d9326b838f3cee1d3d61369ceca16fed1950a8743b0a54c008
                                                                                                                • Instruction Fuzzy Hash: 81615F71A10219DBCF14EFA8C9999EEB779BF54210F100129ED05EB290EF71AE05CB92
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID: default${66FC1451-ED27-40BE-95A1-9AB6A43B0723}
                                                                                                                • API String ID: 621844428-3554626239
                                                                                                                • Opcode ID: 9f8ca616de917108ccf5ba2c66d98447b47a15b33d58ce67d6aa63c77ebf8768
                                                                                                                • Instruction ID: 123cea9ce4e3c6cee810275202154c82240a912b5fa1db8e5575427de1b9aa08
                                                                                                                • Opcode Fuzzy Hash: 9f8ca616de917108ccf5ba2c66d98447b47a15b33d58ce67d6aa63c77ebf8768
                                                                                                                • Instruction Fuzzy Hash: EC41FCB29083A76DC700AF65880C976F7AAEF04655B008656EDE4D3442DB39FE11C7F2
                                                                                                                APIs
                                                                                                                • inet_addr.WS2_32(127.0.0.1), ref: 0583FBD6
                                                                                                                • SetLastError.KERNEL32(0000000D), ref: 0583FC43
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLastinet_addr
                                                                                                                • String ID: 127.0.0.1
                                                                                                                • API String ID: 1966490213-3619153832
                                                                                                                • Opcode ID: 414038d2e252ec4b57245073b84f79b6188760ae18b99f8a89d9c35f00b38661
                                                                                                                • Instruction ID: e253171da83420b46a6159e128bbc61c53f5e2fabe813053d2ddf12d0dd22cd8
                                                                                                                • Opcode Fuzzy Hash: 414038d2e252ec4b57245073b84f79b6188760ae18b99f8a89d9c35f00b38661
                                                                                                                • Instruction Fuzzy Hash: 1A21BE316083059BD710EF29D859AABB7E8EF95214F008529FD99C7290EA74DD09CBE2
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                • %04d-%02d-%02d %02d:%02d:%02d, xrefs: 0586FFB4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: _mkgmtimesscanf
                                                                                                                • String ID: %04d-%02d-%02d %02d:%02d:%02d
                                                                                                                • API String ID: 2310716036-4146437471
                                                                                                                • Opcode ID: 31b65ebb46ac077c6bbf0d333937c948bcd18aac3c40fe437b9cd36a05db6ffe
                                                                                                                • Instruction ID: 97b53e18d361b56e2eacfc64fc488c444525937b6f27a82e07a0414ade905dfe
                                                                                                                • Opcode Fuzzy Hash: 31b65ebb46ac077c6bbf0d333937c948bcd18aac3c40fe437b9cd36a05db6ffe
                                                                                                                • Instruction Fuzzy Hash: C8F01D7290410DAFDB01DAD4D949DEFB7FCEB48310F100267E942F2140EB71AA548BA1
                                                                                                                APIs
                                                                                                                • SHGetFolderPathAndSubDirW.SHELL32(00000000,0000001C,00000000,00000000,Packages,?), ref: 058583C9
                                                                                                                  • Part of subcall function 05858225: memset.NTDLL ref: 05858255
                                                                                                                  • Part of subcall function 05858225: FindFirstFileW.KERNEL32(?,?,?,?,?), ref: 0585826B
                                                                                                                  • Part of subcall function 05858225: FindNextFileW.KERNEL32(00000000,00000010), ref: 058582A3
                                                                                                                  • Part of subcall function 05858225: CloseHandle.KERNEL32(00000000), ref: 058582AE
                                                                                                                  • Part of subcall function 058582BA: memset.NTDLL ref: 058582EE
                                                                                                                  • Part of subcall function 058582BA: FindFirstFileW.KERNEL32(?,?,?,?,05877910), ref: 05858304
                                                                                                                  • Part of subcall function 058582BA: lstrcmpW.KERNEL32(05877914,?,?), ref: 05858328
                                                                                                                  • Part of subcall function 058582BA: lstrcmpW.KERNEL32(05877918,?), ref: 0585833A
                                                                                                                  • Part of subcall function 058582BA: lstrcmpW.KERNEL32(?,Cookies,?,?,?), ref: 0585836B
                                                                                                                  • Part of subcall function 058582BA: FindNextFileW.KERNEL32(00000000,?), ref: 05858394
                                                                                                                  • Part of subcall function 058582BA: CloseHandle.KERNEL32(00000000), ref: 058583A3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileFind$lstrcmp$CloseFirstHandleNextmemset$FolderPath
                                                                                                                • String ID: Microsoft.MicrosoftEdge_*$Packages
                                                                                                                • API String ID: 1562074240-2385754559
                                                                                                                • Opcode ID: 6def145842be3a31006c8a530a56f99e5bbfa6d956467c7f19fdcff5ee8009de
                                                                                                                • Instruction ID: 5bc7677ec1a383173492ab3bd4984c06d4d8c97314a9761cc25c542376026617
                                                                                                                • Opcode Fuzzy Hash: 6def145842be3a31006c8a530a56f99e5bbfa6d956467c7f19fdcff5ee8009de
                                                                                                                • Instruction Fuzzy Hash: 0DF0A0B2B0130C6ADB10E6B09C0AFF773ACAB04114F4008B2AE15D2141EAB8DEC48E61
                                                                                                                APIs
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                  • Part of subcall function 0586677D: _vsnwprintf.NTDLL ref: 05866792
                                                                                                                  • Part of subcall function 05862529: CreateDirectoryW.KERNEL32(?,00000000,05862160,?,?,00000103,%s\%s\%s.%s,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723},?,?,?,00000103,?,?,{66FC1451-ED27-40BE-95A1-9AB6A43B0723}), ref: 0586252F
                                                                                                                • SetCurrentDirectoryW.KERNEL32(00000000,?,?,?,00000104,058670AE), ref: 05866D5F
                                                                                                                  • Part of subcall function 05865649: GetProcessHeap.KERNEL32(00000000,00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865651
                                                                                                                  • Part of subcall function 05865649: RtlFreeHeap.NTDLL(00000000,?,058624AA,00000000,00000000,00000000,?,00000000,00000000,?,?,05855310,?,00000000), ref: 05865658
                                                                                                                Strings
                                                                                                                • %s\tv, xrefs: 05866D43
                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}, xrefs: 05866D3C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$DirectoryProcess$AllocateCreateCurrentFree_vsnwprintf
                                                                                                                • String ID: %s\tv$C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}
                                                                                                                • API String ID: 3352057496-45175492
                                                                                                                • Opcode ID: f4d33e87c1dde3ff3346bb34f8268f9bf284f950c97da0c0e7b10c8a0e672b97
                                                                                                                • Instruction ID: 56fa4789075f4aedcf453e7c61b9a7d45d4e8cf976b50c85201f345d48ec547b
                                                                                                                • Opcode Fuzzy Hash: f4d33e87c1dde3ff3346bb34f8268f9bf284f950c97da0c0e7b10c8a0e672b97
                                                                                                                • Instruction Fuzzy Hash: D3D05E71286B2036E60137396C0EC8F1AA88F43224F414040FE80A5181EE990D4285FB
                                                                                                                APIs
                                                                                                                • SetFileAttributesW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.exe,00000080,771B2EE0,058622A0), ref: 05866D08
                                                                                                                • DeleteFileW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.exe), ref: 05866D0F
                                                                                                                Strings
                                                                                                                • C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.exe, xrefs: 05866CF8, 05866CFD, 05866D0E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: File$AttributesDelete
                                                                                                                • String ID: C:\Users\user\AppData\Roaming\Microsoft\{66FC1451-ED27-40BE-95A1-9AB6A43B0723}\34fbdedc.exe
                                                                                                                • API String ID: 2910425767-1392003707
                                                                                                                • Opcode ID: 7cd53a5143c16a72c8fb9707c6bd6bc9c4aa366e5b32bbd6f0ba9e5ed7750ed5
                                                                                                                • Instruction ID: ba9a88f8b5520f1faf841c393840cad9e4353239913efd4de2a8e2fdc44bc207
                                                                                                                • Opcode Fuzzy Hash: 7cd53a5143c16a72c8fb9707c6bd6bc9c4aa366e5b32bbd6f0ba9e5ed7750ed5
                                                                                                                • Instruction Fuzzy Hash: CBC012350229289BDA412B46A81EBCA3E68EB0A310F004000B90A810429FB22804CFE4
                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(053E4670,?,?), ref: 058447B4
                                                                                                                  • Part of subcall function 05845200: EnterCriticalSection.KERNEL32(053E4690,?,?,?,058447D1,?), ref: 05845210
                                                                                                                  • Part of subcall function 05845200: LeaveCriticalSection.KERNEL32(053E4690,?,058447D1,?), ref: 05845230
                                                                                                                • LeaveCriticalSection.KERNEL32(053E4670,?), ref: 0584483C
                                                                                                                  • Part of subcall function 05846FD0: recv.WS2_32(00000000,00000000,?,00000000), ref: 05847033
                                                                                                                • EnterCriticalSection.KERNEL32(053E4640,?,?), ref: 0584485F
                                                                                                                • LeaveCriticalSection.KERNEL32(053E4640,?), ref: 058448BF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterLeave$recv
                                                                                                                • String ID:
                                                                                                                • API String ID: 424969092-0
                                                                                                                • Opcode ID: 4d17c35bf29873cc60598a70ee6e09e4c2adba4224f937522437d683f328bc3d
                                                                                                                • Instruction ID: 79525a89caca2d307011727687cd7650ab4972bd8efa214034967601c8aba71c
                                                                                                                • Opcode Fuzzy Hash: 4d17c35bf29873cc60598a70ee6e09e4c2adba4224f937522437d683f328bc3d
                                                                                                                • Instruction Fuzzy Hash: A1418075A10249ABDB10DF69D885AAEBBF5FF88304B008569FC16D3351EB31F945CB60
                                                                                                                APIs
                                                                                                                • memcpy.NTDLL(00000001,?,00000010,00000000,00000000,00000001,00000000,00000000), ref: 058551F0
                                                                                                                • memcpy.NTDLL(00000001,00000000,00000010,00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 05855201
                                                                                                                • memcpy.NTDLL(00000000,00000000,00000010,00000001,00000000,00000010,00000000,00000000,?,00000000,00000000,00000001,00000000,00000000), ref: 0585520F
                                                                                                                • memcpy.NTDLL(00000010,00000010,00000010,00000010,00000010,?,?,?,?,00000000,00000000,?,00000000,00000000,00000001,00000000), ref: 05855253
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: memcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3510742995-0
                                                                                                                • Opcode ID: 2034677bdf7f154cd2ac5c77eae8fe0d17d7ccbf79762738509eadd253d8f919
                                                                                                                • Instruction ID: 454e6924b36437df4471d247efb8d8d0eedde3ca3c0f52ffed3c318ef9cbe34d
                                                                                                                • Opcode Fuzzy Hash: 2034677bdf7f154cd2ac5c77eae8fe0d17d7ccbf79762738509eadd253d8f919
                                                                                                                • Instruction Fuzzy Hash: 4C317872A0030DAFDF40CEA8C844ABE77B9FF44324F848429EC19EA151E371DE548B51
                                                                                                                APIs
                                                                                                                  • Part of subcall function 058454D0: GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,0583E683,?,00000000), ref: 058454DB
                                                                                                                  • Part of subcall function 058454D0: RtlAllocateHeap.NTDLL(00000000), ref: 058454E4
                                                                                                                  • Part of subcall function 058454D0: Sleep.KERNEL32(00000032), ref: 058454F2
                                                                                                                  • Part of subcall function 058454D0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 058454FB
                                                                                                                  • Part of subcall function 058454D0: HeapAlloc.KERNEL32(00000000), ref: 058454FE
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,771ADF60,00000000,771AF380), ref: 05841CB5
                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,771ADF60,00000000,771AF380), ref: 05841CBC
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,771ADF60,00000000,771AF380), ref: 05841CC7
                                                                                                                • HeapFree.KERNEL32(00000000,?,771ADF60,00000000,771AF380), ref: 05841CCE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$Free$AllocAllocateSleep
                                                                                                                • String ID:
                                                                                                                • API String ID: 1143186419-0
                                                                                                                • Opcode ID: ad66a29a0dd6e332bf8a05cd7e349af2d239bd7d955fc90473107cd5d456eda9
                                                                                                                • Instruction ID: 998a8ab0ce93c2eb8919a1d25bca879c35f77783b95c8c91cf17f49364c3f9ef
                                                                                                                • Opcode Fuzzy Hash: ad66a29a0dd6e332bf8a05cd7e349af2d239bd7d955fc90473107cd5d456eda9
                                                                                                                • Instruction Fuzzy Hash: 13012271B4021867D7107B7D8C8EAAEBADCDB45620F000161FD18D7380EAB49C818AE2
                                                                                                                APIs
                                                                                                                • strchr.NTDLL ref: 05867D67
                                                                                                                • strlen.NTDLL ref: 05867D75
                                                                                                                  • Part of subcall function 05865632: GetProcessHeap.KERNEL32(00000000,00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 0586563A
                                                                                                                  • Part of subcall function 05865632: RtlAllocateHeap.NTDLL(00000000,?,05862461,?,00000000,?,?,05855310,?,00000000), ref: 05865641
                                                                                                                • memcpy.NTDLL(00000000,05857FB3,00000000,00000001,0585803F,?,0585803B,?,058680E7,0585803F,05857FB3,0585803F,00000001,?,0585803B,?), ref: 05867D94
                                                                                                                • atoi.NTDLL ref: 05867DA3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocateProcessatoimemcpystrchrstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 48725867-0
                                                                                                                • Opcode ID: 690571bab4ee507550c4c5480cdc7bb92c96fa8979b7c4e64a08c26e866cbc2d
                                                                                                                • Instruction ID: fafa92c69450fd3188fa35506b3ef270aa2d873a0153089e07ebb7432811a67e
                                                                                                                • Opcode Fuzzy Hash: 690571bab4ee507550c4c5480cdc7bb92c96fa8979b7c4e64a08c26e866cbc2d
                                                                                                                • Instruction Fuzzy Hash: 1101DF222053056ED3146669EC4EF7B6B9DEB412A8F10042AFD09E2081EA21AC00C7E3
                                                                                                                APIs
                                                                                                                  • Part of subcall function 0583E6D0: GetProcessHeap.KERNEL32(00000000,0000DC44,00000000,00000000,771AF380), ref: 0583E6EC
                                                                                                                  • Part of subcall function 0583E6D0: HeapAlloc.KERNEL32(00000000), ref: 0583E6F5
                                                                                                                  • Part of subcall function 0583E6D0: Sleep.KERNEL32(00000032), ref: 0583E702
                                                                                                                  • Part of subcall function 0583E6D0: GetProcessHeap.KERNEL32(00000000,0000DC44), ref: 0583E70F
                                                                                                                  • Part of subcall function 0583E6D0: HeapAlloc.KERNEL32(00000000), ref: 0583E712
                                                                                                                  • Part of subcall function 0583E6D0: memcpy.NTDLL(00000000,058A99F8,0000DC44), ref: 0583E725
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00000000,0583E86F,00000000), ref: 0583E7AF
                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,00000000,0583E86F,00000000), ref: 0583E7B6
                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00000000,0583E86F,00000000), ref: 0583E7C8
                                                                                                                • HeapFree.KERNEL32(00000000), ref: 0583E7CF
                                                                                                                  • Part of subcall function 058454D0: GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,0583E683,?,00000000), ref: 058454DB
                                                                                                                  • Part of subcall function 058454D0: RtlAllocateHeap.NTDLL(00000000), ref: 058454E4
                                                                                                                  • Part of subcall function 058454D0: Sleep.KERNEL32(00000032), ref: 058454F2
                                                                                                                  • Part of subcall function 058454D0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 058454FB
                                                                                                                  • Part of subcall function 058454D0: HeapAlloc.KERNEL32(00000000), ref: 058454FE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2509853911.0000000005830000.00000040.00001000.00020000.00000000.sdmp, Offset: 05830000, based on PE: true
                                                                                                                • Associated: 00000000.00000002.2509853911.00000000058ED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_5830000_Payload 94.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: Heap$Process$Alloc$FreeSleep$Allocatememcpy
                                                                                                                • String ID:
                                                                                                                • API String ID: 133134902-0
                                                                                                                • Opcode ID: 9ddb7ab37cfb2203f348f215b749fa7e8c2766f2001611f73d5bd1ad456c3a30
                                                                                                                • Instruction ID: be6e839a5e804db6041bd553495e23ef47d77a2ee8de54d23ade130081f6514c
                                                                                                                • Opcode Fuzzy Hash: 9ddb7ab37cfb2203f348f215b749fa7e8c2766f2001611f73d5bd1ad456c3a30
                                                                                                                • Instruction Fuzzy Hash: A601FCB161460867D7206BAD9C8EE6F7E9DEBC4661F140160FD1AC7240FD759D0186E2

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:100%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:3
                                                                                                                Total number of Limit Nodes:0

                                                                                                                Callgraph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                • Opacity -> Relevance
                                                                                                                • Disassembly available
                                                                                                                callgraph 0 Function_00007FF688411000

                                                                                                                Control-flow Graph

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000007.00000002.1278233130.00007FF688411000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF688410000, based on PE: true
                                                                                                                • Associated: 00000007.00000002.1278218453.00007FF688410000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.1278249107.00007FF688412000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000007.00000002.1278249107.00007FF688414000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_7_2_7ff688410000_GetX64BTIT.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$HandleWrite$AddressCloseCreateEnvironmentExitExpandModuleProcProcessStrings
                                                                                                                • String ID: %TEMP%\x64btit.txt$BaseThreadInitThunk$kernel32.dll
                                                                                                                • API String ID: 3699454366-2374728619
                                                                                                                • Opcode ID: 3b8da948e0aecb29268d9857143110106946b6f65c6ca35fd9b7bf7cff5dd6a7
                                                                                                                • Instruction ID: 21dd1bc78bdc83eb1bac68ed631e06f928a4ea14ca35bfafcc209d0867363c66
                                                                                                                • Opcode Fuzzy Hash: 3b8da948e0aecb29268d9857143110106946b6f65c6ca35fd9b7bf7cff5dd6a7
                                                                                                                • Instruction Fuzzy Hash: 3141672710D6D0C9C325CB75A4501AEBF70E79BB55F08415AEBD983B4ADE2CC258DF21